Patients are no longer being diverted away from hospital accident and emergency units after restrictions put in place following the cyber attack on the health service were lifted, NHS England has said.

Ambulances taking patients to some hospitals were forced to follow procedures that diverted them to other units after the health service was left crippled by a “ransomware” cyber attack on Friday.

The last two diversionary measures were lifted as of 1pm on Tuesday, NHS England said.

How ransomware infects a computer
(PA graphic)

National incident director Dr Anne Rainsberry said: “Patients are no longer being diverted away from hospital accident and emergency units and, while there is still some disruption in a small number of areas, most patients are being treated as normal.

“We are grateful for the hard work of staff at trusts and GP practices who are still suffering IT issues but have found ways to work around this, as well as the patience of people who have been affected.”

More than 300,000 computers in 150 countries have been infected with the WannaCry ransomware virus since the attack, crippling organisations from government agencies and global companies.

The NHS was badly affected, with 47 trusts in England and 13 Scottish health boards compromised when the virus targeted computers with outdated security.

The cyber attack paralysed large swathes of the health service, with seven hospital trusts experiencing serious problems.

One of those, James Paget University Hospitals Trust in Norfolk, said on Tuesday all of its operations and appointments are now going ahead as scheduled.

Marcus Hutchins, 22, a British computer expert, has been hailed a hero for helping to shut down the crippling cyber attack after discovering a so-called “kill switch” that slowed the effects of the WannaCry virus as it swept through computer systems around the world.

Security experts are examining a potential link in the computer code behind the global attack with earlier ones that could suggest North Korea was responsible.

Cyber experts are studying similarities between the computer code used in the WannaCry attack with malware distributed by Lazarus, a hacking group behind attacks on Sony Pictures in 2014 that was blamed on North Korea.

The potential link was highlighted on Monday by a researcher from Google who posted a message on Twitter showing a sample of the WannaCry malware that appeared online in February.

Researchers from global cyber security company Kaspersky Lab, whose European headquarters is in London, identified clear code similarities between the WannaCry virus and attacks by Lazarus in 2015.

Kaspersky Lab said: “The similarity of course could be a false flag operation. However, the analysis of the February sample and comparison to WannaCry samples used in recent attacks shows that the code which points at the Lazarus group was removed from the WannaCry malware used in the attacks started last Friday.

“This can be an attempt to cover traces conducted by orchestrators of the WannaCry campaign. Although this similarity alone doesn’t allow proof of a strong connection between the WannaCry ransomware and the Lazarus Group, it can potentially lead to new ones which would shed light on the WannaCry origin which to the moment remains a mystery.”