The Responsibility of Public Relations in the Era of Healthcare Cyber Attacks

While cyberattacks in healthcare date back to the late 1980s, according to the American Medical Association, healthcare was the most targeted industry by cybercrime during the first half of 2023 due to the amount of data hackers can exploit. And with recent cyberattacks hitting marquee payers and providers, organizations have a lot at stake as the patient demand for digital systems to deliver care continues to increase rapidly.  

These cybercriminals compromise sensitive patient data, demand ransom payments, disrupt operations, compromise patient care, and erode trust in the affected organization. And they create significant challenges for public relations teams tasked with managing the fallout. The need to protect patient information and maintain public trust has never been more critical in healthcare.  

In the face of such threats, effective public relations strategies are essential to manage the fallout and maintain confidence among patients, stakeholders, and the public at large. Here are some key considerations for PR professionals tasked with navigating healthcare cyberattacks: 

Crisis Management Planning: Preparation is key to effectively managing any cyberattack crisis. PR teams, in partnership with IT, need to have a live IT severity flowchart in place accompanied by a comprehensive crisis management plan with identified actions roles and responsibilities, and communication protocols in the event of an attack. Regular training and drills can help ensure that all staff are prepared to respond swiftly and effectively in a crisis. 

Transparency and Communication: In the wake of a cyberattack, transparency is crucial. PR teams must communicate openly and honestly with all stakeholders about the nature and extent of the breach, as well as the steps being taken to address it. The crisis communications plan should have identified stakeholders for the various scenarios along with the communication cadence of each stakeholder audience identified. Timely and accurate information can help mitigate panic and reassure patients that their concerns are being addressed. 

Protecting the Brand: A cyberattack has serious implications for an organization’s reputation and brand. PR professionals must work proactively to protect the organization’s image and mitigate reputational damage. This involves crafting carefully worded statements, coordinating media responses, and leveraging social media channels to disseminate accurate information and counteract false narratives. The crisis communications plan should have examples of statements to begin working from.  

Rebuilding Trust: Rebuilding trust with stakeholders in the aftermath of a cyberattack is no easy feat; however, it is essential for the long-term viability of the organization and of utmost importance to stakeholders. PR teams must demonstrate a commitment to transparency, accountability, and proactive measures to strengthen cybersecurity defenses. This may involve investing in advanced security technologies, conducting thorough audits and assessments, and engaging with patients and stakeholders to address concerns and solicit feedback. 

Learning and Improvement: Finally, healthcare organizations must view cyberattacks as learning opportunities and use them to strengthen their cybersecurity posture. The PR and IT teams must work closely with security experts to conduct post-mortem analyses of breaches, identify weaknesses in existing systems and processes, and implement corrective actions to prevent future incidents. 

Once an organization gets on the other side of a breach, it can then start adding up the costs. The cost of a data breach for a healthcare organization is significant, making it a critical concern for healthcare executives. Exact costs vary depending on the size and type of breach, response and recovery efforts, reputation damage done, and regulatory fines. Here’s what you need to know: 

Industry Average: According to the 2023 IBM Security Cost of a Data Breach Report, the average cost of a data breach across all industries is $4.45 million. 

Healthcare Sector: However, healthcare data breaches are the costliest, with an average cost reaching nearly $11 million in 2023, as reported by the Ponemon Institute and published by IBM Security. This represents an 8% increase from the previous year and a 53% jump since 2020. 

HIPAA violations can attract significant fines, with a maximum of $50,000 per affected record. A little math on one of the larger recent breaches would likely spit out a scary number — fines, ransom, reputational damage. Hospitals and health systems in the current climate would struggle to survive this kind of financial and reputational damage.  

What can organizations do to minimize risk? Enlisting the help of an information security healthcare firm can be one helpful step. Imprivata, Protenus, and CynergisTek are three solution providers that are dedicated to the healthcare industry: 

Imprivata provides authentication and access management solutions for healthcare organizations that can help deliver greater Healthcare IT Security. 

Protenus healthcare compliance analytics platform empowers health systems to monitor patient privacy with AI.  

Clearwater, which recently acquired CynergisTek, provides healthcare and security compliance including managed services and risk management. 

In today’s digital world, cyberattacks are more of a “when” than an “if.” Therefore, healthcare organizations must be vigilant in the face of escalating cyber threats and take proactive steps to protect patient data and maintain public trust – before, during, and post-attack. Effective public relations strategies as outlined above play a crucial role in managing the fallout from cyberattacks and safeguarding the organization’s reputation and brand. By prioritizing transparency, crisis preparedness, and continuous improvement, healthcare PR professionals can navigate the challenges of the digital age with confidence and resilience. 

Contact us today to learn more about MWW’s cyber and healthcare expertise — a “best of both worlds” combination you won’t find in many leading PR firms.