The NHS was not targeted. It was not singled out in any meaningful way. It just had a large number of vulnerable machines. A small number of users were likely to have been lured into opening an attachment or clicking a link in a “believable” email that is being sent to 10,000s of users around the world.
Such attacks routinely happen to organisations. Single machines are constantly being held to ransom. It is very nasty.
What is so special about this attack is once opened or clicked, the malware is looking to exploit a weakness announced two months ago in all Windows machines that allows it to propagate to all susceptible machines on an internal network.
One careless click, hundreds of machines taken out.
What is sad? Many susceptible machines could have been protected by applying routine patches.
What is bad? The remaining susceptible machines were too old to protect. They should have been replaced.
Remember: Around 100 clicks brought much of the NHS to its knees. We will probably never know how much each click cost the NHS.