Interserve, which helped build Birmingham’s NHS Nightingale hospital, and Bam Construct, which delivered the Yorkshire and the Humber’s, have reported the incidents to authorities.
Earlier this month, the government warned healthcare groups involved in the response to the virus were being targeted by malicious actors.
The separate attacks were not linked.
But Bam Construct said the “significant” cyber-attack on it “forms part of the wave of attacks on public and private organisations supporting the national effort on Covid-19”.
A spokesman said the company had shut down its website and some other systems as a precaution, after being hit by a computer virus.
But its day-to-day business had remained largely unaffected.
“Our own precautions have had more of an effect on our normal working procedures than the virus itself,” he said.
Interserve, meanwhile, said “some operational services may be affected”.
But it was working with the National Cyber Security Centre (NCSC) to “contain and remedy the situation” and had notified the Information Commissioner’s Office and warned its employees, former employees, clients and suppliers to “exercise heightened vigilance during this time”.
The outsourcing company also provides facilities management and other services and holds a range of contracts with the government beyond the construction sector.
Earlier this month, the NCSC warned of attempts to attack healthcare and research organisations during the pandemic.
And the government warned malicious actors were “seeking to undermine the global response to this unprecedented global health crisis endanger lives”.