Re: P2P rules!
IPFS or Swarm for distributed storage, surely?
Not sure how you'd prevent the malicious writes, if it's read/write, but for patient records, if the (mythical technically savvy) patient controls a staging storage location, then approves the propagation of changes back to the distributed store, that's a win...? (hell, just have the NHS submit pull requests to a git repo stored on your phone with backup to a distributed store).
Or even mediate storage with Etherium (e.g.) - that way they (or the client they're exploiting) would have to pay ETH to see the files and get the storage written... ... If that were an internal implementation, the organisation could limit damage through read/write budgets for machines/users (though that becomes another vector to cripple services!).
On a more relevant point, general usage OSes might not be the best choice for healthcare. It was local files affected by the payload, not patient records, so following best practice means there should be nothing critical lost apart from the time taken to restore. If best practices aren't followed, then having a more tied down OS would help, and may reduce risk from broad spectrum exploits like this one... ...On which point: the payload was ransomware, but the root (NSA) exploit is said to be a persistent infection that's near impossible to detect - more worms could spreads on the same vector unless the machines are rebuilt with a clean, patched base image.