I tend to be very forgiving of people who come clean after a mistake or mature out of naïve behavior, but this is neither. At best, I view it as a public relations stunt.
No amount of tweaking will change the fact that their business model is illegal and unethical. The very first step to making amends would be to do as the Maze ransomware authors did. Release all decryption keys, nuke the code repositories and promise to forever leave the business.
I keep trying to come up with the middle ground (e.g., free unlock keys for all of emergency/health services) but in the end I cannot get past the fact that this action neither moves LockBit towards "higher ground" nor makes the impacted hospital whole. The hospital still has a ~2 week outage to recover from, they still have remediation work to complete, and the reputational damage remains.