Cyber attacks on patient healthcare records and medical information are hot-news headlines—and an increasingly realistic prospect for health systems, hospitals and medical practices. Is your PR or Communications Plan ready for this digital broadside?
Large-scale criminal data breaches, such as the reports regarding the UCLA Health System (affecting over 4 million people), are high profile news in what has become the year of the “health care hack.”
In the past five years alone, cyber attacks in healthcare have increased 125 percent, according to The Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data by the Ponemon Institute. What’s more, over 90 percent of healthcare organizations have experienced at least one data breach in the past two years. The trends are disturbingly clear:
- Personal information and health records are attractive cyber targets
- Data theft via medial records is frequent and widespread
- Any/every healthcare organization needs a PR plan
From a health care public relations perspective, cyber attacks—or even the hint that patient medical information may have been compromised requires an immediate communications response. Online media and social connections will carry the news from coast to coast within seconds.
And a deeply concerned public will expect as much information as soon as possible about the integrity of protected health records, credit card info, and individual financial and social security data.
Have a cyber crisis plan and follow it. Forward-thinking management anticipates critical issues with a carefully considered Plan for Crisis Communications. A contingency plan will help guide facility administrators, communications professionals, doctors and spokespeople to navigate an issue with an action plan for anticipated actions and responses.
Anticipate several scenarios. Criminal attacks are now the most common form of data breach or security incident. But in addition to “a nameless-offshore-hacker scenario,” consider how to deal with employee negligence, web-borne malware attacks, lost or stolen laptop devices.
Study case examples. There’s no shortage of news stories and summaries about healthcare data breaches. Watch what was successful for others. Anthem Health Insurance proactively reacted to a recent cyber attack with an aggressive member communications effort. Blue Cross Blue Shield is providing no-fee credit monitoring and fraud detection to millions of customers. Recognize what works, or would not work, for your situation.
If a data breach isn’t in your past, it will be in your future.
Statistically, the dramatic increase in incidences of healthcare data breaches will be a public relations issue in your lap soon. Size doesn’t matter, according to the Ponemon Institute report.
“Those especially vulnerable are healthcare organizations including hospitals, clinics, private or public healthcare providers…and their “business associates,” including patient billing, health plans, claims processing, and cloud services.
“Small- to middle-market organizations are at greater risk for data breach, as they have limited security and privacy processes, personnel, technology, and budgets, compared to their enterprise or large corporate counterparts.”