Complex software changes everything
If you have an old machine, say a classic car from the 1920's, you generally can't just buy parts for it from the manufacturer nowadays. However, it is possible to get bespoke parts made to keep it running, and there are those who do exactly that, although to do so costs quite a bit more than just buying a new car.
But complex medical machines cost much, much more than a car. So what do you do with your million pound+ diagnostic machine once the manufacturer of the software that runs it decides to not support that software anymore? We're not just talking PC's here. You can't just go buy a new one for a few quid or get pissed off at MS and decide to put *nix on it. And it's a pretty tall order to try to roll your own bespoke patches when you're dealing with a closed source operating system - and trying to do so certainly would violate the license.
And even when the issue is just about PCs, just replacing them may not be a simple option. Will the old, bespoke software that they use even run properly on the new version of the OS? Do you, as a government entity, have access to the funding it would take to "upgrade" to the new OS?
The fact that complex and expensive machinery or essential bespoke software is now dependent on a closed source OS changes everything. Everyone with such machinery is at the mercy of the vendor deciding to support or not support that software. Mechanical devices can be "hacked" easily enough and solutions found to keep them going. But what can the owner do when complex software is an essential part of an expensive device, and the vendor says "F*** you"?
So should NHS (and everyone else in a similar situation) just throw out expensive machinery because MS decided that everyone should buy a new OS? Perhaps NHS could (if funding were available) put a new OS on all their PCs, but will all the old software run correctly on the new OS? How much would it cost the taxpayers to make that happen? And what about expensive diagnostic machinery? Can a new OS even be put on those machines? Or should the taxpayers be forced to spend millions upon millions of pounds to replace those as well just so MS can make a bit more profit?
Another question is how much would it really cost MS to patch XP against this kind of vulnerability? Probably not a lot. If they charged all those XP users their actual cost of developing and releasing a patch, the cost to the end user would probably be a few pennies per machine. But they'd rather force their users into "upgrades."
Legislation? How about requiring that any software used in anything purchased by government must be open source and maintainable indefinitely? That's the legislation that MS and their ilk deserves.