Re: £150m deal was signed with Microsoft to update systems to Windows 10
The failure at the NHS IMHO was in not separating those devices with elderly O\S's into VLans and protecting them from the big wide world as we have done.
I'm former NHS IM&T (junior technical) management.
Our trust was setup with old devices (AED's, elderly MRI scanners etc) on vlans.
I also know others weren't. One of the big problems with "The NHS" is that people persist in thinking "The NHS is one entity" despite each trust being operationally independent and having it's own independent IT department. Having worked for "The NHS" I would opinion that there is no such thing as "The NHS". It's a billing structure and a franchise, not an organization as people think it is.
This is a list of trusts:-
https://en.wikipedia.org/wiki/List_of_NHS_trusts
Many of those trusts (eg, individual hospitals) are operationally independent but are simply too small to be. The county level IM&T department I worked with had more 3rd line staff than many of the hospitals had IT staff in total and it shows. The map of infections from WannaCry was a good indicator of which trusts had effective IT departments, with the effective IT departments having no infections.