A total of 48 NHS trusts were hit by Friday’s cyber-attack, of which all but six are now back to normal, Home Secretary Amber Rudd has said.

Speaking after an emergency Cobra meeting, Ms Rudd said “there’s always more” that could be done to protect against computer viruses.

She said 97% of NHS trusts were “working as normal” and there was no evidence patient data was affected.

The ransomware attack hit organisations in at least 99 countries.

Europol described it as “unprecedented” and said its cyber-crime team was working with affected countries to “mitigate the threat and assist victims”.

Ms Rudd insisted the government had “the right plans” to limit the impact of the attack, which also targeted the Nissan car plant in Sunderland.

Five NHS trusts are still said to be “needing help” with restoring their IT, including St Bartholomew’s in London, the BBC’s health editor Hugh Pym said.

He said the 48 NHS trusts affected did not include GP practices and the Scottish health boards.

NHS England said patients needing emergency treatment on Saturday evening should go to A&E or access emergency services as they normally would.

• Blogger who halted ransomware ‘hasn’t slept a wink’
• What is the global ransomware outbreak?
• Cyber-attack ‘unprecedented’ in scale
• Analysis: How it started

The malware spread quickly on Friday leaving hospitals and GPs unable to access patient data, with many doctors resorting to using pen and paper.

Their computers were locked by a ransomware program which demanded a payment to access blocked files.

Hospitals across the UK were cancelling operations and ambulances had been diverted from hospitals in some areas.

Patient’s story: ‘Pulled out’ of MRI scan

Ron Grimshaw, 80, was halfway through an MRI scan to test for prostate cancer at Lister Hospital in Stevenage, Hertfordshire, when staff became aware of the attack.

I got there at 11am, went through the usual formalities. Got my gown on, they put a feed into my wrist to send dye around my blood stream.

I was put in the scanner for 10 minutes and then I was pulled out again.

The nurses were saying something about a cyber-attack meaning their systems were down.

They weren’t sure when it was going to start again so I waited for a bit. But it never happened and I went home.

I was meant to have a chest X-ray as well and that was cancelled.”

I gave them my mobile number and they said they’d ring me back telling me when to come in.

You’ve got to sympathise with the nurses as they will have to work extra hours.

It was unbelievable you don’t expect to go to hospital in the middle of a cyber-attack. Damn nuisance.

The virus, identified as WannaCry, exploits a vulnerability in Microsoft Windows software first identified by the US National Security Agency, experts have said.

The Liberal Democrats and Labour have both demanded an inquiry into the cyber-attack.

Lib Dem home affairs spokesman Lord Paddick said “it has left Britain defenceless”. Labour’s Jonathan Ashworth also called for a “full, independent inquiry” into the cyber-attack.

Responding earlier, Ms Rudd said the government had doubled spending on cyber-security to £1.9bn between 2016 and 2021.

How did the attack work?

The ransomware used in the attack is called WannaCry and attacks Windows operating systems.

It encrypts files on a user’s computer, blocking them from view, before demanding money, via an on-screen message, to access them again.

The virus is usually covertly installed on to computers by hiding within emails containing links, which users are tricked into opening.

Some experts say the attackers used a weakness in Microsoft systems which is known to the US National Security Agency as “EternalBlue”.

A cybersecurity researcher tweeting as @malwaretechblog has claimed to have found a way to slow down the spread of the virus after registering a domain name hidden in the malware.

They said that the malware makes a request to a domain name, but if it is live the malware stops spreading.

A security update – or patch – was released by Microsoft in March to protect against the virus, but it appears many organisations have not applied the patch – or may still be using outdated systems like Windows XP.

Get news from the BBC in your inbox, each weekday morning