The NHS had been warned about the risks of cyberattacks a year before the devastating WannaCry attack earlier this year and failed to take basic steps that could have prevent it, according to a government report.
More than 300,000 computers in 150 countries were infected with the WannaCry "ransomware", which demanded money for an unlock code.
Almost 19,500 medical appointments, including 139 potential cancer referrals, were estimated to have been cancelled, with five hospitals having to divert ambulances away.
The National Audit Office (NAO) spearheaded an investigation into NHS response to the cyberattack, the most widespread to hit the healthcare service.
"It was a relatively unsophisticated attack and could have been prevented by the NHS following basic IT security best practice", said Sir Amyas Morse, the NAO's comptroller and auditor-general.
NHS Digital does not believe any patient data was affected or stolen.
Caroline Wozniacki routs top-ranked Simona Halep at 2017 WTA Finals
I tried to be even more aggressive, tried to use down-the-line, and I was more and more accurate and I went for it on the good shots.
North Korea has been linked to numerous high profile cyber attacks in the past, though attribution in such cases can be hard.
Furthermore, while NHS Digital issued critical alerts warning organisations to ramp up their defences to prevent WannaCry in March and April, the DH had no formal mechanism for assessing whether local NHS groups had complied with their advice or whether they were prepared for such a cyber attack.
NHS England identified 6,912 appointment cancellations and estimated over 19,000 would have been cancelled in total.
An assessment of 88 out of 236 trusts by NHS Digital before the attack found that none passed the required cyber-security standards.
The National Audit Office says health officials had been warned previous year about the likelihood of such an event, but did not respond formally until after it had happened.
Worryingly, even months now after the attack, the Department of Health still does not know how much the disruption to services cost the NHS.
General Motors Posts 32% Drop in Earnings for Third Quarter
BidaskClub lowered shares of General Motors from a "strong-buy" rating to a "buy" rating in a research note on Tuesday, July 25th. The high was posted this morning, and the 12-month price target for the shares was $43.26 before this morning's report.
The NAO chief said the Department of Health and the NHS must now "get their act together".
Meanwhile IT systems at the Cumberland Infirmary were also hit.
The Department of Health had developed a plan, which included roles and responsibilities of national and local organisations for responding to an attack, but had not tested the plan at a local level.
Part of the problem being that NHS Digital can not mandate a local body to take action even if it has concerns about the vulnerability of an organisation. As such, it was not immediately clear who should lead the response and there were problems with communications, it noted.
The NAO said the NHS has accepted that there are lessons to learn from WannaCry and is already taking action to improve the protection of services from future cyber attacks.
In response to the attack, NHS England and NHS Improvement - responsible for overseeing foundation trusts and NHS trusts - have written to every major health body in the United Kingdom asking for them to address NHS Digital warnings made between March and May of 2017.
First pictures of Esha Deol and Bharat Takhtani's baby girl are out!
Grandparents Hema Malini, Dharmendra and Takhnanis are extremely happy with the "divine" name. "My Mathura people are very happy. The couple had been featured in Hema Malini's directorial, "Tell Me O Khhuda" and fell in love during the shooting of the film.
In one way, the NHS was lucky - if, instead of a Friday in May, the attack had taken place on a Monday in winter, with a week's appointments affected, the damage would have been far worse.