Two hospitals remain on "divert" status as the NHS recovers from a cyber attack which has affected more than 40 Trusts.
NHS England announced on Monday that the number of hospitals sending patients to other facilities was down from seven to two.
Lister Hospital in Hertfordshire and Broomfield Hospital in Essex are still re-directing people seeking medical treatment following the ransomware attack, which affected organisations across 150 countries.
Dr Anne Rainsberry, from NHS England, said: "There are encouraging signs that the situation is improving, with fewer hospitals having to divert patients from their A&E units.
“The message to patients is clear: the NHS is open for business. Staff are working hard to ensure that the small number of organisations still affected return to normal shortly."
Health Secretary Jeremy Hunt has said there has not been a second wave of cyber attacks after the NHS was struck by ransomware attacks on Friday.
Mr Hunt said all organisations need to do more to protect themselves from cyber attacks, which he said were "relatively common".
He said: "Although we have never seen anything on this scale when it comes to ransomware attacks, they are relatively common and there are things that you can do, that everyone can do, all of us can do, to protect ourselves against them.
"In particular, making sure that our data is properly backed up and making sure that we are using the software patches, the anti-virus patches that are sent out regularly by manufacturers.
"These are things that we can all do to reduce the risk of the impact that we've seen over the last 48 hours."
Mr Hunt has come under fire for failing to appear in public since the attack, which hit 47 trusts in England and 13 Scottish health boards on Friday.
NHS workers are being treated "like dirt" by the government, according to Liberal Democrat leader Tim Farron.Read the full story ›
Health trusts across England were sent details of an IT security patch that would have protected them from the crippling ransomware attack, NHS Digital said.
Large swathes of the NHS have been paralysed by the cyber attack, which hit 200,000 victims in 150 countries around the world.
The health service has been rebuked for using the outdated Windows XP operating system to store digital information, despite security updates for the software having been discontinued by Microsoft.
The attack has left 47 NHS organisations affected with malware in their system, ranging from hospital trusts to commissioning support units.
Seven hospital trusts are still experiencing serious problems, among them St Bartholomew's Hospital in London, York Teaching Hospital NHS Trust and the University Hospitals of North Midlands Trust.
But NHS Digital said it had made health trusts aware last month of IT protection that could have prevented the attack.
It said in a statement: "NHS Digital issued a targeted update on a secure portal accessible to NHS staff on April 25, and then via a bulletin to more than 10,000 security and IT professionals on April 27 to alert them to this specific issue.
"These alerts included a patch to protect their systems. This guidance was also reissued on Friday following emergence of this issue."
Theresa May has rejected claims the government ignored warnings the NHS was vulnerable to a possible cyber security attack.
The Prime Minister said warnings had been given to hospital trusts. During a visit to Oxfordshire, she insisted cyber security was being taken seriously in Whitehall.
Asked if warnings had been ignored, Mrs May said: "No. It was clear warnings were given to hospital trusts but this is not something that focused on attacking the NHS here in the UK."
She added: "Europol say there are 200,000 victims across the world.
"Cyber security is an issue that we need to address. That's why the Government, when we came into Government in 2010, put money into cyber security."
Government cuts are to blame for exposing NHS services to the cyber-attack which hit computers around the world on Friday, Jeremy Corbyn has said.
The Labour leader was speaking as he set out a promise to provide an extra £37 billion for the NHS, with measures aimed at improving A&E performance and taking one million patients off waiting lists.
Waiting lists are soaring and, as we saw last week, Tory cuts have exposed patient services to cyber attacks.
I would like to pay tribute to how all NHS staff have responded to this terrible cyber-attack. The stress you must have faced trying to keep patients safe must have been intense, this was just another example of the extraordinary lengths you go to every day to keep our country healthy.
Security minister Ben Wallace said the NHS had followed some "pretty good procedures" in combating the cyber attack.
Technical staff restored data and replaced security patches over the weekend at trusts across the country, Mr Wallace said.
He told BBC Breakfast the Government had put £1.2 billion into combating cyber attacks during the last strategic defence and security review, including a £50 million pot to support NHS IT networks.
And he defended the Government after a National Audit Office report in November warned that taking money away from NHS services would leave them vulnerable.
He insisted individual trusts have enough money to protect themselves against cyber attacks, saying: "We make sure the trusts are aware of their vulnerabilities and ask them to make sure they keep themselves up to date. What we don't do in our NHS is micromanage it from the desk."
Mr Wallace said it was a "red herring" to focus solely on the Windows XP operating system as being vulnerable, saying the virus had also attacked both Windows 7 and 8.1.
The "real key" was whether trusts had regularly backed up data and whether they were installing security patches.
One surgery has no access to medical records.Read the full story ›
China and Japan have both fallen victim to the global "ransomware" cyber attack that has created chaos in 150 countries.
Chinese state media say more than 29,000 institutions across the country have been infected, along with hundreds of thousands of devices.
Xinhua News Agency cited the Threat Intelligence Centre of Qihoo 360, a Chinese internet security services company.
It said universities and educational institutions were among the hardest hit, numbering 4,341, or about 15% of internet protocol addresses attacked.
Also affected were railway stations, mail delivery, petrol stations, hospitals, office buildings, shopping malls and government services.
The Japan Computer Emergency Response Team Co-ordination Centre said 2,000 computers at 600 companies in Japan had been affected.
The full scale of the global cyber attack that caused mass NHS disruption may only become apparent when people return to work on Monday.Read the full story ›