A North Korean man has been identified as part of a group that hacked the NHS, as well as allegedly being responsible for hacks on Sony Pictures and the theft of $81m (£62m) from a bank.
US authorities say Park Jin Hyok was part of the state-sponsored “Lazarus Group”.
The 34-year-old worked “on behalf of the government of North Korea or the Workers’ Party of Korea”, according to US authorities.
Computers at hospitals and GP surgeries in 48 NHS trusts were frozen last year by the WannaCry ransomware virus – which demanded a bitcoin payment for users to regain access.
Appointments and operations were cancelled and many workers were forced to go back to pen and paper.
The attack did not target the NHS specifically: about 300,000 computers at businesses and organisations in more than 100 countries were affected.
For example, Honda, Renault and Nissan had to stop production at some of their factories after detecting WannaCry.
Britain’s National Cyber Crime Unit said it had obtained critical evidence which was able to link the NHS attack to others already being investigated in the US.
The charges against Park Jin Hyok are a “culmination of extended and complex enquiries made by the NCA and law enforcement partners in the US”, said the NCA’s Paul Hoare.
Sony Pictures was targeted in another hack blamed on the North Korean group in 2014.
Confidential employee information, emails and details of some stars’ earnings were revealed in the embarrassing data breach.
US officials long believed the attack was retribution for The Interview, a comedy starring Seth Rogen and James Franco about a plot to assassinate North Korea’s leader.
The charges against Park Jin Hyok allege the group he was involved with were behind several attacks from 2014 until 2018, including a fraudulent transfer of $81m (£62m) from a Bangladeshi bank in 2016.
He was charged with one count of conspiracy to commit computer fraud, and another count of conspiracy to commit wire fraud.
“This complaint exposes a vast and audacious scheme by the North Korean government to utilise computer intrusions as a means to support the varied goals of their regime,” said Paul Delacourt from the FBI.
The attacks are alleged to have been carried out from North Korea, China and other countries.