The NHS has been declared “open for business” but some hospitals are still suffering disruption caused by the crippling ransomware attack.

Large swathes of the NHS were paralysed by the cyber attack, which hit 200,000 victims in 150 countries around the world.

Following a meeting of the Government’s Cobra contingencies committee, Home Secretary Amber Rudd said more than a million patients had been treated in the course of Monday.

“All GPs surgeries did open, though some of them had to use pen and paper.

“The vast majority of patients have noticed no difference. It has been a very strong response,” she said.

Earlier, Health Secretary Jeremy Hunt confirmed there had not been a second wave of attacks on NHS trusts and said it was “encouraging” that the level of criminal activity was at “the lower end of the range” anticipated.

Ms Rudd said the National Crime Agency (NCA) and the National Cyber Security Centre (NCSC) were now part of an “international manhunt” to find the perpetrators.

“NCSC and NCA are working with Europol and other international partners to make sure we all collect the right evidence, which we need to do to make sure we have the right material to find out who has done this and we go after them. Which we will,” she said.

NHS England said that, as of 3pm on Monday, two hospitals remained on divert following the attack, down from seven on Sunday.

Dr Anne Rainsberry, national incident director at NHS England, said: “There are encouraging signs that the situation is improving, with fewer hospitals having to divert patients from their A&E units.

“The message to patients is clear: the NHS is open for business.

“Staff are working hard to ensure that the small number of organisations still affected return to normal shortly.”

A divert remained in place for trauma, stroke and urgent heart attack treatment, where diagnostic services are required, at the Lister Hospital, part of East and North Hertfordshire NHS Trust (Midlands & East).

At Broomfield Hospital, part of Mid Essex Hospital Services NHS Trust (Midlands & East), trauma patients were being diverted to Southend University Hospital.

Mr Hunt has come under fire for failing to appear in public since the attack, which hit 47 trusts in England and 13 Scottish health boards.

In his first public comments since the attack on Friday, Mr Hunt told Sky News: “Although we have never seen anything on this scale when it comes to ransomware attacks, they are relatively common and there are things that you can do, that everyone can do, all of us can do, to protect ourselves against them.

“In particular, making sure that our data is properly backed up and making sure that we are using the software patches, the anti-virus patches, that are sent out regularly by manufacturers.”

NHS Digital said health trusts across England were sent details of an IT security patch that would have protected them from the attack.

The health service has been criticised for using the outdated Windows XP operating system to store digital information, despite security updates for the software having been discontinued by Microsoft.

NHS Digital said it had made health trusts aware last month of IT protection that could have prevented the damage.