The "ransomeware" programme WannaCry was unleashed on 12 May, wreaking havoc on companies and institutions, including the NHS, in 150 countries as hackers threatened to delete files unless a ransom was paid.
Some 40 British hospitals across 24 trusts were affected by the attack, and one week later it was reported that some NHS trusts were still experiencing some disruption.
The comms response from the NHS
But how did different parts of the NHS handle the comms around the attack and was the response adequate?
Claire Riley (pictured above), director of comms at Northumbria hospitals, said: "I think the national media got hung up on a cyber-attack rather than the impact on patients and the public. However locally – this was the converse and... rightly so. The local media helped us immensely to get the messaging out and I thank them greatly for this.
"In the North East and North Cumbria we quickly worked together across health providers, commissioners, ambulance services and mental health providers to ensure we were consistent in the message and communications approach and this worked well and help to ensure an effective and streamlined approach to managing the cyber-attack."
Stevie Pattison-Dick, head of comms at Royal Berkshire Hospital, thought NHS England (NHSE) and NHS Improvement (NHSI) supported other parts of the NHS well during the attack.
She added: "Nationally, comms had messaging early and [we] had good support from local NHSE and NHSI comms colleagues on the Friday and over the weekend via text and mobile calls."
It felt at times as though there was a vacuum, with no one from the Department of Health, NHS Digital or other national bodies taking to the airwaves to reassure the public.Daniel Reynolds, director of comms at NHS Providers
But Daniel Reynolds, director of comms at NHS Providers, thought there were gaps in the response and that a comms vacuum was allowed to develop.
He said: "By and large, the NHS handled the response well. The vast majority of NHS organisations were well prepared and unaffected by the virus. But many hospitals and other NHS trusts were left confused about the roles of the national bodies, in particular NHS Digital who were said to be coordinating the response.
"It felt at times as though there was a vacuum, with no one from the Department of Health, NHS Digital or other national bodies taking to the airwaves to reassure the public by explaining what had happened and the steps being taken by the NHS to protect patients."
Lessons to be learned from the cyber-attack
Reynolds (pictured above) said there were comms lessons to be learned by the NHS, following the attack.
He said: "At a national level, there is clearly a need for the lead coordinating organisation to be more visible, proactive and for them to find better ways of contacting NHS communicators when traditional IT systems such as email can’t be relied upon.
"We've been told by many NHS communicators that national bodies were giving them guidance over email when those same hospitals had already taken down their IT systems as a precautionary measure. We'll need to find other, better ways of cascading messages to communicators in future."
In some cases, staff at affected NHS institutions were forced to use personal email addresses or pen and paper to communicate with each other.
Lesson learned is that ‘Plan B’ should always be in place – reverting to old fashioned face to face comms works.Stevie Pattison-Dick, head of comms at Royal Berkshire Hospital
Pattison-Dick said having old-fashioned comms to rely on had worked at her hospital.
She said: "Lesson learned is that 'Plan B' should always be in place – reverting to old fashioned face-to-face comms works. Quickly messaging switchboard and reception staff and on-call and senior team walking the floor, including at night, talking to staff, handing out latest messages and directing people to updated intranet messaging is still the most effective way of getting information out."
Riley said the NHS had become "too reliant" on email and that they were forced to use alternatives for external and internal comms.
She added: "Another [learning] is we are better responding together as a NHS system in the regions than separately as organisations. The North East and North Cumbria share media outlets. Joining up our approach was the right and most effective way to respond."
Was there any lasting reputational damage?
But despite the scale of the attack, which led to some operations being cancelled, there would be no lasting reputational damage to the NHS in the eyes of the public, comms pros agreed.
At this point it is important to remember that our computers went down. Patients still accessed the care they needed, when they needed it.Claire Riley, director of comms at Northumbria hospitals
Riley called for some perspective following the attack.
She said: "At this point it is important to remember that our computers went down. Patients still accessed the care they needed, when they needed it. Life-saving operations still took place, doctors, nursing staff, healthcare assistants, porters, cleaners and allied health professional still looked after patients.
"People form their opinions based on their experience – or their friend and family's experience – of their local hospital."
Pattison-Dick (pictured above) said the pace of recovery from the attack was impressive and the fact that multi-national brands were also caught up in it meant there was unlikely to be lasting reputational damage for the NHS.
Meanwhile, Reynolds pointed out that only a fifth of NHS trusts had been affected by the attack.
He added: "A lot of the preparation that went into their major incident planning paid off. What is frustrating is how some – both in the media and among the political class – were quick to lay the blame on 'incompetent NHS managers'.
"This felt like the usual NHS bashing and is unsupported by the evidence. The fact we're in the middle of a General Election campaign didn't help in this regard."
Click here to subscribe to the new FREE public sector bulletin to receive dedicated public sector news, features and comment straight to your inbox.