Flawed passwords and weaknesses in a firewall designed to protect IT systems have been blamed for the incident at the Northern Lincolnshire and Goole NHS trust.
The crisis – the most serious cyber attack to have so far hit NHS services – severely disrupted care provided at Grimsby, Scunthorpe and Goole hospitals over three days.
More than 2,800 patients had operations, tests and appointments cancelled and some major emergencies, including high-risk births, were diverted to neighbouring hospitals.
A criminal investigation by specialist officers at the regional cyber-crime unit run by West Yorkshire Police is continuing.
The incident has also triggered a review of lessons for NHS organisations across the country amid increasing evidence the health service is being targeted by hackers and concerns ageing IT could leave vital services vulnerable.
Bosses at the NHS trust ordered the shutdown of the majority of their IT systems, including electronic patient records, after the attack by a “ransomware” virus on October 30.
Full details of what went wrong have not been made public but a report to NHS officials in the East Riding has revealed a series of failures led to the crisis.
It said passwords in place for key network accounts were not complex which made them “more vulnerable to exploitation” than those which are longer and changed more frequently.
It found accounts used by administrators, who have wide access to IT systems, were left open even when they were not being used, allowing hackers to gain access via one account, and a firewall designed to protect systems had been recalibrated incorrectly following testing. The report said a number of key lessons had been learned, including tighter checks on firewall security and better training for all staff around IT security.
Officials said they were not commenting on the cyber attack while police investigations are underway, but bosses previously confirmed a “malware” package was placed inside the IT network.