The global ransomware crisis that hit the NHS in May has led to a lot of lessons being learned – and put cyber security firmly on the agenda of NHS trust boards. Matthew D’Arcy reports from the UK Health Show.

Sean Walsh did not expect to face what he describes as “Armageddon” 24-hours after completing his initial staff briefings as NHS Digital’s newly appointed senior information risk owner.

However, that’s what he faced when the WannaCry ransomware attack hit on 12 May this year. WannaCry was a relatively simple attack, that locked up systems and demanded a payment in the online currency, Bitcoin, to unlock them.

Related post

How Alcidion found its market in the UK for a new kind of health tech

Smart health tech provider Alcidion is seeing rapid growth in the UK following the formal launch of its flagship platform, Miya Precision. That’s in part due to a bold communications campaign says Lynette Ousby, Alcidion’s…

Continue reading

It wasn’t specifically targeted at the NHS. Some 300,000 computers in 150 countries were affected, and other big users of email, such as the international shipper FedEx, also went down.

Even so, the NHS was a high-profile casualty, with some estimates saying that 40 trusts in England and 11 health boards and the ambulance service in Scotland suffered disruption.

Learning communications lessons
Unsurprisingly, then, health service leaders are still looking to learn lessons. Speaking at The UK Health Show, Walsh said WannaCry was “the very best test of our capability and resources we could ever have wished for.”

But he acknowledged that the response from his organisation’s Data Security Centre was in some ways wanting. “Have we got it right so far? Not completely, no.”

Related post

Digital plans for end of life and urgent care: How NHS Coordinate My Care reached out to the public

London’s Coordinate My Care service sought to launch a new online care plan to the public to empower people with long term conditions, and people at the end of their lives, to share their wishes about the care they want to receive. Working in…

Continue reading

At the top of Walsh’s list of things that went wrong was communications. NHS Digital first heard of the attack at around 12.30pm. Yet it took the agency more than four hours to issue any advice or communication to NHS organisations that were scrambling to respond to the fast moving, pervasive attack.

“We were able to set up our war room, our control centre, within 10 minutes of the first reports coming in,” Walsh told the Cyber Security in Healthcare conference at the show at Olympia, London last week.

“We are very conscious that in those early stages of event, one of those things we possibly didn’t do terribly well was to get some very fast communications out in the first 60 minutes. There was a tendency to delay until we had more technical details, more clarity. On reflection, I think that was a mistake.”

Even purdah, a communication restriction placed on public sector bodies in the run up to the general election, may have impacted on the speed of disseminating important updates, Walsh suggested.

Related post

Talking marketing with X-on marketing director Paul Heeren

Highland Marketing and healthcare communications specialists X‑on have an established relationship dating back to 2017. Marketing director Paul Heeren provides an insight into the working relationship. Tell us a bit about X-on and Surgery Connect…

Continue reading

NHS Digital has pledged to avoid an “information vacuum” in similar emergencies and provide “clearer, and much more purposeful” communications that leave out “mumbo, jumbo” and technical jargon.

Operating in an information vacuum
Chris Flynn, the security operations lead at NHS Digital’s Data Security Centre, also acknowledged that it had got some things wrong. Specifically, he said, it had failed to clarify which systems were not affected, and to issue advice on things not to do.

“We didn’t tell people specifically that NHSmail was safe,” he said. “We didn’t say it wasn’t [safe], but we didn’t say it was safe. We know that people pulled connections.

“Similarly, the N3 network wasn’t affected, but people were pulling connections. That massively impacted our ability to communicate.

“Over the course of the weekend, we issued 12 advisories. Pockets of the population didn’t receive that because they had pulled up the drawbridge.”

Andy Vernon, the director of ICT at Sheffield Teaching Hospitals NHS Foundation Trust, said his organisation was one of many “flying blind,” when WannaCry hit. During the early stages of the attack “we didn’t have a clear information source, other than the BBC website”, he said.

Related post

A bespoke webinar drives sales leads for ANCILE Solutions’ UK launch of its uPerform platform for healthcare

ANCILE Solutions’ digital training platform, uPerform, helps healthcare organisations prepare staff for the deployment of major healthcare IT systems. The company is well-known for its technology across different industries, internationally, so when it wanted to…

Continue reading

“The thing we really want more of is real-time information, and some creative thinking about the channels for providing it,” he added. “Lots of people closed down their boarders. Communication via email might not have been the best way to get back to us. We were all flying blind at the time it hit.”

Ready for next time?
Suppliers varied in their responses to WannaCry. “Some responses were really helpful, a great many of them weren’t,” said Vernon.

Some suppliers set up helpful telephone conferences, at which they shared what they knew. “I went onto a call on Sunday afternoon with 100 people, in which we were able to get a real fix on what was happening, people’s experiences, and what people had done.”

The health service will be hit by further cyber security incidents. Trusts have already reported disruption from another bit of ransomware, known as Bitpaymer. And there are simply too many generic attacks launched at the world’s IT systems for there not to be more.

Mike Hullet, head of operations at the National Cyber Crime Unit, told the conference that there are now an estimated 2.5 million cyber-crimes each year that require some kind of government or law enforcement response. “Have we got the resource to do it? Now, we don’t.”

Vernon agreed that there was now a continual “arms race with the bad guys”; but he said what worried him was the idea of those bad guys targeting the NHS specifically.

In comparison with WannaCry, “a concerted attack on the NHS could be much more destructive”, he said. “That’s what keeps me awake at night.”

No longer a hypothetical threat
Meantime, WannaCry may just have had some good effects. The conference heard that it had taken such a large scale cyber-attack to make the issue of cyber security a real, rather than a hypothetical issue for the NHS.

Kirsten Major, the deputy chief executive at Sheffield Teaching Hospitals, said in a video address that there had been a “huge increase in awareness”, at her trust and that lessons had been learned.

Pre-attack work had put the trust in a good place when WannaCry hit, she said, but even so: “I learned personally a huge amount about cyber security I didn’t know before that weekend.”

NHS Digital used the conference as a public platform to both acknowledge the need to improve and to announce some new tools for doing so.

These included having the right communications in place, a cyber ‘playbook’ for emergencies in which key roles and responsibilities are set out, and greater use of regional NHS leads. As Hullett summed up, “If it [cyber security] wasn’t a boardroom issue before, it certainly is now.”

Related post

How one medical imaging company projected its message to the NHS

Sectra’s approach to marketing has been less about selling, and more about promoting ideas. Jane Rendall, Chris Scarisbrick and Caroline Marjason explain how driving change through discussion and debate, with the support of Highland Marketing…

Continue reading
The following two tabs change content below.

Matthew D'Arcy

Matthew has accumulated a wide range of experience in the media. A journalist and former editor who has also worked in PR and marketing, Matthew is well placed to help clients develop successful communications programmes.

His most recent media experience has involved following healthcare and public sector technology developments closely, on which he wrote daily news and features for both print and online titles.

Prior to that he was the editor of several influential specialist publications read by tens of thousands of people.

Matthew has specialised in areas including politics, public services, technology, defence, international development and e-government and has experience interviewing and commissioning high profile figures ranging from Cabinet level government ministers through to senior company executives and even heads of the armed forces.

He has strong writing skills, a solid understanding of what journalists are looking for and professional experience in the social media environment, having managed accounts followed by thousands of users, ranging from senior civil servants to leading politicians.

Prior to becoming a journalist he worked in PR and marketing, building online marketing strategies, conducting marketing research and achieving regular positive media coverage for employers.

“Achieving a strong media presence places a business in a position of authority. Those who get their comments published are the experts – they are the people the market should turn to for the answers.”
A little about Matthew:
In his spare time Matthew is passionate about photography. He has performed in contemporary theatre and community arts projects. His interests include travelling, cooking and live music. He is fascinated by politics, holds a master’s degree in international history, and attempts to row with his local boat club whenever he has the opportunity.

Want more articles like this one?

Our free newsletter drops into your inbox every Friday to bring you...
  • Industry news
  • Essential analysis
  • Unmissable interviews
  • HM blog posts, tips and advice

Sign up:

Highland Marketing Ltd will use the information you provide on this form to send you our newsletter. Additionally, please let us know if you would like to hear from us about:

Read more information about our privacy practices. By clicking to subscribe below, you agree that we may process your information in accordance with these terms.

Find out how we can help your business

Get in touch

top