They just don’t have and aren’t going to get the technical expertise required to prevent or easily recover from ransomware attacks.
They just don’t have and aren’t going to get the technical expertise required to actually run Linux and have all of their staff use it :)
Also, things like Chromebooks, Android, desktop Linux etc are still vulnerable to viruses and exploits. But the thing is that people don’t target those, because the vast majority of the planet runs Windows.
Should a hospital be running some form of Linux, and doesn’t update it, then a dedicated hacker could probably target it just by looking at the bug reports since then and now and designing an exploit just for those.
And that’s ignoring the app themselves that the hospital staff will be using. Those are often complete turds and will probably be full of more exploitable security holes than the underlying OS!
The fact is that, due to the complexity of all of the systems involved, it’s quite hard to stop someone from technologically disrupting you if they want to. They’ll find a way.