A patients group says cyber criminals were able to conduct today's large-scale attack on the NHS because of the organisation's outdated IT practices.
The NHS and other organisations have been warned about the possibility of a nightmare cyber attack for years.
The ransomware Wanna Decryptor is causing chaos in hospitals across the UK, and is preventing staff from accessing patients' data.
The Patients' Association condemned the criminals behind the cyber attack on the NHS but said lessons from earlier incidents had not been learned.
In a statement the group said: "We should be clear that responsibility for today's apparently extensive attack on NHS IT systems, and for any harm that occurs to patients as a result, lies with the criminals who have perpetrated it.
"From reports so far, the attack appears to have been highly coordinated and aggressive and a police investigation will no doubt be required.
"However, that something of this sort could happen will surprise few people.
"It has long been known that the NHS struggles with IT in multiple respects and that this includes serious security problems.
"Though today's may be the largest attack of this sort, it is not the first - yet the lessons from earlier incidents have not been learnt.
"The power of IT in transforming services for patients is undoubted, yet the NHS has struggled to harness it: centralised approaches have failed badly, while smaller scale local projects can easily give rise to huge variations in both quality and security.
"We are seeing today that IT security is critical to patient safety.
"Addressing it effectively and quickly is essential and requires appropriate investment.
"In this election period, we must look to our political parties for leadership - now is not the time to be squeamish about the cost of keeping our NHS secure."
Shadow Health Secretary Jonathan Ashworth said the attack was a "real worry" for patients.
"Our hard-working NHS staff are already operating under unprecedented pressure and should be given every support to help the public in the face of these malicious and disturbing actions.
"This incident highlights the risk to data security within the modern health service and reinforces the need for cyber security to be at the heart of government planning. The digital revolution has transformed the way we live and work but we have to be ready for the vulnerabilities it brings too.
"The Government needs to be clear about what's happened and what measures they are taking to reduce the threat to patients.
"The safety of the public must be the priority and the NHS should be given every resource to bring the situation under control as soon as possible."
Dr Kubo Macak, senior lecturer in International Law at the University of Exeter and an expert on cyber warfare, said: "Early reports indicate that today's cyber operations against the NHS may affect the care for many hospital patients, with potential impact on their health and lives.
"As such, if investigation shows that the cyber attack was directed by an outside state, it would amount to a violation of the UK's sovereignty prohibited by international law.
"However, regardless of the origin of the attacks, the situation confirms how important it is to maintain resilience of the national critical infrastructure, including in the public health sector."
Additional reporting by Press Association
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies