back to top

7 Questions Jeremy Hunt Must Answer On The NHS Ransomware Attack

Why didn't NHS Trusts patch their computers? Was a cancelled support contract a factor? What's he doing to make sure this doesn't happen again?

Posted on
Matt Cardy / Getty

Health secretary Jeremy Hunt has been under fire for failing to appear in public since more than 50 NHS Trusts in England and Scotland succumbed to a massive ransomware attack on Friday.

On Monday, Hunt finally emerged, giving a short statement to Sky News. But here are the key questions he has yet to address.

1. Why hadn't NHS Trusts updated their software?

The ransomware attack that hit the NHS was based on an exploit developed by the US National Security Agency that was leaked online last month.

As early as March, Microsoft had issued a "critical" free software update that would fix the vulnerability. If the update had been applied across the NHS, it would have stopped or at least curtailed the spread of the attack.

NHS Digital issued the update to trusts in England on 25 April, and sent an urgent message to IT staff to apply it on 27 April. Hunt should reveal why it took a month for these messages to be sent, and why some trusts had still not acted on the warnings by the time the attack hit two weeks later.

2. Was out-of-date NHS IT to blame?

There has been a lot of speculation that many of the affected NHS computers and devices were running Windows XP – an old operating system that is no longer supported by Microsoft. Why were so many NHS systems still running this out-of-date software?

3. Were warnings about using old software ignored?

Last year, the NHS data guardian issued a specific warning in her annual report about the dangers of using out-of-date software – mentioning this could lead to a cyberattack.

"There is significant use of software within the sector that is no longer supported by the manufacturer," said Dame Fiona Caldicott's report. "This means that security fixes are no longer produced, leaving systems exposed to common types of cyber-attack."

Hunt should explain what action has been taken in response to this warning and whether he considers that to have been sufficient.

4. Was a cancelled Windows XP support contract a factor in the spread of the attack?

Even when it stopped routinely supporting Windows XP, Microsoft continued to offer support for organisations still using the operating system – for a fee. The NHS paid for this service for several years, but scrapped it two years ago. Did this affect the spread of the attack, and was the decision a result of funding cuts?

5. What role, if any, did outside IT providers play in spreading the ransomware across NHS trusts?

The NHS was just one of dozens of major organisations across the world hit by the attack. Among those others affected was the Spanish telecoms company Telefónica (the parent of O2). Because the bitcoin address for the ransom was the same between affected NHS and Telefónica computers, some technical experts have wondered if one may have inadvertently infected the other, especially as Telefónica supply some networking services to the NHS.

What steps has Hunt taken to investigate this possibility, and what plans are in place to tackle any vulnerabilities caused by third-party IT providers?

6. Did the NHS have a specific plan in place for responding to a cyberattack of this nature?

Some NHS trusts were forced to cancel operations and diagnostic procedures, and led to some major incident protocols being initiated – including diverting ambulances to other hospitals and calling in doctors on their days off.

Does the NHS have any specific plans in place for cyberattacks versus other major incidents, and is Hunt happy these procedures work?

7. What's Hunt's plan to prevent attacks of this sort happening again?

The ransomware attack might have used sophisticated NHS code, but was otherwise quite a simple refashioning of attacks used by criminal gangs. While the NHS still has unpatched machines, it remains vulnerable to very slight modifications to the WannaCry worm, which virtually any hacker could make in minutes.

What new measures and/or funding is Hunt putting in place to prepare for similar attacks?

James Ball is a special correspondent for BuzzFeed News and is based in London. PGP: here

Contact James Ball at

Got a confidential tip? Submit it here.