Phones and IT systems at trusts and hospitals in London, Blackburn, Nottingham, Cumbria and Hertfordshire have been affected.
A small number of GP practices in Greater Glasgow, Dumfries and Galloway, Forth Valley and Fife were also hit by the ransomware virus.
An NHS Digital spokesman said an investigation into the cause was “at an early stage” but experts belive the malware variant is Wanna Decryptor.
They added that patient data is not thought to have been compromised.
NHS Lothian has confirmed they are currently not affected by the attack.
A Dumfries and Galloway healthboard spokesman said: “Three GP practices have been initially affected and we are taking precautionary measures to prevent any others being affected.”
He declined the name the practices involved and said the board was “comfortable and confident” with the steps taken but added “we don’t know what we’re dealing with”.
A spokeswoman for NHS Forth Valley said: “We can confirm that a small number of GP and dental practices in the Forth Valley area have experienced disruption to their it systems which may be linked to the wider IT issues affecting parts of NHS England.
“Steps have been taken to isolate their It systems to minimise the risk of any virus spreading to other parts of the NHS. The practices affected remain open and have put in place contingency arrangements.”
The virus is understood to have targeted the health service network this afternoon, a spokesman for Blackpool Clinical Commission Group (CCG) told the Blackpool Gazette.
Medical notes will be taken using pen and paper until IT systems are brought back online.
A screenshot obtained by the Health Service Journal (HSJ) purported to show the pop-up that appeared on at least one of the computers affected.
It said: “Your important files are encrypted. Maybe you are busy looking for a way to recover your files, but do not waste your time. Nobody can recover your files without our decryption service.”
It goes on to demand $300 of the digital currency bitcoin, which equates to around £415,000, otherwise the files will be deleted.
It gives a deadline of next Friday afternoon to pay.
“The investigation is at an early stage but we believe the malware variant is Wanna Decryptor,” the NHS Digital spokesman said.
“At this stage we do not have any evidence that patient data has been accessed. We will continue to work with affected organisations to confirm this.
“NHS Digital is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organisations and to recommend appropriate mitigations.”