Unless you live under a rock, it’s pretty hard to have missed the recent announcement that Change Healthcare, a unit of UnitedHealth Group, experienced a cyberattack that left the largest U.S. healthcare payment system paralyzed, according to The New York Times.
So, what does the breach mean for how healthcare companies talk about security and cyber threats?
While cyberattacks have almost become commonplace in healthcare, this is one of the most significant breaches in recent history, impacting hospitals and healthcare organizations nationwide—even eliciting a formal statement from the U.S. Department of Health and Human Services on how providers can continue to serve patients despite cash flow concerns.
This high-profile incident highlights the vulnerabilities inherent in the healthcare industry’s digital infrastructure and marks a pivotal moment in how organizations must approach security and cyber threat communications. In this new era, the focus shifts significantly toward addressing the technical aspects of cybersecurity and how these issues are communicated to the public, patients, and other stakeholders.
For a health tech public relations agency, the Change Healthcare cyberattack serves as a critical case study. It underscores the need for a comprehensive strategy encompassing crisis communication, proactive education, and transparent, ongoing dialogue about cybersecurity measures and protocols.
Healthcare technology companies must work harder to build and maintain trust, ensuring individuals are informed about the steps being taken to protect sensitive data against increasingly sophisticated cyber threats.
The cyberattack: A wake-up call for healthcare
Without delving into the technical specifics that could inadvertently assist potential future attackers, it’s crucial to understand the magnitude and implications of this breach.
Change Healthcare’s systems were significantly compromised, leading to widespread disruption in the processing of healthcare payments. This incident interrupted operational workflows and exposed the sensitive personal data of millions, putting patient trust and data security at considerable risk.
For B2B communications, trust is pivotal. As the industry strives for interoperability across systems, this interconnectivity demonstrates the cascading consequences that can arise from a single point of failure. The fallout from this attack has laid bare the fragility of patient, provider, and payor trust in the digital age.
As data breaches become increasingly common, each new incident chips away at the public’s confidence in healthcare providers’ ability to safeguard their most personal information. The recovery from such breaches is both technical and deeply rooted in restoring this lost trust through transparent communication and demonstrable improvements in security.
PR strategies in the wake of cybersecurity threats
It can be easy to hope for the best and hope hackers or rogue organizations won’t target your company. Unfortunately, for most organizations, experiencing a cyberattack is a question of when and not if.
That’s why it’s paramount that organizations regularly evaluate security protocols and have a crisis communications plan ready for timely and transparent communication with stakeholders to help manage the narrative and present a position of preparedness, not reactiveness.
Here’s how healthcare organizations can navigate the complex landscape of PR in the wake of cybersecurity threats.
Emphasizing crisis communication plans
A robust healthcare crisis communications plan is the first line of defense for any organization facing a cyberattack. Such a plan should:
- Clearly identify the crisis communication team, including PR professionals, legal, cybersecurity experts and key decision-makers within the organization who can respond quickly.
- Outline specific internal and external communication protocols, ensuring timely and accurate dissemination of information.
- Include templates for press releases and social media posts to be adapted in real-time, enabling swift responses to evolving situations.
Your crisis communication plan must be dynamic, allowing for rapid adaption as details of the cyber incident unfold. Regular drills and updates to the plan are essential to prepare for potential cybersecurity incidents, ensuring all team members know their roles and responsibilities when a crisis occurs.