Bollocks
It didn't matter if your systems were up-to-date with NotPetya or not. It harvested administrator and local administrator credentials via a custom version of Mimikatz and used those, in *addition* to spreading through ETERNALBLUE / DOUBLEPULSAR etc.
I suspect that many of the organisations so badly hit had decent patch management regimes, but were weaker on passwords. It was not the same as WannaCry. No, not at all.
Biting the hand that feeds IT
