I work in Hospital IT by choice. I spent many years in the private sector and wished to give something back.
You have to bear in mind that senior decision makers in the NHS will typically have a clinical rather than technical background, and their understanding of IT issues will be limited.
It is of course IT's job to give these decision makers an honest summary of the threats and solutions available to them.
Consider that you're working in a trust and have an HA pair of aging firewalls protecting your network. These firewalls are rule based with no advanced features like IPS, Malware protection or URL filtering. In fact, they are so old that the manufacturer is only supplying hardware support for the next couple of years, and most support companies don't want to have them on thier supported hardware inventory.
You would dearly love to replace these firewalls with a new HA pair of NG firewalls with all that lovely IPS, Malware, Sandboxing and URL filtering technology. The cost of these firewalls is approximately the cost of a treatment round of chemothereapy.
Hospitals have a limited budget that they have to manage, and they have an ever increasing number of patients and the pharmacutical and medical device industries don't do the NHS any favours by charging an ever increasing amount for vital drugs and equipment. (£3K a day for a tech to come out and change the default gatway on a single medical device anyone?)
You can buy these firewalls, but you have to make up the cost of a round of chemotherapy up to finance them. Or, you can struggle on for the next two years with the existing firewalls.
Would it make a difference to your decision if you did or did not know the patient who may not receive chemotherapy. Whilst it's unlikely that a patient would be denied the chemo, the money still has to come from somewhere.