North Korean government behind NHS cyber attack, says Microsoft boss

Microsoft boss Brad Smith Credit: ITV News
  • Video report by ITV News Business Editor Joel Hills

The President of Microsoft says the government of North Korea was responsible for the WannaCry cyber attack which affected 47 NHS trusts earlier this year.

Brad Smith said he believed "with great confidence" that Pyongyang was behind for the hack which impacted 200,000 computers in 150 countries around the world.

In an interview with ITV News at Microsoft's headquarters in Redmond Smith said: "I think at this point that all observers in the know have concluded that WannaCry was caused by North Korea using cyber tools or weapons that were stolen from the National Security Agency in the United States".

North Korea has been widely linked with the WannaCry cyber attack since it took place in May but this is the first time that an executive at Microsoft has blamed the administration publicly.

Mr Smith says cyberattacks by nation-states have become more frequent and more severe.

"I think over last six months we've seen threats come to life, unfortunately, in new and more serious way.The problem has become bigger."

He believes that as societies becomes more reliant on technology, so the risk increases that vital public services and elections will be targeted by state-sponsored hacks.

He repeated his appeal for governments around the world to do more to protect their citizens from harm.

"We need governments to come together as they did in Geneva in 1949 and adopt a new digital Geneva Convention that makes clear that these cyber-attacks against civilians, especially in times of peace, are off-limits and a violation of international law."

Shortly after the WannaCry attack Microsoft itself faced criticism. Many of the NHS hospitals affected by the malware virus were using XP - an older version of Windows - which Microsoft had decided to stop supporting.

Mr Smith rejects the idea that by withdrawing technical support for the operating system Microsoft left customers exposed to hackers.

"When there's abroad attack, we provide patches for [all versions of Windows] we did so with WannaCry, we did it again in June when the Ukraine was attacked.

At the same time we repeatedly asked people, we explained to people, we virtually pleaded with people 'please don't rely on software that now belongs in a museum'".

Windows XP is 17 years old but around 5% of computers in the NHS still use it. In May, the WannaCry bug encrypted data creating havoc. Operations were cancelled,ambulances rerouted, doctors surgeries were unable to access patient records.

Staff at Microsoft's cybercrime unit. Credit: ITV News

Mr Smith acknowledged that hospital budgets are tight but insists greater priority needs to be given to upgrading IT systems.

"When hospitals think about the equipment that is critical to protecting their patients they've got to think not only about the beds...Computers play a fundamental role in the delivery of healthcare and patients shouldn't have to rely on healthcare based on an old computer."

Microsoft has developed anti-viral software to protect users from hacks, the company also attempts to spot and disrupt cyber-attacks from its Digital Crimes Unit.

As technology advances we are storing more and more information about ourselves online, onto computers.

Microsoft says it takes cyber security extremely seriously but argues it is a shared responsibility and there is a limit to what the company alone can achieve.

Microsoft's president says hackers could cripple the NHS. Credit: ITV News