I think this article misses the point. If my medical records are insecure because of vulnerabilities in IE 6, they'd be insecure whichever browser was being used -- none of them are anywhere near secure enough to provide an acceptable guarantee for information of that sort. These systems shouldn't be designed in such a way that the security of the data depends on the lack of vulnerabilities in a web browser. (If indeed they are. The article provides no evidence that the NHS systems in question could be compromised via IE 6.)