An IT security expert has said the most worrying aspect of the recent cyber attack that has been sweeping the globe since Friday is that it is likely to be a reconnaissance mission for future attacks. 

Speaking on RTÉ's Six One, Conor Flynn said the authors of this attack may be testing the waters to inflict more damage in a similar cyber attack in the coming months.

The Managing Director of Information Security Assurance Services said this "testing" can be evidenced by the fact that there have been relatively few infections in this incident.

He said the new type of ransomware which includes a worm which spreads itself throughout networks is worrying from computer security perspective.

The Health Service Executive has decided to keep its network disconnected from outside communications for another 48 hours as a precaution in the wake of the cyber attack.

HSE Chief Information Officer Richard Corbridge said that would mean emails from outside the organisation would continue to be blocked.

However, he said this was unlikely to have a major impact on patient care, as patients and clinicians do not normally interact via email.

Internal email has been restored within the HSE network since around 11am.

About 52,000 PCs and 2,350 servers have had anti-virus software deployed.

Microsoft patches have been added to more than 28,000 new machines and more than half of the affected Microsoft XP machines have been checked and it is expected that the rest will be visited in the next 48 hours.

The HSE said another 1,300 health servers will be rebooted this evening.

The HSE this afternoon said ransomware detected in three hospitals this morning is not connected to the current global attack, but were separate, older ransomware attacks.

They were detected as part of the sweep of systems being conducted this morning by IT administrators in the hospitals.

The ransomware has been removed and the systems are all back online.

Tusla, the Child and Family Agency, has warned that any child welfare alerts that members of the public sent in over the weekend may not have been received as external emails were being blocked deliberately.

"In many situations, Tusla relies on referrals from members of the public and organisations and individuals working with children to identify children at risk," it said in a statement.

"If anyone has reported a child protection concern to Tusla by email since Friday evening, please be advised that this may not have been received.

"We ask anyone who has reported a child protection concern by email since Friday, or who has a concern about a child, to contact their local social work duty team immediately.

The HSE says the detections show the level of vigilance that is being exercised by staff in the wake of the WannaCry outbreak.

Mr Corbridge said 20 machines were quickly isolated from networks before the infection spread, with the machines replaced and the systems put back online.

He said patient care was broadly unaffected this morning by the disruption.

Mr Corbridge said the threat to GP surgeries that the HSE was concerned about has not manifested.

He said staff had followed the advice really well, and the preparations put in place over the weekend had worked.

But he said the advice to "Think Before You Click" remains in place.

Ransomware: Questions and answers

HSE staff were asked to turn on but not log onto their PCs for two hours this morning to allow checks to take place.

Speaking earlier on RTÉ’s Morning Ireland, Mr Corbridge said the priority was making sure an anti-virus solution was put in place across the HSE's extensive IT network.

He said work had been done through the weekend to ensure machines that were targeted by the virus were "patched and secure".

Mr Corbridge said 49,000 machines across the system needed to be checked.

The National Cyber Security Centre has been co-ordinating the State's response to the threat from the fast-spreading malicious software and has issued a series of advisory notices to Government departments and agencies.

It says most of the work is complete, but there may be some minor disruption to IT services today as systems are brought back online.

Minister for Communications Denis Naughten briefed the Cabinet sub-committee on communications this afternoon on the cyber attack.

He will bring a memo for information to the Cabinet tomorrow morning. 

Speaking on RTÉ's News at One, Mr Naughten said the country's IT systems have been able to withstand the effect of this virus but that there is no way of knowing how another could present itself in the future.  

He said it is important that the public are aware of the potential risks of cyber attacks when opening emails and attachments.

Mr Naughten added that continual investment in the area of cyber security is needed to ensure that protection against viruses remains in place.  

He said his department is working to strengthen cyber legislation, and further investment in the National Cyber Security Centre will help to prepare Ireland for future cyber attacks.

Mr Naughten said special roles within the NCSC are being filled with experienced people. He said such skilled staff will assist government departments in dealing with cyber threats.

'Hundreds of thousands' of Chinese systems hit

Meanwhile, a leading Chinese security-software provider has said "hundreds of thousands" of Chinese computers at nearly 30,000 institutions including government agencies were hit by the global ransomware attack, though the Asian impact has otherwise been relatively muted.

The enterprise-security division of Qihoo 360, one of the country's leading suppliers of anti-virus software, said 29,372 institutions ranging from government offices to universities, ATMs and hospitals had been "infected" by the outbreak in China.

Governments, companies and computer experts around the world braced this morning for a possible worsening of the global cyber attack, which has hit more than 150 countries as people return for another work week.

The indiscriminate attack began on Friday and struck banks, hospitals and government agencies, exploiting known vulnerabilities in older Microsoft computer operating systems.

In a statement, Qihoo 360 said the ransomware had spread particularly quickly through higher education, affecting more than 4,000 Chinese universities and research institutions.

It gave few details on the extent of any damage, however, and China's government has said little about the situation.

Chinese state media this morning quoted national cyberspace authorities as saying the attack is still spreading in the country, but had slowed significantly.

Authorities across the world have issued public alerts warning computer users to beware of suspicious emails and strengthen their computer security measures.

Specialists are concerned that computer systems that have not had security patches applied could be infected by the ransomware.

The malware encrypts files on devices and demands a ransom be paid before they are unlocked. 

Throughout the weekend, IT experts across the world have been working around the clock to try to undo damage caused by the ransomware and installing security patches on vulnerable machines to try to prevent the virus infecting more systems.

Over 200,000 infections in at least 150 countries have been recorded, including one in a system in a voluntary run healthcare facility in Wexford, which has been isolated.