[Silhouette]

But this was a failure of the government to fund the required security for the NHS.

Perhaps, though a lot of the later reporting I saw suggested that the situation was far less clear than it initially seemed. For example, the vast majority of the systems affected by the recent involuntary encryption problems were reportedly running Windows 7. An update had been made available on that platform but only a few weeks earlier, so in some cases it was still in review before being deployed by IT departments etc. For home users affected by similar attacks, there have also been various problems with getting Windows 7 updates deployed in timely fashion, not least because Microsoft borked the Windows 7 update mechanism for a lot of people a few months ago and even systems set to automatically install important updates may have been silently failing to do so.

In any case, this is all rather academic. You and I and no doubt many other people reading these comments on HN might understand the technical issues involved, and we might have reasonable discussions about different strategies for updating systems to mitigate such threats. The average non-geek reading the paper just sees "Your local hospital Emergency Department was closed this week, with ambulances rerouted to other hospitals 20 miles away, as a result of evil people doing bad stuff that made the computers stop working." If the government promises to stop the evil people doing bad stuff so hospitals can carry on helping people, that average non-geek is going to support them, blissfully unaware of either the prospects for success or the unintended (or, more cynically, unadvertised) side effects.