The cyber-attack hit a number of trusts across the country, locking staff out of their computer and demanding a $300 ransom fee.
The NAO's probe found that nearly 19,500 medical appointments, including 139 potential cancer referrals, were estimated to have been cancelled, with five hospitals having to divert ambulances away after being locked out of computers on May 12.
"There are more sophisticated cyber threats out there than WannaCry, so the Department (of Health) and the NHS need to get their act together to ensure the NHS is better protected against future attacks", he said.
In 2014, the DoH and the Cabinet Office informed trusts of the need for plans to upgrade IT software by April 2015. "It was a relatively unsophisticated attack and could have been prevented by the NHS following basic IT security best practice", said Amyas Morse, head of the NAO.More news: Esha Deol, Bharat Takhtani welcome first child
Keith McNeil, the NHS's chief clinical information officer for health and care, said: "As the NAO report makes clear, no harm was caused to patients and there were no incidents of patient data being compromised or stolen".
NORTH Korea was behind a the WannaCry cyber hack that crippled the NHS, a minister claimed today. Instead, patients and NHS staff suffered widespread disruption, with thousands of appointments and operations cancelled.
At least 6,900 NHS appointments were cancelled as a result of the attack. Neither the Department of Health nor NHS England know exactly how many GP meetings were scrapped.
The National Audit Office says health officials had been warned previous year about the likelihood of such an event, but did not respond formally until after it had happened.
According to PharmaPhorum, no formal Department of Health (the government health ministry that oversees the health service) process was in place to assess whether NHS organisations had heeded the advice. Once again, there had been warnings sent out by NHS Digital, but many trusts failed to act upon them - though in that they were no different from many organisations around the world that were also hit.More news: Antonio Conte hails Chelsea's spirit, commitment in Watford win
The Department of Health had developed a plan, which included roles and responsibilities of national and local organisations for responding to an attack, but had not tested the plan at a local level.
"All NHS organisations infected by WannaCry had unpatched or unsupported Windows operating systems so were susceptible to the ransomware".
The NAO said the NHS "has accepted that there are lessons to learn" from WannaCry and will now develop a response plan.
NHS England and NHS Improvement claim to have now written to "every major health body" asking boards to ensure that they have implemented all alerts issued by NHS Digital between March and May 2017 and taken action to better secure local computers.More news: Storm Brian set to batter Britain just days after Ophelia