On the other hand ...
"According to the Homeland Security agency almost half (852, or 49 percent) of these notifications resulted in organizations either patching, taking systems briefly offline to fix the issue, or in some other way mitigating exploitable flaws."
A couple of points though:
[1] more than half of those notified apparently took no action -- not a good outcome really;
[2] a considerable proportion of successful ransomware attacks (as indeed other successful attacks) result, not directly from tech vulnerabilities in the conventional sense of software bugs, but from intrinsically fragile operating conditions (unfettered script ridden web browsing, weak credentials on poorly protected exposed kit etc.). So even if the response had been 100% it would only have addressed part of the problem.
In order to protect ourselves in an increasingly hot attack space we absolutely must move on from an essentially reactive technocentric primary reliance on bug alerts and patches to a proactive one that assesses the entire business space within which our technologies operate. A very high proportion of data breaches have primarily resulted from lax management that allowed systems to be operated insecurely. For example the 2017 Equifax data breach, which primarily resulted from complete failure of management processes (they had prior warning of the tech vulnerability and were provided with a patch in good time, but couldn't find the vulnerable server because there was no service inventory).