That's not really the issue. Even GPs have computers connected to the internet 24/7 to access databases on patients and stuff, it's not like you can just not use the internet.
The problem is they're using XP and shit to run critical services, sometimes for compatibility reasons, but a lot of it has to do with funding and a lack of management when it comes to IT. It doesn't really matter what is and isn't connected to the internet if you have vulnerable machines on the same network.
Yes, but you can isolate vulnerable machines a bit more than they were. Common sense in this situation would be not having unpatched machines on the same network with internet connected machines.
The NHS was warned of the potential flaw over a year before it happened. Getting updated, less vulnerable Win 10 machines might help for more common garbage but they still have the same management practices that caused the issue in the first place.
No amount of money thrown into updates is going to fix that sort of response to security issues. What happens after three years when the funding is done?
It would be better to use this time and money to set up a framework that isolates infrastructure where it can be. That is more likely to prevent a future event.
Couldn't 90% of their issue be solved by not connecting computers to the internet when they don't need to be?