The NHS was facing a weekend of chaos after a debilitating cyber attack prompted hospitals to cancel and delay treatment for patients across the country.
At least 30 health service organisations in England and Scotland were infiltrated by the ransomware, including NHS Grampian, while many others shut down servers as a precautionary measure, bringing added disruption.
It leaves hospitals and GP surgeries with a backlog of postponed appointments to contend with, including operations, once the crisis is brought under control.
The National Cyber Security Centre (NCSC) said it was part of a set of global cyber attacks against “thousands of organisations and individuals in dozens of countries” as it launched a major operation in response.
Ciaran Martin, the body’s chief executive, said teams were “working round the clock” with UK and international partners and with private sector experts to lead the response.
He said: “We are very aware that attacks on critical services such as the NHS have a massive impact on individuals and their families, and we are doing everything in our power to help them restore these vital services.”
As the scale of the security breach became clear yesterday afternoon, ambulances were diverted and patients told to avoid some A&E departments.
Staff reverted to pen and paper and used their own mobiles after key systems were affected, including telephones.
In the North-east, two GP practices were affect, NHS Grampian confirmed.
A spokeswoman said: “Basically, two GP practices were affected. We’re not confirming where they are, but there was a limited impact.
“All of our hospitals are running as normal and there’s no evidence any patient data has been breached.”
NHS Grampian was just one of the 11 geographical health boards affected in Scotland, with the ambulance service and acute hospital sites also seeing their IT networks infected.
At least one health trust found itself named as a victim of the cyber attack despite actually suffering from an unrelated server problem.
First Minister Nicola Sturgeon has chaired a resilience meeting on the issue.
Theresa May said the Government is not aware of any evidence patient records had been compromised.
Mrs May said: “This is not targeted at the NHS, it’s an international attack and a number of countries and organisations have been affected.
“And, we are not aware of any evidence that patient data has been compromised.
“Of course it is important that we have set up the National Cyber Security Centre and they are able to work with the NHS organisations concerned and to ensure that they are supported and patient safety is protected.”
Pictures posted on social media showed screens of NHS computers with images demanding payment of 300 US dollars worth of the online currency Bitcoin, threatening to delete files within seven days.
A malware called Wanna Decryptor was used in the attack, which encrypts files on a user’s computer, blocking them from view.
The virus is usually covertly installed on to computers by hiding within innocent-looking e-mails containing links, which users are tricked into opening.
Security chiefs and ministers have repeatedly highlighted the threat to Britain’s critical infrastructure and economy from cyber attacks.
A spokesman for NHS Digital, which manages health service cyber security, said: “At this stage, we do not have any evidence that patient data has been accessed.”
In Russia, the Interior Ministry said around 1,000 computers were hit by a cyber attack.
Several companies in Spain were also crippled by ransomware attacks.
Telecoms firm Telefonica was one of those reporting problems, along with courier firm FedEx.
A total of 19 English health organisations reported problems, including hospitals and clinical commissioning groups (CCGs) in London, Blackpool, Hertfordshire and Derbyshire.
United Lincolnshire Hospitals NHS Trust said it was forced to cancel all outpatient, endoscopy, cardiology and radiology weekend appointments across its three hospitals.
Last year, the Government established the NCSC to spearhead the country’s defences.
In the three months after the centre was launched, there were 188 “high-level” attacks as well as countless lower-level incidents.
Chancellor Philip Hammond disclosed in February that the NCSC had blocked 34,550 potential attacks targeting UK Government departments and members of the public in six months.