Bollocks
It didn't matter if your systems were up-to-date with NotPetya or not. It harvested administrator and local administrator credentials via a custom version of Mimikatz and used those, in *addition* to spreading through ETERNALBLUE / DOUBLEPULSAR etc.
I suspect that many of the organisations so badly hit had decent patch management regimes, but were weaker on passwords. It was not the same as WannaCry. No, not at all.