More than 700 patient appointments and procedures were cancelled at a health board hit by two cyber attacks within three months.

NHS Lanarkshire computers were infected by a computer virus on Friday, May 12, which forced many systems to be shut down over the weekend, cancelling almost 500 appointments and procedures.

In August, another virus caused 219 appointments to be cancelled at the same health board, including five operations in theatres.

A report into the first incident, released during a meeting of the health board on Wednesday, said many medical machines used an older operating system that was vulnerable to viruses.

A virus called WannaCry affected organisations around the world in May, including many NHS boards around the UK.

The "ransomware" programme encrypted files on affected computers and demanded payment to open them.

NHS Lanarkshire's report said a total of 494 appointments and procedures were cancelled as a result of the cyber attack, with 1338 PCs hit by the virus.

A review of the incident found a software update that would have blocked WannaCry was not rolled out due to "ongoing testing and limited resources."

The report said 395 PCs were "still using the XP operating system for which there was no patch available at the time of the attack".

It added 90 of these PCs were "required to run XP as they were supporting medical devices which could not operate on more up to date software".

Microsoft discontinued support for its Windows XP operating system in 2015, meaning machines using it were vulnerable to viruses.

The review said the health board managed the incident "very well" and recommended further IT security measures be put in place.

Just over three months later a smaller number of NHS Lanarkshire's computers were hit by a similar ransomware virus called BitPaymer, which again forced the internet and other systems to be shut down over the weekend.

A freedom of information request by STV News revealed 184 outpatient appointments were cancelled due to the BitPaymer attack, as well as five inpatient theatre cases and 30 endoscopies.

A report into the second incident said: "NHS Lanarkshire is working with its two security suppliers to understand how this malware managed to infiltrate its systems and spread across its infrastructure.

"Following the 'Wannacry' incident in May 2017, the eHealth Department has implemented a range of security improvements.

"Overall, there was a prompt and robust response from NHS Lanarkshire to this business continuity event."

Bitpaymer was described as a "zero-day" virus that was able to get past existing security measures as it had not been encountered before.

Other health boards are not thought to have been affected by BitPaymer.

Calum Campbell, chief executive of NHS Lanarkshire, said: "Following the cyber attack in May we took prompt and robust action to improve the security of our IT systems, which helped limit the impact of the malware incident in August.

"We apologise to any patients affected by the May and August incidents.

"Our staff went above and beyond during these incidents to successfully minimise the inconvenience to patients and quickly restore our IT systems.

"The integrity of our patient data was maintained in both cases."

He continued: "Every organisation throughout the world needs to recognise and prepare for future cyber threats of this kind.

"Our experience, detailed analysis and learning from both incidents along with robust actions to enhance our cyber security mean that NHS Lanarkshire is much better placed to meet and respond to these challenges."