The U.K.'s National Audit Office released details Oct. 27 regarding its investigation into the May WannaCry cyberattack that wrecked havoc on a number of its hospitals.
WannaCry disrupted operations at more than a third of England's trusts, canceling at least 6,900 appointments. Although no patient data was compromised or stolen, WannaCry has been labeled the biggest cyberattack, to date, to hit the country's National Health System.
According to the NAO report, there was no evidence that any NHS organization paid the ransom, which was roughly $300 (£230), but the financial impact of the incident remains undetermined.
What's more, an assessment by NHS Digital found 88 out of 236 trusts had not passed required cybersecurity standards before the attacks. The trusts had not acted on critical alerts issued by NHS Digital or a 2014 warning from the Department of Health and the Cabinet Office to patch vulnerable software, according to the report.
The report didn't pinpoint who was behind the attack, but Home Office Minister Ben Wallace told BBC Radio 4 the government was "as sure as possible" North Korea was to blame.
"This attack, we believe quite strongly that it came from a foreign state," he said. "It is widely believed in the community and across a number of countries that North Korea [took on] this role."
More articles on cybersecurity:
Bad Rabbit allegedly used leaked NSA hacking tools
Trump fills key DHS CIO post with acting DoD CIO
Kaspersky releases results of investigation into supposed Russian hacking