Does append only work if you have access to the raw disk bytes? Sure, the file system could enforce creation and appending only, but I can easily counter that with:
dd if=/dev/random of=/dev/sda
(Using /dev/random to give the illusion of encryption)
Yes. You would have backup agents that authenticate to a backup server. The server would only allow a specific method of sending data and the backup server would have policies about backup anti-tampering and retention. All workstations and live servers should be considered ephemeral and disposable.
Specifically for an institution like a medical facility or financial institutions, there are hardened appliances; sometimes referred to as vaulting appliances, that enforce anti-tampering to the point that the system administrators can't even delete data. You set a policy that requires multiple specific people using MFA to authenticate and authorize the deletion transaction. These are not cheap, but it's a lot cheaper than paying out a ransom and the down-time of rebuilding everything and the loss of reputation and loss of trust by board members and investors. These appliances have the bonus of enforcing many of your audit requirements around data retention and destruction.
To your example though, yes, it's not fun to manage fleet-wide, but you can boot up both Windows and Linux into ram and have network filesystem overlays that patient data could be written to. The SAN/NAS/Ceph clusters can then do backups locally and have anti-tampering in place. This is non trivial to set up correctly. That would be more resilient than depending on backups, but is much more work up front. For Windows, look into Windows 10 LTSC [1]. It can operate in a Kiosk mode and boot into memory or have hardened security options to minimize attack surface. Most Linux distributions can do this as well. Ceph can do both transport and filesystem encryption now. I will leave out the Linux examples as I doubt this is where these institutions are getting into trouble.