If you cannot patch it quarantine it
If you cannot patch it, quarantine it. The reason why Wannacrypt spread like wildfire was the flat design of large enterprise networks with large number of old unpatched machines. While some of the victims fell due to plain idiocy and laziness, others (f.e. some of the NHS X-ray machines) were running XP because there was no way to upgrade them without breaking their core functionality.
The criminal idiocy is why systems like this were widely exposed and not isolated so that their vulnerabilities are no longer exploitable by half of the world.
Unfortunately, the criminally incompetent people running NHS IT and their bretheren in other large enterprises will never be held responsible for this and it will happen again, and again, and again.