Whilst the NHS is huge, with about a million computers, it doesn't help itself by having dinosaur policies. Buying extended support from Microsoft for XP is a prime example.
There's every chance that this has spread by one of the zero-day exploits that were made public this week, this month or even this year, you can bet that their computers are very poorly patched.
Hit a poorly maintained LAN with a wormable encryptor and game over; all local files and network shares are encrypted very quickly on high-bandwidth networks.
Rolling back to "last night's backup" will be a challenge, and even a few hours' worth of lost work on a million PCs is a lot of work.
It was bound to happen eventually.