The "WannaCry" computer program that attacked hospitals, businesses and government agencies around the world was like a cybercrime highlight reel, a compilation of by-now familiar elements that played out on an epic scale.

What's different this time is that the conscience-free hackers apparently had considerable, albeit unwitting, help from the U.S. government. They used a stolen tool reportedly developed by the National Security Agency to exploit a hidden weakness in the Windows operating system and spread their "ransomware" to computers far and wide.

It's tempting to howl at the NSA for not alerting companies like Microsoft when its researchers find vulnerabilities in their products. The reality, though, is that doing so would reduce the effectiveness of cybertools that have become an integral part of efforts by agencies like the NSA to fight terrorism, international criminal organizations and rogue states. What's needed is a better effort to determine if and when a vulnerability discovered by the feds represents too great a threat to keep it secret from the potential victims. That's a difficult balance, and the decision shouldn't be made solely by the executive branch without the input of independent experts and, potentially, lawmakers.

The even more important lesson here is that years, even decades of warnings from security experts simply aren't getting through to the public. WannaCry shouldn't have reached disastrous proportions — Microsoft released a patch that could close the vulnerability in March, well before the NSA's tool was released in usable form. Yet tens of thousands of computers weren't updated.

The problem could easily get much, much worse as more routine devices become smart, Internet-connected ones. Evidently we need stronger incentives not just for companies to release more secure products, but also for users to keep them updated and to protect their data with encryption and backups.

FROM AN EDITORIAL IN THE LOS ANGELES TIMES