Britain believes “quite strongly” that North Korea was behind the “WannaCry” cyberattack in May that wreaked havoc on the National Health Service’s computer systems and spread to more than 150 countries, a senior official said on Friday.
The minister of security, Ben Wallace, told the BBC that several other countries had concluded the same thing: North Korea unleashed “ransomware” that buffeted institutions including universities in China, rail systems in Germany and the Russian Interior Ministry.
“This attack, we believe quite strongly, came from a foreign state,” he said. “North Korea was the state that we believe was involved this worldwide attack.”
Mr. Wallace declined to elaborate on the evidence that had led to the conclusion. “I can’t obviously go into the detailed intelligence, but it is widely believed in the community and across a number of countries that North Korea had taken this role,” he said.
The cyberattack on May 12, which struck thousands of computers around the word, was the largest ever to hit the N.H.S. The cyberattackers exploited gaps in the security of Windows XP to send malicious software by email that locked users out of their computer systems.
They encrypted the information on them and then demanded payment of $300 or more in Bitcoin to unlock the devices.
In Britain, the attack resulted in the abrupt cancellation of patients’ operations and delays in medical appointments at dozens of hospitals that struggled to retrieve essential medical information and patient histories.
Britain’s National Audit Office said on Friday that at least 6,900 appointments had been canceled during the attack, which affected more than one-third of England’s 236 N.H.S. trusts. Up to 19,000 appointments may have been affected, it said.
Hospital authorities have said that no patient data was compromised or stolen during the attack. But it had particular resonance in Britain where the N.H.S., though chronically underfunded, is a vaunted part of the nation’s identity.
Mr. Wallace warned that it was difficult to respond to a cyberattack committed by a “hostile state.” North Korea, which has ambitions to develop a nuclear weapon and has been repeatedly testing missiles despite international sanctions, has also proved adept at sowing havoc through cyberattacks.
“North Korea has been potentially linked to other attacks about raising foreign currency,” he said, in an apparent reference to an attack last year in which North Korean hackers tried to steal $1 billion from the New York Federal Reserve, and almost succeeded before being stopped by a spelling error.
The North has an army of 6,000 hackers, and experts in Britain and the United States say their ability to wage effective cyberattacks has improved. In 2014, the country unleashed a cyberattack against Sony Pictures aimed at blocking the release of a satirical film deemed disrespectful of its leader, Kim Jong-un.
Mr. Wallace said it was imperative for Britain to reinforce its efforts to defend against future attacks. “It’s a salient lesson for us all that all of us, from individuals to governments to large organizations, have a role to play in maintaining the security of our networks,” he said.
The National Audit Office said on Friday that the WannaCry attack had been relatively unsophisticated and could have been prevented had the N.H.S. followed rudimentary procedures to protect its systems. It said that N.H.S. management had recklessly ignored security recommendations.
Amyas Morse, the head of the National Audit Office, on Friday criticized the preparedness of the N.H.S.
“The WannaCry cyberattack had potentially serious implications for the N.H.S. and its ability to provide care to patients,” he said in a statement. He added that the N.H.S. needed to get its “act together.”
In the immediate aftermath, Amber Rudd, the British home secretary, acknowledged that, despite several warnings of a possible attack, the N.H.S. had been ill prepared to defend itself and was vulnerable because its computers had outmoded software.
While the ransom demanded in the attack in Britain was modest, the National Audit Office said evidence indicated that no N.H.S. organization had paid, which experts say could have encouraged further attacks.