Former National Security Agency contractor Edward Snowden has blamed the intelligence agency for failing to prevent the massive ransomware cyberattack that crippled the NHS on Friday (12 May) and spread to nearly 100 countries across the globe. The global cyberattack reportedly exploited a known, recently-patched Microsoft Windows vulnerability by using hacking tools believed to have been stolen from the NSA.
Dubbed "Eternal Blue", the hacking exploit was leaked online in April through a dump by the mysterious hacker group called Shadow Brokers. The group claimed to have stolen a trove of "cyberweapons" from the NSA.
Although Microsoft did release a patch for the vulnerability in March, computers that did not install the security update remained vulnerable to attack.
Snowden, who famously leaked thousands of classified NSA files back in June 2013, slammed the NSA in a series of tweets arguing that the attack could have been prevented if the agency had immediately disclosed the flaw privately to Microsoft when they discovered it.
Snowden also called on Congress to question the NSA about any other software vulnerabilities that could be exploited by malicious actors.
"Despite warnings, @NSAGov built dangerous attack tools that could target Western software," Snowden tweeted. "Today we see the cost."
"In light of today's attack, Congress needs to be asking @NSAgov if it knows of any other vulnerabilities in software used in our hospitals."
Snowden continued: "If @NSAgov had privately disclosed the flaw used to attack hospitals when they *found* it, not when they lost it, this may not have happened."
Computers around the world were infected with a piece of ransomware called Wanna Decryptor that encrypted the device's contents and demanded a ransom payment of $300 worth of bitcoin. The malicious software also attacked companies in Spain and Portugal, including Telefónica, as well as international shipping company FedEx.
Many experts raised serious concerns over the NSA's decision and ability to keep such vulnerabilities and tools a secret. Others placed blame on institutions and businesses that failed to update their systems two months after a fix was made available by Microsoft.
Security firm Kaspersky Lab said its researchers had observed over 45,000 attacks in 74 countries. Avast researchers later said they had observed more than 57,000 infections across 99 countries with the ransomware mainly targeting Russia, Ukraine and Taiwan.
"Over the next few years, the pace of healthcare's digital journey will accelerate, introducing ever greater connectivity and generating ever more data," David Emm, principal security researcher at Kaspersky Lab told IBTimes UK. "The numbers of attempted attacks on healthcare organisations have and will only inevitably increase. With clear gaps in security, healthcare providers and their IT security teams need to implement the sophisticated, high quality protection that will allow them to withstand cyber-attacks.
"From today, they need to do so in a way that complies with the new GPDR and NIS regulation recently set out by the European Union. It is only a matter of time before healthcare-specific regulation will be introduced and by then the penalties will be even more unforgiving."