Royal Holloway: Man proposes, fraud disposes
In May 2017, a strain of ransomware called WannaCry infected 32 NHS trusts in England. The NHS’s report on the incident noted that all English local authorities reported being unaffected, despite also being connected to the NHS’s own national network.
Ultimately, the attack proved the NHS’s centralised information governance to be weaker than the equivalent governance applying to local authorities. The critical difference in approach was that unlike local authorities, the NHS didn’t require its organisations to test their security.
There is also evidence of the NHS mistrusting local authorities’ information security management, which may have biased the NHS against adopting areas of better practice, like testing, from local authorities.