Crisis communications: how to cope when the NHS is held to ransom

  • 27 June 2024
Crisis communications: how to cope when the NHS is held to ransom

Building a reputation in health tech can take decades, yet it can be undone by a single crisis, writes Silver Buck’s Sarah Bruce

As technology is critical to the way the NHS provides care but vulnerable to malicious intent, the chance of a crisis is elevated. The risks extend far beyond operational disruption – data breaches, cyber-attacks, product failures, and system outages could potentially be a matter of life and death.

Crisis communications is undoubtedly front of mind for NHS London and Synnovis who are in week four of a cyber-attack where clinical information has been held to ransom. It’s been reported this week that more than 2,194 outpatient appointments and 1,134 elective procedures have been postponed, and local pathology services were running at 30% of normal capacity, compared with 10% the previous week.

In times of crisis, the public relations strategy for disclosing information will often conflict with the legal recommendations making it challenging for the affected organisation/s to present the full picture. That said, while NHS London and Synnovis have been issuing clear and regular statements, we know very little on the details of the attack, whether any ransom has been paid, culpability, its full impact and how long it will take to recover.

Here, we explore effective strategies for crisis communications in such scenarios.


For any organisation, building strong relationships with stakeholders, including patient groups, employees, and the media, can facilitate effective communication during a crisis. Trust and credibility established during normal operations can pay dividends in times of crisis.

But often crisis planning doesn’t reach the top of an organisation’s agenda until it becomes an absolute necessity, at which point they are deeply underprepared and have lost control of the story.

Establishing a crisis communications playbook helps to remove some of the panic and bring calm to an already difficult situation. A playbook should outline stakeholder mapping, predefined roles and responsibilities including escalation points, allocated spokespeople, communication channels and protocols. But it’s worth remembering that during the WannaCry attack, most trust communications crisis plans were held on computers – every organisation should keep a hard copy or a version on a secure, external drive.

Having a holding statement ready is also critical to being on the front foot. The recent Synnovis story broke when a member of staff shared the CEO’s email to outsiders and members of the press. Highlighting to staff that internal communications and messages are confidential and making sure the message is clear and accurate in case of an inevitable leak is critical. Leaked information will likely be the first thing the press and public hear about the incident, and leaks should be expected once staff are apprised of the situation.

Undertaking crisis communications media training using drills and real-life scenarios can help spokespeople feel prepared and confident to answer difficult questions. It’s imperative to project the right message and ensure spokespeople are used to being doorstepped or caught out by the media by being taken off topic when approached.


Transparency and accountability are cornerstones of effective crisis communications.

Saying ‘no comment,’ or delaying statements is something we often see on TV but only fosters speculation, suspicion and lets others control the narrative. Some companies prefer to post statements on their website or social media, but in healthcare it’s important to consider proactively sharing statements with local media due to the high percentage of the local patient population that listen to, watch, or read local news.

Companies that maintain their reputation post-crisis are the ones that have strong key messages prepared, that are clear, and that evolve during the different stages of a crisis.

However, research shows that psychology behind crises means that audiences may not always understand or accept complex messages. If part of a message arouses exceptionally intense feelings of anxiety (for example, using language such as ‘we fear that’ like Dido Harding of TalkTalk fame) people tend to ignore the remaining content of the message.

When communicating in a crisis, most organisations use the acknowledge, contain, empathise (ACE) strategy. Acknowledgment shows understanding of the importance of the crisis and providing clear information helps contain it and prevent rumours. Showing empathy and apologising, if necessary, displays humility and responsibility – qualities increasingly expected in today’s leaders.

NHS communications teams are often under resourced and while many defer to NHS England for help, it’s worth offering the support of your communications team or agency if they have experience in crisis communications.


Using communications to promote community and unity encourages people to feel motivated to help one another. Shared identities, such as that of the NHS, can often be leveraged to cultivate togetherness while avoiding language that seeks to blame or divide.

Adherence to advice and key messages depends on whether people see themselves and the authorities as part of a common ‘in-group’. It’s worth using different messengers to reach different audience segments, such as those with a clinical background to reach healthcare professionals.

Keeping communications channels open with factual information and ensuring clear timelines for the next update are made available prevents disinformation growing and being bombarded by requests for information.

Cancelling non-essential trips, meetings and not excessively engaging in media opportunities help to show an organisation really is ‘doing everything it can.’ For Synnovis, they’ve showed that they’re collaborating with cybersecurity experts and law enforcement agencies, which demonstrates a wider, proactive approach to resolving the crisis.

Recovery – repair and rebuild

Usually, a crisis dominates a 24-hour news cycle unless it evolves with new information. However, it’s crucial for organisations to continue monitoring media and sentiment across social platforms for much longer to gauge how to rebuild. In the final stage, journalists seek to resolve the key theme and summarise how the crisis occurred, who and/or what was to blame, and what can be drawn from the events as lessons for the future.

Apologising meaningfully is just the beginning. Conducting a thorough review of the incident from a communications perspective and engaging in a two-way dialogue with stakeholders can provide valuable insights and help to update future messaging accordingly. Committing to credible change and showing what is being done to prevent further issues, while focusing on a longer-term plan of positive news stories and increased engagement can restore reputation and be the making or breaking of an organisation’s future.

Feeling underprepared? 

If you feel underprepared to tackle a crisis communications situation, Silver Buck runs virtual or face to face workshops specifically for healthcare organisations and suppliers to get you and your team ready. Get in touch with today to find out more.

Sarah Bruce is co-founder and director of Silver Buck. Silver-Buck-Primary-Logo-RGB (002)

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

Digital Health Coffee Time Briefing ☕

Digital Health Coffee Time Briefing ☕

This edition of Coffee Time Briefing includes a call for chartered status for tech professionals and text message initiative for NHS Scotland.
Over 6,000 operations and appointments delayed by London cyber attack

Over 6,000 operations and appointments delayed by London cyber attack

More than 6,000 operations and appointments have been postponed at London hospitals affected by the Synnovis cyber attack.
Junior doctors break strike to assist at sites hit by cyber attack

Junior doctors break strike to assist at sites hit by cyber attack

Guy’s and St Thomas’ and King’s College Hospital NHS Foundation Trusts continue to experience major disruption following the cyber attack on Synnovis.


Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.