The NHS has confirmed a major supplier of its IT has been the victim of a ransomware attack.

Advanced, the company targeted, estimates it could take up to a month for it to fully recover. Ransomware hackers often demand money to restore although it is not clear what is happening following this attack.

In a statement, Advanced said: “We are rebuilding and restoring impacted systems in a separate and secure environment.”

An NHS England spokesperson said: “While Advanced has confirmed that the incident impacting their software is ransomware, the NHS has tried and tested contingency plans in place including robust defences to protect our own networks, as we work with the National Cyber Security Centre to fully understand the impact.”

At the end of last week, family doctors in London were warned by NHS England they could see an increased number of patients sent to them by NHS 111 as a result of the attack. Products which have been affected include Adastra, which is used by NHS 111 service, and Caresys and Carenotes, which provide the backbone for care home services like patient notes and visitor booking.

A spokesman for the National Cyber Security Centre, which is working with Advanced to help it recover, added: “Ransomware is the key cyber-threat facing the UK, and all organisations should take immediate steps to limit risk by following our advice on how to put in place robust defences to protect their networks.”

Ransomware hackers are usually financially motivated and part of large, professionally run criminal gangs that target companies and demand hundreds of thousands, sometimes millions, of pounds in ransom in the form of cryptocurrencies like Bitcoin.