Five lessons in communications from the cyber attack

The NHS’s disaster planning has come under intense scrutiny and pressure in recent weeks as a result of the terrorist atrocities in Manchester and London and the international cyber attack whose victims included around 40 NHS trusts.

The response from the emergency services and NHS staff and managers to these major incidents has been rightly praised, not only for providing the care, treatment and support needed by local communities but also keeping services up and running when vital systems were offline.

The cyber attack showed the professionalism of the NHS’s major incident planning. As the dust settles, with virtually all NHS trusts running as normal after severe disruption, it is right to explore what lessons can be learned for future incidents, particularly with regards to how the communications were handled.

This was high up the list of concerns for NHS communicators at an event run by NHS Providers. The feedback raised many practical suggestions for how national and local NHS communicators respond to cyber attacks in future.

Rushed to judge

First, given the scale of the attack, which affected more than 80 countries and leading edge companies like Telefonica, Deutsche Bahn and Fedex, most communicators felt the NHS handled the response well. However, there was some frustration that some political leaders and newspapers rushed to judgement on the NHS’s systems and state of readiness when the facts had not been established.

This felt like the usual NHS bashing and, as the story evolved, was unsupported by the evidence. Being in the middle of a general election campaign did not help here.

Second, many felt the NHS was too reliant on traditional IT systems such as email – both in terms of internal communciations within trusts and when national bodies were seeking to get messages through to frontline communications teams. We’ve been told by many communicators that national bodies were giving them guidance over email when those same hospitals had already taken down their IT systems, including email, as a precautionary measure.

One communicator wrote to say: “For us the biggest problem was using NHS email to communicate issues during an incident that involved NHS email. In our trust, all incoming emails were blocked for several days, so we missed almost all of the central messages. We missed the first three regional conference calls because details were only sent by email. When we asked about the public messaging, we were told the messages (while public) couldn’t be emailed to a non-NHS account.”

We will need to find other ways of cascading messages in future, most obviously via mobile, personal email or messaging applications such as WhatsApp. We know that some regional communications networks – working across providers, commissioners and regional offices of the central bodies – have now set up a WhatsApp group.

Greater clarity needed

Third, the importance of communicating across regions rather than solely as individual organisations has been raised. This is summed up well by Claire Riley, director of communications at Northumbria Healthcare NHS Foundation Trust, in PR Week: “In the North East and North Cumbria we quickly worked together across health providers, commissioners, ambulance services and mental health providers to ensure we were consistent in the message and communications approach and this worked well and help to ensure an effective and streamlined approach.”

Fourth, while the national arms length bodies largely handled the response well, some trusts were confused about the roles of the different bodies, with greater clarity needed over which one was leading. On a positive note, there were several examples of trusts receiving helpful support from communicators working in the national and regional offices of NHS England and NHS Improvement.

But it was felt that more clarity is needed about NHS Digital’s role in handling similar responses in future. Many communicators wanted NHS Digital to be more proactive in providing updated messages across traditional media and social media channels as the situation developed.

Several communicators also said they were given contradictory messages from the national bodies about what information they could release to the public, with one telling me: “We were told not to release any messages to the public even though we wanted to reassure them that, although we had shut down our systems, A&E was still open.”

This had repercussions for trusts and their relationships with their local media. As one trust communicator said: “We were advised initially to push media enquiries through to NHS Digital but the message back from our local journalists was that they weren’t fielding enquiries. We then picked up our own enquiries and responded accordingly.”

‘The absence of national leaders from the airwaves allowed other voices, such as so-called cyber security experts, to fill the vacuum. Unsurprisingly, their comment tended to focus on poor NHS IT’

Finally, the mostly reactive handling of the media more generally has emerged as a key issue. This is always a tricky balance for the national bodies to get right – no more so than in the white heat of an election campaign. Many people working in hospitals and other trusts felt the national bodies should have been more visible – making it clear that this wasn’t just an attack on the NHS, as some media were implying, and setting out what steps the NHS was taking to protect patients and service users.

The absence of national leaders from the airwaves allowed other voices, such as so-called cyber security experts, to fill the vacuum. Unsurprisingly, their comment tended to focus on poor NHS IT as opposed to the global nature of the attack and what the NHS was doing to respond.

These are all issues that can be learned from and, overall, the handling of the response has been excellent. The fact that the NHS coped admirably with the cyber-attack, and has emerged with no long-term reputational damage, is a credit to the communicators and staff at trust and national level who worked round the clock to maintain services and get them fully back up and running as soon as possible. The learning from this incident will help preparations for when the next cyber attack inevitably occurs.

Daniel Reynolds is director of communications at NHS Providers