The Public Accounts Committee (PAC) has criticised NHS institutions for failing to learn lessons from WannaCry and NotPetya, and doing too little to protect systems from potential attacks.
Despite 22 recommendation created by the Department of Health and Social Care, NHS England and NHS Improvement to help the NHS improve its cyber defences, the PAC noted it was "alarmed" that these measures had not yet been implemented.
"The extensive disruption caused by WannaCry laid bare serious vulnerabilities in the cyber-security and response plans of the NHS," said Meg Hillier, chairman of the PAC.
"But the impact on patients and the service more generally could have been far worse. And government must waste no time in preparing for future cyber-attacks - something it admits are now a fact of life.
"It is therefore alarming that, nearly a year on from WannaCry, plans to implement the lessons learned are still to be agreed."
Hillier added that she was shocked at how unprepared the NHS was for WannaCry and that more must be done to prevent cyber attacks from other nations form wreaking havoc on the healthcare service.
"Government must get a grip on the vulnerabilities of and challenges facing local organisations, as well as the financial implications of WannaCry and future attacks across the NHS," she said, highlighting that WannaCry should be seen as "a foretaste of the devastation that could be wrought by a more malicious and sophisticated attack".
A spokesman for the Department of Health and Social Care told the BBC that the NHS had learned from WannaCry but still needed to pull its socks up when it comes to cybersecurity.
"The health service has improved its cyber-security since the attack, but there is more work to do to protect data and patient care," he said.
Normally when politics gets caught up in tech, it's a bit of a laughable situation, with politicians failing to grasp the fast-moving world of technology. But in this case it's more worrying than humorous.
Following the alleged use of a nerve agent by Russia to poison an ex-Russian spy, there's a growing concern that Moscow could target UK infrastructure with cyber attacks. And if core parts of Britain's public services are not robust enough to weather such attacks, an all manner of chaos could ensue.
As such, the PAC is called upon the Department of Health and Social Care along with NHS bodies to urgently agree on and put into effect cybersecurity defences and then provide an update on their progress to the PAC in June.
All this sound suitably ominous and we can't help feeling that the cyber doomsday clock has moved a few more minutes closer to midnight.
Microsoft seizes control of phishing sites linked with Russian state hackers
Fitness trackers over-estimate the number of steps their users take, analysis of 67 research reports suggests
Everything we think we know about the imminent Apple iPhone 9, iPhone 11 and iPhone 11 Plus launches
All the latest rumours about Apple iPhone Displays, CPUs, launch dates and even prices
Nvidia brings Turing microarchitecture into the high-end gaming segment