Of course, there's been great coverage of the attack and its implications. Halamka was quoted:
“By prioritizing clinical functionality and uptime, healthcare organizations may not always have the most up-to-date software. Thus, healthcare, in general, may be more vulnerable than other industries to cyberattacks, and the scope of the impact to the NHS in the U.K. illustrates the problem."
He said that some mission-critical systems were built years ago and never migrated to today’s modern platforms. In 2017, there are still commercial products that require Windows XP for which few patches are available, he said.
Other useful perspectives on healthcare IT's vulnerabilities emphasize HIPAA / business associate concerns when accepting patches. Lessons abound. Hopefully we'll learn them well enough to prevent future episodes.