WannaCry Ransomware Shuts Down NHS Hospitals and Hits 200,000 Systems in 150 Countries
What happened
WannaCry ransomware spread globally using EternalBlue, an NSA exploit for a Windows SMB vulnerability (MS17-010) leaked by the Shadow Brokers group. The UK's National Health Service was severely disrupted — thousands of appointments cancelled and ambulances diverted. Over 200,000 systems in 150 countries were infected.[1]
What went wrong
Many organisations ran unpatched Windows XP and Windows 7 systems on networks with no segmentation, allowing a single infection to spread hospital-wide. The patch for EternalBlue had been available for two months before WannaCry launched.[1]
Lesson learned
Legacy unpatched systems in critical infrastructure represent a systemic risk. When nation-state exploit tools are leaked, patching timelines compress from months to hours. Air-gapping or aggressive network segmentation for medical devices must be a baseline requirement.