The Government is pledging an extra £21 million for cyber security across the NHS in the wake of the WannaCry ransomware attack.

Ministers have said NHS Digital will broadcast alerts about cyber threats to hospitals, provide a hotline for dealing with incidents and also carry out on-site assessments to check security.

Work is also under way to establish a fast and cost-effective way for the NHS to completely move away from unsupported operating systems, including Windows XP, which was the focus of much criticism following the attack in May.

The Department of Health said use of Windows XP has fallen in the past 18 months from 18% to 4.7%.

The £21 million will help boost security at major trauma sites, of which there are 27 across England.

The pledges form the Government's response to a report last July from the Care Quality Commission (CQC) and National Data Guardian, Dame Fiona Caldicott.

The CQC and Dame Fiona wrote to Health Secretary Jeremy Hunt several months before WannaCry happened, warning that an "external cyber threat is becoming a bigger consideration" within the NHS.

Their data security review of 60 hospitals, GP surgeries and dental practices found there was a "lack of understanding of security issues".

It warned that patient data breaches were often caused by hurried staff working "with ineffective processes and technology".

The attack in May was a global attack, affecting thousands of computers in around 150 countries.

In England, 47 NHS trusts reported problems and 13 NHS organisations in Scotland were affected.

In the new report, ministers have pledged that by December 2018, people will be able to access a digital service to help them understand who has accessed their summary care record.

This is a brief description of existing health needs and care that is available online to a treating clinician via a protected site.

By March 2020, people will also be able to use online services to see how their personal confidential data collected by NHS Digital has been used for purposes other than for their direct care.

People will also be given the choice to opt out of sharing their data beyond their direct care, which will be applied across the health and social care system.

There will also be "meaningful sanctions against criminal and reckless behaviour" if it leads to personal data being exposed or the deliberate re-identification of individuals.

The National Data Guardian's position will be put on a statutory footing, the Department of Health said.

Furthermore, the Government has changed the NHS contract so that NHS organisations are now formally required to adopt data security standards set down by the CQC and Dame Fiona.

This will include security training for staff and extensive contingency plans to respond to threats to data security.

Health minister Lord O'Shaughnessy said: "The NHS has a long history of safeguarding confidential data, but with the growing threat of cyber-attacks including the WannaCry ransomware attack in May, this Government has acted to protect information across the NHS."

He added: "Data already saves thousands of lives everyday across the NHS through direct patient care or research into cancer or rare conditions, but better use of information has the ability to further transform health and care for everyone.

"By implementing strong security standards and giving patients clear choices, patients can be reassured that their privacy is safe while they are making a direct contribution to unlocking new treatments and improving patient care."

Dame Fiona said: "New technological advances offer extraordinary opportunities for patient data to be used to improve people's individual care and to improve health, care and services through research and planning.

"We will only be able to harness those opportunities if the public trusts that the health and care system is doing all it can to keep patient data secure, to meet their expectations on confidentiality and to be transparent.

"I believe that the implementation of my recommendations will be an important step in this process and very much welcome the Government announcements today."

Phil Booth, co-ordinator of campaign group medConfidential, said: "We welcome the clear commitment that patients will know how their medical records have been used, both for direct care and beyond.

"This commitment means that patients will have an evidence base to reassure them that their wishes have been honoured."