A massive global cyber attack engulfed one in five NHS trusts as some hospitals continued to ask all but emergency patients to stay away amid uncertainty over whether some non-urgent operations and appointments would go ahead next week.
However, UK government officials suggested no key data had been lost from the ransomware attacks.
A total of 48 trusts were hit by the cyber attack on Friday afternoon, forcing them to cancel and delay treatment.
Amber Rudd, home secretary, emerged from chairing a meeting of the UK government’s high level emergency committee, Cobra, on Saturday to say that all but six were now running normally.
Hospitals and GP surgeries across the UK were affected when it was hit by WannaCry, one of the fastest-spreading and potentially damaging cyber attacks seen to date. But health service insiders said on Saturday the attack had been “indiscriminate and not particularly sophisticated”, with administrative systems affected as much as clinical ones.
NHS Digital added: “We have received no reports of patient data being compromised.”
One NHS official said there were two issues: the first was how to get the computer systems up and running again, which might be done “relatively quickly”. The second, which would prove more complex, was how to reschedule operations and outpatient appointments cancelled amid the chaos of Friday.
Technically, given the data had been backed up, it was “not particularly difficult to unravel” the consequences of the malware, added the health service source. A bigger problem, however, was the availability of sufficient trained staff, given that most NHS IT teams were relatively small and over-stretched.
The bigger challenge was how to find new slots for patients denied treatment yesterday. Given how high waiting lists already were, there would be “a lot of ramifications” which could see people having to wait up to six weeks longer, with a knock-on effect on all waiting times in the NHS, added the official.
Parts of the health service still use a now-obsolete Windows operating system, although NHS Digital said on Saturday “the vast majority” of staff were working on contemporary systems and “the number of devices within the NHS that reportedly use XP has fallen to 4.7 per cent, with this figure continuing to decrease”.
It is understood that Microsoft was working today to ensure that patches to repair breaches were being made available to all trusts that needed them.
Some health leaders believe that the attack may have bolstered the service’s case for additional resources in the Autumn Budget, specifically to modernise outdated technology.
Philip Hammond, UK chancellor, has already committed to an unspecified amount of further infrastructure investment for the health service in his next financial statement. Insiders argued what had happened would increase the political pressure on Mr Hammond to act to improve cyber security. “[He] has already promised a capital settlement for us and I’d be surprised if there wasn’t a bigger IT aspect to that [now],” said one.
However, it was not simply a matter of cash, but of the NHS having sufficient numbers of people with the necessary digital expertise. “It is not just a money issue but a skills and capacity issue,” said one official.
The NHS was among the first victims of the WannaCry malware, which has now been linked with more than 50,000 malware infections in almost 100 countries, according to security software company Avast.
WannaCry uses a cyber weapon known as Eternal Blue that was developed by US spies to supercharge an existing form of criminal malware.
Ms Rudd had earlier said the identify of the attackers was being sought, and that no patient data had been stolen.
She told the BBC Today programme that the virus had not been targeted at the NHS, saying the attack “feels random in terms of where it’s gone to and where it’s been opened”.
“Windows XP is not a good platform for keeping your data as secure as the modern ones, because you can’t download the effective patches and anti-virus software for defending against viruses.” she said.