Though the problem has become most famous for the damage it has done to NHS systems, the effects have focused most specifically on Spain and Russian Federation, according to experts.
NHS Digital said the malware variant infecting computers was believed to be one known as Wanna Decryptor.
Wanna Decryptor is a piece of malicious software that encrypts files on a user's computer, blocking them from view and threatening to delete them unless a payment is made. "The only people suffering are people that need emergency care", NHS staff wrote in a tweet.
The NHS said 16 of its organisations - some containing several hospitals - have been affected.
The Barts Health group, which manages major central London hospitals including The Royal London and St Bartholomew's, said it had activated a major incident plan and had canceled routine appointments.
The hackers are reportedly exploiting a critical vulnerability (MS17-010) that first received a patch on 14 March. It warns that the ransom demand will double after three days and that after seven days, "you won't be able to recover your files forever".More news: Tesla CEO says company to start selling solar roof tiles
More news: Giant sea creature washes up on Indonesia's Serum Island
More news: Rockets drop overtime heartbreaker to Spurs
The U.K.'s National Cyber Security Center says it's working with both the digital office of the NHS and law enforcement.
Hospitals in East and North Hertfordshire, Barts Health in London, Essex Partnership university NHS trusts, the university hospitals of Morecambe Bay NHS foundation trust, Southport and Ormskirk hospital NHS trust and Blackpool teaching hospital NHS foundation trust have all been affected, the Guardian reported. Hacks have disrupted services provided by hospitals, police departments, public transportation systems and utilities in the United States and Europe.
UPDATE-Attackers have hit several hospitals in the United Kingdom, along with major corporations in Spain and other countries with a ransomware attack, disrupting network and phone operations and forcing some of the hospitals to postpone non-emergency services and divert patients to other facilities. The statement said the attackers were demanding a ransom payment in bitcoins. Attacks occur regularly against Telefonica and today's wasn't major, the official said.
Hospitals have often been targets of such attacks, he said, because they typically have limited or outdated IT infrastructure to defend against them.