The problem is...
Until people learn good IT hygiene...
When you have staff that are exhausted, over-worked and under-resourced with Windows 7 machines in front of them, this will continue to happen.
Especially when the general attitude is 'the IT department are supposed to stop these sorts of things from happening, so it's their fault, not mine'...
I seem to recall some of the original ransomware criminals promised not to touch healthcare systems, but that seems to be ignored more and more now...
Personally, I think anyone attacking healthcare systems should be strung up by the unmentionables and left to rot.
Anyone attacking childrens healthcare systems I have no words for. Lower than low.