NHS patients have had their names, dates of birth and other private information published online by a gang of hackers who targeted a blood testing firm at London hospitals.
The cyber attack has caused chaos in the capital after IT systems were effectively made useless, with the group demanding a £40 million ransom.
Cyber criminals Qilin hacked testing firm Synnovis on June 3 and have been attempting to extort money from them ever since.
The group previously threatened to publish stolen data if it was not paid $50 million (£40 million).
The data, almost 400GB of it, includes patient names, dates of birth, NHS numbers and descriptions of blood tests, but it is not known if the results of the tests are also available.
So far the hack has caused more than 1,100 operations to be cancelled, as well as hundreds of medical appointments.
Qilin took responsibility for the hack online and has now published a large amount of data
Between June 10-16, the second week after the attack, more than 320 planned operations and 1,294 outpatient appointments were postponed at King's College Hospital NHS Foundation Trust and Guy's and St Thomas' NHS Foundation Trust (pictured: King's College Hospital)
The number of rearranged planned operations has gone down by 494 since the first week after the attack, June 3-9, but the number of missed outpatient appointments has increased by 394 (pictured: Guys and St Thomas' Hospital)
NHS England said it 'has been made aware that the cyber criminal group published data last night which they are claiming belongs to Synnovis and was stolen as part of this attack'.
'We understand that people may be concerned by this and we are continuing to work with Synnovis, the National Cyber Security Centre and other partners to determine the content of the published files as quickly as possible,' a spokesperson added.
'This includes whether it is data extracted from the Synnovis system, and if so whether it relates to NHS patients.
'As more information becomes available through Synnovis' full investigation, the NHS will continue to update patients and the public.'
Between June 10-16, the second week after the attack, more than 320 planned operations and 1,294 outpatient appointments were postponed at King's College Hospital NHS Foundation Trust and Guy's and St Thomas' NHS Foundation Trust.
In total, some 1,134 operations have had to be cancelled after the attack by the group, which is believed to be based in Russia.
In response, NHS England London declared a regional incident, which it said allowed it to coordinate with neighbouring providers to manage disruption.
In its hack, Qilin infiltrated Synnovis' IT systems and encrypted vital information, effectively making IT systems useless.
It is not known exactly how much data the gang of criminals has managed to obtain, but it is thought to affect thousands of patients.
The company - a joint venture between the NHS and a private company - analyses blood, urine and tissue samples for some hospitals and GP surgeries.
Speaking to the BBC via an encrypted chat, a spokesperson for Qilin said it had carried out the cyber attack as a protest and claimed the UK is not doing enough to support in an unspecified war.
NHS's cyber attack nightmare has carried on with 1,134 operations and hundreds of appointments still being cancelled two weeks after hackers triggered a 'critical incident' at London hospitals
A spokesperson said: 'We are very sorry for the people who were suffered because of it. Herewith we don't consider ourselves guilty and we ask you don't blame us in this situation. Blame your government.'
The group implied they are possibly based in Ukraine, saying: 'Our citizens are dying in unequal combat from a lack of medicines and donor blood.'
But its claim of targeting British hospitals out of protest has been met with skepticism as the group has previously targeted councils, major international companies and other healthcare organisations.
A spokesperson for Synnovis said: 'Last night a group claiming responsibility for the cyberattack published data online that they allege belongs to Synnovis.
'We know how worrying this development may be for many people. We are taking it very seriously and an analysis of this data is already underway.
'This analysis, run in conjunction with the NHS, the National Cyber Security Centre and other partners, aims to confirm whether the data was taken from Synnovis' systems and what information it contains.
'We will keep our service users, employees and partners updated as the investigation progresses.'
On Thursday, Dr Chris Streather, medical director for NHS London, said: 'Although we are seeing some services operating at near normal levels and have seen a reduction in the number of elective procedures being postponed, the cyber-attack on Synnovis is continuing to have a significant impact on NHS services in South East London.
'Having treatment postponed is distressing for patients and their families, and I would like to apologise to any patient who has been impacted by the incident, and staff are continuing to work hard to rearrange appointments and treatments as quickly as possible.
'Mutual aid agreements between NHS labs have begun to have a positive impact in primary care providers, helping increase the number of blood tests available for the most critical and urgent cases.
'Patients should access services in the normal way by dialling 999 in an emergency and otherwise use NHS 111 through the NHS App, online or on the phone.
'They should also continue to attend appointments unless they are told otherwise by the clinic team.'