The weekend’s WannaCry ransomware attack disrupted 48 NHS organisations, caused departments to be shut and operations to be cancelled. In short, people's lives were affected. Cyber security – or the lack or it - shook the real world and rocked real lives. Lots of PR went round in the aftermath with tips on security - but to effect real change is more than a tickbox exercise. What lessons should we take from the attack? What questions should NHS boards ask? Should IT and security departments change the way they work? Should patients think differently about their data in the NHS?