How can the NHS ensure health is a ransomware free zone? It can’t, but it can dramatically reduce the risk.
The less centralised IT is the harder it becomes to respond to such cybersecurity attacks. England was hit hardest because it has the least IT servicing from the centre whereas Wales escaped the same levels of disruption because it has the most.
In the highly devolved English NHS, while NHS Digital has some overview of data and IT systems for the health and social care sectors and a dedicated Data Security Centre, it has no authority over local authorities and trusts to ensure even simple security measures are implemented, such as software updates and patches.
A simplistic conclusion perhaps, but with more than 400 NHS employers across England and no central organisational control over IT beyond the use of regional commissioning support units, one that cannot be ignored.