A total of 48 English trusts and 13 NHS bodies in Scotland were hit by Friday’s unprecedented cyber-attacks, a fifth of the total, resulting in cancelled operations and appointments as NHS staff lost access to networks and patient electronic records.

By Sunday morning home secretary Amber Rudd, who lead the government’s public response to the NHS attacks, said that all but six NHS trusts IT systems were functioning again.

Seven trusts were reported by the BBC on Sunday morning to still be experiencing difficulties:

  • London’s Barts Health NHS Trust
  • East and North Hertfordshire NHS Trust
  • James Paget University Hospitals NHS Foundation Trust, Norfolk
  • Southport and Ormskirk Hospital NHS Trust
  • United Lincolnshire Hospital NHS Trust
  • York Teaching Hospitals NHS Foundation Trust
  • University Hospitals of North Midlands NHS Trust

Barts, the biggest trust in the NHS, was one of the hardest hit, and on Saturday was reported to be redirecting ambulances away from the three A&E units it runs at Newham, Whipps Cross and the Royal London hospital, while non-urgent operations were cancelled.

Barts was only just recovering from a massive network failure at the end of April which had left staff without access to pathology and diagnostic imaging.

The attacks were discussed at a COBRA emergency ministerial meeting held on Saturday afternoon.  The attacks hit organisations in 100 countries, but have had a particularly severe impact on the NHS.

Questions have begun to focus on why parts of the NHS proved so vulnerable to an attack that exploited a known Windows vulnerability, patches for which had been available since March.  The finger of blame has been pointed at the continued use of the redundant and no longer supported Windows XP operating system across parts of the health service.

Labour and the Liberal Democrats have both blamed the crisis on the government’s failure to deliver promised investment to upgrade hospital computers.

The shadow health secretary, Jonathan Ashworth, said he had repeatedly raised concerns about the NHS’s outdated computers.

In an open letter to health secretary Jeremy Hunt on Saturday, he wrote: “I urge you to publicly outline the immediate steps you’ll be taking to significantly improve cybersecurity in our NHS. The public has a right to know exactly what the government will do to ensure that such an attack is never repeated again.”

Ashworth demanded to know why NHS organisations failed to act on a critical security note from Microsoft two months ago, what resources were being provided to hospitals to alleviate the crisis and what protections against cyber-attacks existed.

Ashworth has also called on the government to launch an independent inquiry into the attack.

He also questioned why the government had not extended a £5.5 million annual contract with Microsoft in 2015 to continue to provide support for the redundant XP operating system, still in use in parts of some NHS trusts.

The former NHS Digital chairman Kingsley Manning told Radio 4 a cyber-attack “was always going to happen”. He suggested trusts were sometimes to blame for diverting money earmarked for IT upgrades.

NHS Digital said it would take several weeks to restore some key equipment, such as MRI scanners, which run on the affected Windows XP programme.

The malware responsible Wanna Decryptor, which exploits a vulnerability in Microsoft Windows, and was originally developed by the US National Security Agency, and then leaked onto the web by hackers.

In March, Microsoft issued a special patch to protect Windows users, and NHS Digital notified trusts of the need to apply the patch in April, though only as part of a routine advisory notice.

One of the main questions of any investigation into why the NHS proved so vulnerable to Friday’s global attacks is likely to be had trusts applied security patches to address a known security risk.

Speaking on the Andrew Marr Show on Sunday morning, Defence Secretary Sir Michael Fallon said that the government had invested £50 million in NHS cyber security, and had warned trusts of the dangers of running redundant systems like Windows XP.

Interviewed on Sky News on Sunday morning, Rudd was asked where health secretary Jeremy Hunt was and whether he had been locked in a cupboard.

Home Secretary Amber Rudd has lead givernment's response to cyber attacks
Home Secretary Amber Rudd has lead government’s response to cyber attacks