NHS cyber-attack: how to respond when disaster strikes

On May 12th, the NHS was harmed by a national cyber-attack. Hackers targeted the backbone of the NHS, tapping into computers, telephone lines, MRI scanners, blood-storage refrigerators and theatre equipment. Surgeons used their mobile phones to communicate, and critical information such as x-ray imaging was delivered on CDs.By Nick Hawkins, Managing Director EMEA at Everbridge.

  • 6 years ago Posted in
Hackers used malware to affect the NHS’ Windows XP systems. Some reports state 90% of NHS trusts run at least one Windows XP machine, and the NHS is becoming increasingly reliant on machines that have internet access.

Simply remembering firewall renewal dates is easy. However, it becomes increasingly complex when a whole portfolio of internet enabled devices need security updates. This issue will become more critical as the internet of things (IoT) is expected to grow to millions of new connected devices in the future.

During emergencies, effective communication is crucial. When IT systems go down an organisation needs to be able to communicate with its employees and co-ordinate an effective response. The longer this process takes, the bigger the impact.

To limit the damage of a cyber-attack, businesses should consider the following key points:

  • Response Plan

Cyber-attacks often happen out of office hours. An IT incident response plan should be in place to combat an attack even if it happens at 5am. An efficient response plan will include methods of communication for specific stakeholders.


  • Your organisation’s potential threats

You should understand the type of threat the organisation could experience and the impact it could have.  For example, it could result in loss of services or data. The solution will differ depending on the threat.


  • Essential participants in your IT response plan

?  IT Security: is likely to fix the issue. If an organisation does not have a dedicated security team, employees should be assigned to deal with a security crisis when it occurs.

?  Incident Team: who is going to co-ordinate the response? Who should be contacted following a breach and how are you going to reach them? Define an escalation point.

?  Legal-counsel: if, for example, customer credit card details are stolen, legal support may be necessary.

·         How to prepare communications for your response plan

?  Assess: What is happening? What is the impact? Determine the likelihood, severity, and impact of the incident

?  Locate: Who is in harm’s way? Who can help? Identify resolvers, impacted personnel, and key stakeholders

?  Act: Which team members need to act? What do they need to do?

?  Analyse: What have we done before? What worked? How can we improve communications?

?  Communicate and collaborate: What should employees do? Notify employees on what action to take and keep stakeholders informed


There are multiple communication methods a cyber-attack can affect:

·         If your company website is hosted in-house, it may go down.

·         If the core network is compromised, every computer becomes a standalone machine with no access to company record. Human resource information, employee contact information, vendor lists, or other key phone lists may be inaccessible.

·         If your phone and voice mail system is VOIP-based, you may lose your company phone system.

As multiple resources become affected, it is important to identify channels of communication:

·         Employee information: pushing information to employees about the company status and messaging.

·         Conference bridges: using toll-free conference bridges for employee, vendor, senior management and other key stakeholder phone calls.

·         Stakeholder groups: using pre-defined groups that had been created for key stakeholders to push information via phone, text or email.

No business or organisation is completely immune to the threat of a cyber-attack. It is vital that crisis management plans are in place to ensure that business-as-usual practice returns as quickly as possible, with minimal impact.

Using multi-modal, two-way communication


Central to the success of critical communications platforms are two key functions.  The first is the capability to deliver messages using a variety of different methods – this is known as multi-modal communications.  No communications channel can ever be 100% reliable 100% of the time, so multi-modality transforms the speed at which people receive the message.  Multi-modality facilitates communication via multiple communication devices and contact paths including email, SMS, VoIP calls, social media alerts and mobile app notifications, amongst many others.


Multi-modality ensures that it is easier to receive a message. Two-way communication makes it simpler to confirm a response. For instance, if a cyber-attack compromises an e-retailers website, every second costs the business money. An IT engineer must be located and available to help as fast as possible. Two way communication enables the business to send an alert to the IT team giving them the option to reply with “available and onsite”, “available and offsite” or “not available”.


The time and effect of cyber-attacks may be extremely difficult to decipher, however, the ability to respond and limit damage can be significantly improved by implementing a coordinated communications strategy. In today’s connected environment cyber-attacks are an inevitable threat, businesses should move away from a sole focus on prevention and consider their ability to respond and limit damage post attack. 

By Gareth Beanland, Infinidat.
To ensure full confidence that your documents, spreadsheets, and correspondence are kept safe,...
By JG Heithcock, General Manager of Retrospect, a StorCentric Company.
Michael Del Castillo, Solutions Engineer, Komprise, looks at how to design a cloud storage strategy...
By Ezat Dayeh. Senior Systems Engineering Manager, Western Europe at Cohesity.
The past year significantly changed the way organisations protect and store their data. By Joe...
By Rainer W. Kaese, Senior Manager Business Development, Storage Products Division, Toshiba...