The public has been urged to use the NHS "wisely" as it discovers the full impact of Friday's global cyber-attack.
NHS England said there was a "complex emerging picture", amid concerns over thousands of computers being switched back on after the weekend.
Seven trusts out of 47 that were hit are still facing serious issues, but patients have been told to turn up for appointments, unless advised otherwise.
Some GPs are asking people to consider whether they really need appointments.
The virus that hit the NHS in England and Scotland, known as Wanna Decryptor or WannaCry, has infected 200,000 machines in 150 countries since Friday.
The ransomware, which locks users' files and demands a $300 (£230) payment to allow access, spread to organisations including FedEx, Renault and the Russian interior ministry.
BBC analysis of three accounts linked to the ransom demands suggests hackers had already been paid the equivalent of at least £22,080 by early on Sunday.
In England, 47 trusts reported problems at hospitals and 13 NHS organisations in Scotland were also affected.
Some hospitals were forced to cancel treatments and appointments, and divert ambulances to other sites.
Anne Rainsberry, NHS incident director, said pathology services were the most seriously affected, alongside imaging services, such as MRI and CT scans, and X-rays.
She said despite the issues, patients had continued to be treated throughout the weekend, but asked people to think about the services they needed.
"Remember that [people] can seek help and advice from a range of other sources, such as pharmacies and NHS 111," Dr Rainsberry said.
"Bearing in mind the impact of the global cyber attack, I would urge people to be patient with staff."
There is particular concern about the possibility of further infections at GP surgeries, many of which were closed over the weekend.
Some practices have advised staff due on shift on Monday not to turn computers back on until further notice.
GPs across the North East and North Cumbria areas of England have asked patients to consider whether they need appointments on Monday and Tuesday, as some practices still do not have full access to patient records, prescriptions, appointment systems and telephones.
We now know that Friday's ransomware attack was a global cyber-crime, but the most serious impact was here in the UK on the National Health Service. So what made our hospitals so vulnerable?
There are plenty of theories - among them that far too many computers in hospitals were running Windows XP.
The government warned NHS trusts in 2014 that they needed to move away from XP as rapidly as possible.
But did they? At the end of last year the software firm Citrix said that a Freedom of Information request had revealed that 90% of hospitals still had machines running on Windows XP.
The head of Europol, Rob Wainwright, warned that more ransomware cases may come to light elsewhere on Monday as other organisations returned to work.
The virus exploits a flaw in Microsoft Windows first identified by US intelligence.
Microsoft said Friday's incident was a "wake-up call" and reiterated that it had released a security update in March to protect computers from the virus.
"As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems," the company said.
The UK's National Cyber Security Centre advised companies to keep software security patches up to date, use proper anti-virus software and back up the data that matters so they cannot be held to ransom for its return.
The government is insisting that the NHS had been repeatedly warned about the cyber-threat to its IT systems.
Defence Secretary Michael Fallon said £50m of £1.9bn set aside for UK cyber-protection was being spent on NHS systems to improve their security.
Sir Michael said trusts had been encouraged to "reduce their exposure to the weakest system [Windows XP]", with fewer than 5% of trusts using it now.
But Labour criticised the Conservatives, saying they had cut funding to the NHS's IT budget and a contract to protect computer systems was not renewed after 2015.
Shadow health secretary Jonathan Ashworth also pointed to a report from the National Audit Office six months ago.
It highlighted how, in February 2016, the Department of Health had "transferred £950m of its £4.6bn budget for capital projects, such as building works and IT, to revenue budgets to fund the day-to-day activities of NHS bodies".
Are you a patient or an NHS employee? Are you still being affected by the cyber attack and its aftermath? Share your story with us by emailing firstname.lastname@example.org.