I work at one of the affected NHS places , i wont say which, and I can tell you users can freely download and run .exe files , and im pretty sure they can be sent them through the mail too.
Why would you let that happen?
What possible benefit could there be?
Also , the firewall/proxy whatever (thing that decides wich sites are allowed) can be completely sidestepped by unticking a box in your browser , allowing direct internet access.
surely it sould be set to "proxy or nothing"
Just a few huge obvious security problems i noticed on day one , and did in fact mention in passing , but as the new guy didnt push it . its not my job <cringe>. There are apparently highly skilled people being paid much more than me whose job it is to decide these things , what do i know?
These are not the things that the news seems to think costs too much to implement , these are things that are free to implement on the existing systems and are common fucking sense.