Hospital trusts were repeatedly warned about cyber threats before the attack on computer systems on Friday, Defence Secretary Michael Fallon has said.
He told BBC One’s Andrew Marr Show the NHS was given “a large chunk” of money to improve its security.
Labour leader Jeremy Corbyn said on Saturday that an annual £5.5m deal with Microsoft to protect NHS devices had been renewed in 2014 but not since.
A handful of trusts are still dealing with disruption caused by the hack.
- Blogger halts ransomware ‘by accident’
- The ransomware causing chaos
- Analysis: How it started
- Next cyber-attack ‘could be imminent’
The NHS, Fedex and the main telecoms operator in Spain were among 200,000 known victims of Friday’s global cyber-attack.
But Europol head Rob Wainwright said he was concerned that the number affected would continue to rise when people returned to work on Monday morning.
He told the BBC there was an escalating threat from the virus, known as Wanna Decryptor or WannaCry, adding: “We’ve never seen anything like this – it’s unprecedented in scale.”
In England, 48 trusts reported problems at hospitals, GP surgeries or pharmacies and 13 NHS organisations in Scotland were also affected.
Some hospitals were forced to cancel treatment and appointments and, unable to use computers, many doctors resorted to using pen and paper.
‘Warned again and again’
Asked by Andrew Marr if the government had failed to give the NHS proper support and failed to pay for “crucial” upgrades to security in 2015, Defence Secretary Sir Michael said £1.9bn had been set aside for UK cyber-protection – when cyber-attacks were identified as one of three main threats to the UK’s defences.
Of that, he said: “We’re spending around £50m on the NHS cyber systems to improve their security. We have encouraged NHS trusts to reduce their exposure to the weakest system, the Windows XP.”
Fewer than 5% of the trusts used XP now, he said.
“We want them to use modern systems that are better protected.
“We warned them, and they were warned again in the spring. They were warned again of the threats.”
However, Kingsley Manning, a former chairman of NHS Digital, – which provides the health service’s IT systems – told the BBC on Saturday that several hundred thousand computers were still running on Windows XP.
And shadow health secretary Jonathan Ashworth wrote to Health Secretary Jeremy Hunt on Saturday asking why concerns repeatedly flagged up about the NHS’s “outdated, unsupported and vulnerable” machines had not been addressed.
Speaking to ITV’s Robert Peston, Mr Ashworth accused the government of having “cut the IT and infrastructure budget” by £1bn in the NHS, and said his party, if elected to power, would put £10bn into the infrastructure of the NHS.
He went on to demand that the Conservatives publish the Department of Health’s risk register to see how seriously they were taking IT threats.
Mr Hunt has not publicly responded to the attack, but Home Secretary Amber Rudd said the priority was to “disrupt” it.
Meanwhile, digital rights campaigners Open Rights Group has accused GCHQ of a “very dangerous strategy of hoarding knowledge of security problems”.
It said Britain’s electronic surveillance agency was “in charge of hacking us and protecting us from hackers”, making it hard to balance the risks of keeping vulnerabilities secret.
Jim Killock, the group’s executive director, said: “US and UK security agencies kept a widespread vulnerability secret rather than telling the companies so they could fix it.” He called for the National Cyber Security Centre to be made independent from GCHQ.
Just one week before the virus caused mass disruption across the NHS, a neurology registrar from London, Dr Krishna Chinthapalli, publicly raised his concerns, warning in the British Medical Journal that hospitals would “almost certainly be shut down by ransomware this year”.
He told the BBC the NHS was in a tricky position – treating sick patients, as a 24/7 operation with specialist software – making update implementation complicated.
“People developing ransomware know a hospital is a good target because the information is about patients and is time-sensitive – hospitals need to get their data back quicker,” he said.
Attacks on hospital data and patients were “despicable at the basic level”, he said.
At Barts Health NHS Trust, which is still experiencing IT disruption since the attack, planned surgery and outpatient appointments will be reduced on Monday.
The trust, which runs five hospitals – the Royal London, Newham, Whipps Cross, Mile End and St Bartholomew’s – has told patients to attend booked appointments on Monday.
Those people whose appointments are cancelled will be contacted directly by their hospital, it added.
In Scotland, Justice Secretary Michael Matheson said more than 120 public bodies were being contacted to ensure their defences were adequate.
He said NHS systems in Scotland were expected to be recovered by Monday, adding that there was no evidence that patient data has been compromised.
He reassured patients with appointments they should attend as planned.
The cost of the attack is unknown, in the UK or beyond, but BBC analysis of three accounts linked to the ransom demands suggest hackers have already been paid the equivalent of £22,080.
Europol has said it is working with the US Federal Bureau of Investigation to find those responsible, and that more than one person was likely to be involved.
The Liberal Democrats and Labour have both demanded an inquiry into the cyber-attack.