The National Health Service and the Department of Health didn't know how to respond to the WannaCry ransomware outbreak in May, concludes today's report into the outbreak from the National Audit Office (NAO).
The NHS, the NAO claims, "was not clear what actions it should take when affected by WannaCry".
"The Department [of Health] had developed a plan, which included roles and responsibilities of national and local roganisations for responding to an attack, but had not tested the place at local level," the NAO adds.
As a result, there was confusion from top to bottom over how to respond to WannaCry when it ripped through the NHS on Friday 12 May this year.
According to the NAO, the NHS had not rehearsed a response to a national cyber attack and "there were [also] problems with communications".
Communication was difficult in the early stages of the attack as many local organisations could not communicate with national NHS bodies by email as they had been infected by WannaCry or had shut down
While some NHS trusts had been reporting IT problems since late morning, it was only at 4pm that NHS England declared the cyber attack a "major incident" and only initiated its existing ‘Emergency, Preparedness, Resilience and Response' plans to act as the single point of coordination for incident management, supported by NHS Digital and another central organisation, NHS Improvement.
"In the absence of clear guidelines on responding to a national cyber attack, local organisations reported the attack to different organisations within and outside the health sector, including local police," claims the NAO.
It continues: "Communication was difficult in the early stages of the attack as many local organisations could not communicate with national NHS bodies by email as they had been infected by WannaCry or had shut down their email systems as a precaution, although NHS Improvement did communicate with trusts' chief executive officers by telephone.
"Locally, NHS staff shared information through personal mobile devices, including using the encrypted WhatsApp application. Although not an official communication channel, national bodies and trusts told us it worked well during this incident," reports the NAO.
NHS England, meanwhile, focused initially on maintaining emergency care, a task made easier by the fact that the ransomware struck on Friday afternoon, meaning minimal disruption to primary care services, which are largely closed on weekends.
The NAO also acknowledged the role played by Marcus Hutchins, the security researcher who stopped the ransomware in its tracks by registering a domain name used by the malware to check whether it was being examined in a sandbox.
Hutchins, however, was arrested in the US just weeks later when he tried to board a flight back to the UK from Las Vegas. The FBI claims he was behind a number of alleged computer crime offences perpetrated as a young teen hacker several years ago.
And, yep, it'll run Android rather than RiscOS
US engineering giant's cost-cutting outsourcing plan is on the rocks, according to insiders
HP Envy X2 laptop only affordable if you've got loadsamoney
Counterfeit code-signing certificates enabling hackers to hide malware being sold by cyber criminals
Certificates can be used as part of layered obfuscation to evade detection by anti-virus software