Or maybe this story isn't really accurate and there was no accident...
And if it isn't the role of those agencies to defend the public health IT infrastructure, which agencies are responsible, if any?
Then, due to lax controls, the exploit got leaked and used by the ransomware developers.
Their culpability goes back a lot further than not noticing a kill switch.
Even in this case though, you would think the NSA, etc have to do less analysis of the payload since they got to inspect and play with it for much longer than anyone else. Therefore they could waste less time on that and more quickly focus on the rest of the issue.
There are some three-letter agencies that do work on fighting malware, often by partnering with relevant companies like Microsoft (who was a major anti-malware player here too). I know the FBI does so publicly, and some government groups invite large companies to low-secrecy briefings on security.
But I've never heard a mention of the NSA 'fighting' malware that isn't obviously governmental. Even if they knew about the exploit, used the exploit instead of disclosing it, and are well-placed to fight it, I think that's just filed under 'not my department'.
Right now looking at how the election scandals went they are there at prosecution and have access that they are given willingly.