I was discussing ransomware with the Head of IT Operations at the Trust where I work yesterday. He said that our Trust was in a good place but much more funding was needed to get security where it needed to be to really feel comfortable.
The hardest conundrum to crack is to balance security with end user requirements i.e. blocking personal email (gmail, yahoo, etc) and blocking all removable media. He did want to implement both restrictions but had received lukewarm support.
He informed me that another Trust had carried out a phishing / malware test, where 1 in 4 of the staff clicked on the link. This is the uphill struggle that Trust IT Depts are fighting against.
I heard from a colleague that our Trust was relatively unaffected as the IT Dept locked everything up tight as soon as they got wind of what was going on. Our ERP system went down as it is supported by another Trust that got completely taken offline. I did think of the IT Team as soon as news went round whilst I was offsite. I suspect they'll be pulling a weekender. I also suspect the Trust will suddenly cough up funding for enhanced security and support for user restrictions.