With all the cost pressures the NHS is under it isn't all that surprising to find that IT security, is under funded or not funded at all.
All the IT experts in the world won't necessarily be able to persuade a semi IT literate Trust board that money is better spent on cyber security than on maintaining ever aging Hospital buildings, or a desperately needed new operating theatre.
I'm sure at many places cyber security wasn't as important, until it suddenly was.
I have a lot of sympathy for those IT departments that diligently put together business cases to improve the security of their systems only to have them repeatedly declined (I've been there) - I hope they are all still gainfully employed and now getting the investment they need.
Biting the hand that feeds IT
