A cyber-attack on a major IT provider of the NHS has been confirmed as a ransomware attack.
Advanced, which provides digital services like patient check-in and NHS 111, says it may take three to four weeks to fully recover.
Ransomware hackers take control of IT systems, steal data and demand a payment from victims to recover.
The NHS insists that disruption is minimal, but Advanced would not say whether NHS data had been stolen.
The Birmingham-based firm says it first spotted the hack at 07:00 BST on 4 August and immediately took steps to contain the hackers. It is now working to restore services.
The company refused to say if it was in negotiations with hackers or paying a ransom to them.
In a statement, it said: “We are rebuilding and restoring impacted systems in a separate and secure environment.”
An NHS England spokesperson said: “While Advanced has confirmed that the incident impacting their software is ransomware, the NHS has tried and tested contingency plans in place including robust defences to protect our own networks, as we work with the National Cyber Security Centre to fully understand the impact.
“The public should continue to use NHS services as normal, including NHS 111 for those who are unwell, although some people will face longer waits than usual.
“As ever, if it is an emergency, please call 999.”
An NHS psychiatrist, who wished to remain anonymous, told the BBC the attack left his team “making clinical decisions nearly blind”.
“If a new patient came to us, we weren’t able to read their history or know very much about them,” he said.
“The [local] trust are doing their best at setting up an alternative system, they’ve got a way that we can look at some historical notes now, and have set up another system to mean that we can input new notes.
“But there’s still basically a week’s worth of notes that we can’t access. We’ve been told to be ready for it to not be up and running for who knows how long.”
At the end of last week, family doctors in London were warned by NHS England they could see an increased number of patients sent to them by NHS 111 because of the “significant technical issue”, industry magazine Pulse reported.
Advanced initially said that only a “small number of servers” had been affected and that it might be able to recover in a week.
Products which have been affected include Adastra, which is used by NHS 111 service, and Caresys and Carenotes, which provide the backbone for care home services like patient notes and visitor booking.
The National Cyber Security Centre, which is part of GCHQ, says it is working with Advanced to help it recover.
A spokesman said: “Ransomware is the key cyber-threat facing the UK, and all organisations should take immediate steps to limit risk by following our advice on how to put in place robust defences to protect their networks.”
Ransomware hackers are usually financially motivated and part of large, professionally run criminal gangs that target companies and demand hundreds of thousands, sometimes millions, of pounds in ransom in the form of cryptocurrencies like Bitcoin.
While it is hard to trace where the gangs are based, analysis suggests that 74% of all money made through ransomware attacks in 2021 went to Russia-linked hackers.