Accident and emergency units in England were almost back to normal on Tuesday (May 16), the National Health Service (NHS) said, after the last restrictions put in place following the global cyber attack were lifted.
"The numbers are still going up", Wainwright said.
There is no evidence that patient data has been compromised in the hack which affected around 1% of computers in the NHS in Scotland, the Scottish Government said.
The malware named "WannaCry" has affected systems across the globe, taking down computer systems, locking up critical data and demanding bitcoins as ransom for its release.
"(There have been) remarkably few payments so far that we've noticed as we are tracking this, so most people are not paying this, so there isn't a lot of money being made by criminal organisations so far".
South Africans have been warned not to open any unknown emails and to urgently update their security software as a global cyber ransom attack spread on Friday.
The "Eternal Blue" tool developed by the National Security Agency had been dumped onto the public internet by a hacking group known as the "Shadow Brokers".
Other high-profile victims include hospitals in Britain, the Spanish telecoms giant Telefonica, French carmaker Renault, US package delivery company FedEx, Russia's interior ministry and the German rail operator Deutsche Bahn.
This does indicate that attacks, both from the WannaCry authors and other cybercriminals, will likely continue and, despite patches being available, many systems will likely remain vulnerable for some time to come. A researcher who uses the online alias MalwareTech quickly realized that this could be used as a kill switch and registered the domain himself to slow down the spread of the ransomware.More news: Shadow of War scores open world trailer
The attack, caused by ransomware, resulted in a widespread breakdown of the NHS.
It is understood Oxleas' services uses an updated Windows operating system. "Every year we see such vulnerabilities".
The massive ransomware attacks that started late Friday have locked people out of their computers and demanded hundreds of dollars from the users before they could regain control.
The department described the global cyber attack as "unprecedented in terms of scale and speed of onset". The server operates as a "sinkhole" to collect information about malware - and in Friday's case kept the malware from escaping.
"Staff are working hard to ensure that the small number of organisations still affected return to normal shortly".
Here's what you do if your computer has already been targeted.. This ransomware is called "WannaCry".
Russian President Vladimir Putin, noting the technology's link to the U.S. spy service, said it should be "discussed immediately on a serious political level".
Officials say they're aware of those problems. They will get in your networks - but how will you know? "It's a handy thing to have, but it's a risky thing to have".