Although not named in the report, cybersecurity researcher Marcus Hutchins, currently awaiting US trial on unrelated allegations of having a past as a criminal hacker, is credited with finding the “kill switch” that limited the spread of WannaCry.
The US government would like to "thank" Marcus by filing criminal charges for something that is trivial. Had WannaCrypt (that's what I'd like to call this worm) spread reached the US of A, I'm sure the reaction would've been a lot different.
concluded the failure to apply available patches on Windows systems combined with poor isolation of vulnerable services from the open internet was to blame for a malware outbreak
These machines can't be patched. Period. Either the vendor has to supply them with updated systems (more money) or these machines need to be behind some kind of IPS/IDS/FW. And this bit alone will make it more complicated because of the inherit risk that these machines require "full access" to the internet "or else".
Does the report actually detail what NHS will do to fix machines that can't be patched?
In the end, I guess this report is needed so the governing body can get their act together and appropriate the right resources (more, more money) to the right area.
Where did NHS "discovered" or "identified" all these money from?
Biting the hand that feeds IT
