A “second spike” in cyber-attacks has not hit the NHS but some hospital trusts are suffering ongoing disruption due to Friday’s ransomware attack.
Routine surgery and GP appointments have been cancelled across the NHS as it recovers from the global outbreak.
Patients have been urged to use the NHS “wisely” as the full impact of the ransomware attack comes to light.
Health Secretary Jeremy Hunt says it is “encouraging” there have not been any fresh attacks.
“We’ve not seen a second wave of attacks and the level of criminal activity is at the lower end of the range that we had anticipated,” he said.
Mr Hunt is attending a Cobra committee meeting on cyber-security, chaired by Home Secretary Amber Rudd.
Sixteen trusts out of 47 that were hit are still facing issues, leading to further cancellations and delays to services.
Patients have been told to turn up for appointments, unless advised otherwise, although some GPs are asking people to consider whether they really need to attend the surgery imminently.
The ransomware that hit the NHS in England and Scotland, known as Wanna Decryptor or WannaCry, has infected 200,000 machines in 150 countries since Friday.
The National Crime Agency said it has not seen a “second spike” in attacks but “that doesn’t mean there won’t be one”.
BBC health correspondent Nick Triggle
With the NHS slowly getting on top of the disruption caused by the cyber attack, attention, naturally, starts to turn to who is to blame for the fact it seems to have been so vulnerable.
Some hospitals appear not to have installed patches sent out in April that were designed to deal with the vulnerability which this attack appears to have exploited.
But there could be good reason for this – checking that they were compatible with the rest of the IT system is certainly one.
And, as yet, it is not clear if the trusts affected are the ones which had not used the patch.
So what about ministers?
We know there have been warnings before about IT security in the NHS – last summer a review said it needed looking at.
But the problem is that over the last three years the capital budget – which is a ring-fenced fund used to pay for buildings and equipment – has been raided by the government to bail out day-to-day services, such as A&E.
Last year a fifth of the capital budget was diverted.
That, of course, makes it more difficult for trusts to keep their systems up to date.
Responding to suggestions that the NHS had left itself open to an attack of this nature, Mr Hunt told the BBC it had “massively” upgraded its security.
This included reducing the number of computers that were using an older Microsoft operating system and therefore vulnerable to attack, and setting up a security centre.
Pressed that the NHS was affected by the ransomware attack because its systems were vulnerable, Mr Hunt said the NHS was a “huge network” and more than 80% of it was unaffected.
How is England’s biggest NHS trust coping?
Barts Health NHS Trust, which runs five hospitals in east London, says it continues to experience some “delays and disruption” to services.
It says it has “reduced the volume” of planned services for Monday and Tuesday, which means some surgery and outpatient appointments will be cancelled.
However, its hospitals remain open for emergency care and it is no longer diverting ambulances from its sites.
The trust said its trauma and stroke care services are now fully operational, as are renal dialysis services.
Europol, the EU’s law enforcement agency, has called the cyber-attack the “largest ransomware attack observed in history”.
The ransomware, which locks users’ files and demands a $ 300 (£230) payment to allow access, spread to organisations including FedEx, Renault and the Russian interior ministry.
In England, 47 NHS trusts reported problems at hospitals and 13 NHS organisations in Scotland were affected.
Some hospitals were forced to cancel treatments and appointments, and divert ambulances to other sites.
Prime Minister Theresa May has denied suggestions that the government ignored warnings that NHS systems were vulnerable to cyber-attacks.
“It was clear warnings were given to hospital trusts, but this is not something that focused on attacking the NHS here in the UK,” she said.
In July last year, the Care Quality Commission and National Data Guardian, Dame Fiona Caldicott, wrote to Mr Hunt warning that an “external cyber threat is becoming a bigger consideration” within the NHS.
It said a data security review of 60 hospitals, GP surgeries and dental practices found there was a “lack of understanding of security issues” and data breaches were caused by time-pressed staff often working “with ineffective processes and technology”.
Meanwhile, Security Minister Ben Wallace has insisted NHS trusts have enough money to protect themselves against cyber-attacks.
The “real key” was whether trusts had regularly backed up data and whether they were installing security patches, he said.
Chris Hopson, chief executive of NHS Providers, told Radio 4’s Today programme many hospitals use sophisticated technology such as MRI and CT scanners which are “bound to be using old software” because they have a ten-year life expectancy, so are often linked to older operating systems.
He said he was “disappointed” at the suggestion by some that the cyber-attack problem was down to “NHS manager incompetence”.
The government is insisting that the NHS had been repeatedly warned about the cyber-threat to its IT systems, with Defence Secretary Michael Fallon stating £50m was being spent on NHS systems to improve their security.
But Labour criticised the Conservatives, saying they had cut funding to the NHS’s IT budget and a contract to protect computer systems was not renewed after 2015.
Leader Jeremy Corbyn described the cyber-attack on the NHS as “highway robbery” and said more investment was needed to protect “all of us from the criminals doing us down”.
Shadow health secretary Jonathan Ashworth also pointed to a report from the National Audit Office six months ago.
It highlighted how, in February 2016, the Department of Health had “transferred £950m of its £4.6bn budget for capital projects, such as building works and IT, to revenue budgets to fund the day-to-day activities of NHS bodies”.
The WannaCry ransomware exploits a flaw in Microsoft Windows first identified by US intelligence.
Microsoft, who released a security update in March to protect computers from it, described Friday’s incident as a “wake-up call”.
Please include a contact number if you are willing to speak to a BBC journalist. You can also contact us in the following ways:
- WhatsApp: +44 7525 900971
- Send pictures/video to
- Upload your pictures / video here
- Tweet: @BBC_HaveYourSay
- Send an SMS or MMS to 61124 or +44 7624 800 100