NHS cyber-attack: More ransomware cases 'likely on Monday'

More ransomware cases may come to light on Monday, possibly on "a significant scale", the UK's cyber-security agency has warned after a global cyber-attack.

The National Cyber Security Centre has advised firms how to protect computers as they start the working week.

It comes after Friday's attack caused disruption in 150 countries. In the UK, NHS hospitals, pharmacies and GP surgeries were the worst-affected.

A handful of NHS trusts are still dealing with the problems it caused.

In a statement, the National Cyber Security Centre said a ransomware attack of this type and on this scale could happen again although there is "no specific evidence" as yet.

It said it knew of attempts to attack organisations other than the NHS, and warned more cases could "come to light" in the UK and elsewhere as the new working week begins.

Ransomware attacks are "some of the most immediately damaging forms of cyber-attack", it said, and advised companies to:

The NHS, Fedex and the main telecoms operator in Spain were among 200,000 known victims - organisations and private individuals - of Friday's global cyber-attack.

The ransomware, which locked users' files and demanded payment to allow access, spread to 150 countries, including Russia, the US and China.

In England, 47 trusts reported problems at hospitals, GP surgeries or pharmacies and 13 NHS organisations in Scotland were also affected.

Some hospitals were forced to cancel treatment and appointments and, unable to use computers, many doctors resorted to using pen and paper.

The cost of the attack is unknown, in the UK or beyond, but BBC analysis of three accounts linked to the ransom demands suggest hackers have already been paid the equivalent of £22,080.

The Scottish government said the cyber-attack had been isolated and it expected that most NHS computers would be back to normal by Monday. NHS England has told patients to attend hospital if they have an appointment unless they are told not to.

However, several trusts in England have issued their own advice to patients. As of Sunday night they were:

The government is insisting that the NHS had been repeatedly warned about the cyber-threat to their IT systems.

Defence Secretary Michael Fallon said £50m of £1.9bn set aside for UK cyber-protection was being spent on NHS cyber systems to improve their security.

But Labour say the Conservatives have cut funding to the NHS's IT budget and specifically a contract to protect computer systems was not renewed after 2015.

The Liberal Democrats and Labour have both demanded an inquiry into the cyber-attack.

In an interview on BBC One's Andrew Marr show, Sir Michael said NHS trusts had been encouraged to "reduce their exposure to the weakest system, the Windows XP", with fewer than 5% of trusts using it now.

"We want them to use modern systems that are better protected. We warned them, and they were warned again in the spring. They were warned again of the threats," he added.

Shadow health secretary Jonathan Ashworth has written to Health Secretary Jeremy Hunt to ask why concerns repeatedly flagged up about the NHS's "outdated, unsupported and vulnerable" machines had not been addressed.

On ITV's Robert Peston, Mr Ashworth accused the government of having "cut the IT and infrastructure budget" by £1bn in the NHS, and said his party, if elected to power, would put £10bn into the infrastructure of the NHS.

He called for the Conservatives to publish the Department of Health's risk register to see how seriously they were taking IT threats.

Scottish Justice Secretary Michael Matheson said more than 120 public bodies were being contacted to ensure their defences were adequate.

Kingsley Manning, a former chairman of NHS Digital - which provides the health service's IT systems - told the BBC on Saturday that several hundred thousand computers were still running on Windows XP.

And a neurology registrar from London, Dr Krishna Chinthapalli, wrote an article for the British Medical Journal just a week ago, warning that hospitals would "almost certainly be shut down by ransomware this year"., external

He told the BBC the NHS was in a tricky position - treating sick patients, as a 24/7 operation with specialist software - making update implementation complicated.

"People developing ransomware know a hospital is a good target because the information is about patients and is time-sensitive - hospitals need to get their data back quicker," he said.

Attacks on hospital data and patients were "despicable at the basic level", he said.

Meanwhile, digital rights campaigners Open Rights Group has accused GCHQ of a "very dangerous strategy of hoarding knowledge of security problems".

It said Britain's electronic surveillance agency was "in charge of hacking us and protecting us from hackers", making it hard to balance the risks of keeping vulnerabilities secret.

Jim Killock, the group's executive director, said: "US and UK security agencies kept a widespread vulnerability secret rather than telling the companies so they could fix it." He called for the National Cyber Security Centre to be made independent from GCHQ.

It's unlikely. Europol head Rob Wainwright said he was concerned that the number affected would continue to rise when people returned to work on Monday morning.

He told the BBC there was an escalating threat from the virus, known as Wanna Decryptor or WannaCry, adding: "We've never seen anything like this - it's unprecedented in scale."

Get news from the BBC in your inbox, each weekday morning, external

Are you a patient or an NHS employee? Are you still being affected by the cyber attack and its aftermath? Share your story with us by emailing haveyoursay@bbc.co.uk, external.

Please include a contact number if you are willing to speak to a BBC journalist. You can also contact us in the following ways: