I've had an awful epiphany
Ransomware is mostly possible because of lax IT practices, which despite all the warnings have simply gone unheeded. I have come to the conclusion that this is in large part to the option to back-out of the mess by paying the ransom. The only way this ends is with the removal of that option and a wave of malware that does the encryption but doesn't retain the keys. Total data loss resulting in organisational failure and mass sackings top down is the only way to turn the situation around.
I sincerely hope that doesn't happen, and 'we' soldier on trying to get patching done and paying up where it isn't, as there's simply no way of knowing what data would be lost (other than near on every bit of it in the NHS). Some suicide hacker or an anarchist/terrorist type is inevitably going to go for this, either that or it'll happen by accident as some cowboy stuff up key retention for their ransomware.