A “second spike” in cyber-attacks has not hit the NHS but some hospital trusts are suffering ongoing disruption due to Friday’s ransomware attack.
Routine surgery and GP appointments have been cancelled across the NHS as it recovers from the global outbreak.
But the number of hospitals diverting patients from A&E has decreased from seven on Sunday to two.
They are the Lister Hospital in Hertfordshire and the Broomfield Hospital in Essex.
Health Secretary Jeremy Hunt, who attended a Cobra committee meeting on cyber-security on Monday, said it was “encouraging” that there has not been any fresh attacks, although the National Crime Agency said this did not mean there would not be one in the future.
“We’ve not seen a second wave of attacks and the level of criminal activity is at the lower end of the range that we had anticipated,” he said.
Sixteen trusts out of 47 that were hit are still facing issues, leading to further cancellations and delays to services.
Patients have been told to turn up for appointments, unless advised otherwise, although some GPs are asking people to consider whether they really need to attend the surgery imminently.
But Dr Anne Rainsberry, national incident director at NHS England, said there were “encouraging signs” the situation was improving.
“The message to patients is clear: the NHS is open for business. Staff are working hard to ensure that the small number of organisations still affected return to normal shortly.”
BBC health correspondent Nick Triggle
With the NHS slowly getting on top of the disruption caused by the cyber attack, attention, naturally, starts to turn to who is to blame for the fact it seems to have been so vulnerable.
Some hospitals appear not to have installed patches sent out in April that were designed to deal with the vulnerability which this attack appears to have exploited.
But there could be good reason for this – checking that they were compatible with the rest of the IT system is certainly one.
And, as yet, it is not clear if the trusts affected are the ones which had not used the patch.
So what about ministers?
We know there have been warnings before about IT security in the NHS – last summer a review said it needed looking at.
But the problem is that over the last three years the capital budget – which is a ring-fenced fund used to pay for buildings and equipment – has been raided by the government to bail out day-to-day services, such as A&E.
Last year a fifth of the capital budget was diverted.
That, of course, makes it more difficult for trusts to keep their systems up to date.
The ransomware that hit the NHS in England and Scotland, known as Wanna Decryptor or WannaCry, has infected 200,000 machines in 150 countries since Friday.
Europol, the EU’s law enforcement agency, has called the cyber-attack the “largest ransomware attack observed in history”.
Home Secretary Amber Rudd, who chaired the Cobra meeting on cyber security, said the UK was working with international partners in the global manhunt to find the ransomware’s creators.
“The National Cyber Security Centre and the NCA are working with Europol and other international partners to make sure that we all collect the right evidence, which we need to do, to make sure we have the right material to find out who has done this and go after them, which we will,” she said.
How is England’s biggest NHS trust coping?
Barts Health NHS Trust, which runs five hospitals in east London, says it continues to experience some “delays and disruption” to services.
It says it has “reduced the volume” of planned services for Monday and Tuesday, which means some surgery and outpatient appointments will be cancelled.
However, its hospitals remain open for emergency care and it is no longer diverting ambulances from its sites.
The trust said its trauma and stroke care services are now fully operational, as are renal dialysis services.
More on the latest NHS disruptions
The ransomware, which locks users’ files and demands a $300 (£230) payment to allow access, spread to organisations including FedEx, Renault and the Russian interior ministry.
In England, 47 NHS trusts reported problems at hospitals and 13 NHS organisations in Scotland were affected.
NHS Wales said none of its computer systems was affected and no patient data compromised, while police in Northern Ireland said no incidents had been reported.
Responding to suggestions that the NHS had left itself open to an attack of this nature, Mr Hunt told the BBC it had “massively” upgraded its security before the incident.
This included reducing the number of computers that were using an older Microsoft operating system and were therefore vulnerable to attack, and setting up a security centre.
Pressed that the NHS was affected by the ransomware attack because its systems were vulnerable, Mr Hunt said the NHS was a “huge network” and more than 80% of it was unaffected.
Prime Minister Theresa May has denied suggestions that the government ignored warnings that NHS systems were vulnerable to cyber-attacks.
“It was clear warnings were given to hospital trusts, but this is not something that focused on attacking the NHS here in the UK,” she said.
In July last year, the Care Quality Commission and National Data Guardian, Dame Fiona Caldicott, wrote to Mr Hunt warning that an “external cyber threat is becoming a bigger consideration” within the NHS.
It said a data security review of 60 hospitals, GP surgeries and dental practices found there was a “lack of understanding of security issues” and data breaches were caused by time-pressed staff often working “with ineffective processes and technology”.
Meanwhile, Security Minister Ben Wallace has insisted NHS trusts have enough money to protect themselves against cyber-attacks.
The “real key” was whether trusts had regularly backed up data and whether they were installing security patches, he said.
Chris Hopson, chief executive of NHS Providers, told Radio 4’s Today programme many hospitals use sophisticated technology such as MRI and CT scanners which are “bound to be using old software” because they have a ten-year life expectancy, so are often linked to older operating systems.
He said he was “disappointed” at the suggestion by some that the cyber-attack problem was down to “NHS manager incompetence”.
The government is insisting that the NHS had been repeatedly warned about the cyber-threat to its IT systems, with Defence Secretary Michael Fallon stating £50m was being spent on NHS systems to improve their security.
But Labour criticised the Conservatives, saying they had cut funding to the NHS’s IT budget and a contract to protect computer systems was not renewed after 2015.
Shadow health secretary Jonathan Ashworth pointed to a report from the National Audit Office six months ago.
It highlighted how, in February 2016, the Department of Health had “transferred £950m of its £4.6bn budget for capital projects, such as building works and IT, to revenue budgets to fund the day-to-day activities of NHS bodies”.
The WannaCry ransomware exploits a flaw in Microsoft Windows first identified by US intelligence.
Microsoft, who released a security update in March to protect computers from it, described Friday’s incident as a “wake-up call”.
Get news from the BBC in your inbox, each weekday morning
Have you had a scheduled procedure delayed because of the cyber attack? Emailwith your stories.
Please include a contact number if you are willing to speak to a BBC journalist. You can also contact us in the following ways:
- WhatsApp: +44 7525 900971
- Send pictures/video to
- Upload your pictures / video here
- Tweet: @BBC_HaveYourSay
- Send an SMS or MMS to 61124 or +44 7624 800 100