NHS 'open for business' amid 'international manhunt' for cyber attackers
The NHS has been declared "open for business" but some hospitals are still suffering disruption caused by the crippling ransomware attack.
Large swathes of the NHS were paralysed by the cyber attack, which hit 200,000 victims in 150 countries around the world.
Following a meeting of the Government's Cobra contingencies committee, Home Secretary Amber Rudd said more than a million patients had been treated in the course of Monday.
"All GPs surgeries did open, though some of them had to use pen and paper.
"The vast majority of patients have noticed no difference. It has been a very strong response," she said.
Earlier, Health Secretary Jeremy Hunt confirmed there had not been a second wave of attacks on NHS trusts and said it was "encouraging" that the level of criminal activity was at "the lower end of the range" anticipated.
Ms Rudd said the National Crime Agency (NCA) and the National Cyber Security Centre (NCSC) were now part of an "international manhunt" to find the perpetrators.
"NCSC and NCA are working with Europol and other international partners to make sure we all collect the right evidence, which we need to do to make sure we have the right material to find out who has done this and we go after them. Which we will," she said.
NHS England said that, as of 3pm on Monday, two hospitals remained on divert following the attack, down from seven on Sunday.
Dr Anne Rainsberry, national incident director at NHS England, said: "There are encouraging signs that the situation is improving, with fewer hospitals having to divert patients from their A&E units.
"The message to patients is clear: the NHS is open for business.
"Staff are working hard to ensure that the small number of organisations still affected return to normal shortly."
A divert remained in place for trauma, stroke and urgent heart attack treatment, where diagnostic services are required, at the Lister Hospital, part of East and North Hertfordshire NHS Trust (Midlands & East).
At Broomfield Hospital, part of Mid Essex Hospital Services NHS Trust (Midlands & East), trauma patients were being diverted to Southend University Hospital.
Mr Hunt has come under fire for failing to appear in public since the attack, which hit 47 trusts in England and 13 Scottish health boards.
In his first public comments since the attack on Friday, Mr Hunt told Sky News: "Although we have never seen anything on this scale when it comes to ransomware attacks, they are relatively common and there are things that you can do, that everyone can do, all of us can do, to protect ourselves against them.
"In particular, making sure that our data is properly backed up and making sure that we are using the software patches, the anti-virus patches, that are sent out regularly by manufacturers."
NHS Digital said health trusts across England were sent details of an IT security patch that would have protected them from the attack.
The health service has been criticised for using the outdated Windows XP operating system to store digital information, despite security updates for the software having been discontinued by Microsoft.
NHS Digital said it had made health trusts aware last month of IT protection that could have prevented the damage.
It said in a statement: "NHS Digital issued a targeted update on a secure portal accessible to NHS staff on April 25, and then via a bulletin to more than 10,000 security and IT professionals on April 27 to alert them to this specific issue.
"These alerts included a patch to protect their systems.
"This guidance was also reissued on Friday following the emergence of this issue."
Seven hospital trusts were still experiencing problems earlier on Monday, among them St Bartholomew's Hospital in London, and Southport and Ormskirk Hospital NHS Trust.
Problems with cyber security in NHS organisations were said to have been highlighted last year by Dame Fiona Caldicott, the national data guardian, who warned issues were given insufficient priority and health bodies persisted in using obsolete computer systems.
Dame Fiona and the Care Quality Commission wrote to Mr Hunt to highlight a "lack of understanding of security issues" and that "the external cyber threat is becoming a bigger consideration", The Times reported.
Shadow health secretary Jon Ashworth, in a letter to Mr Hunt, said concerns were repeatedly flagged about outdated computer systems and he accused the Government of "raiding" NHS capital budgets to fund day-to-day spending.
However Ms Rudd strongly denied warnings had been ignored.
"We put aside £50 million specifically for cyber security and for the NHS.
"The reason why so many patients have been unaffected today is because they were ready for this," she said.