Skip to main content
Public Relations

Healthcare crisis communications: Responding to cyber attacks

Discover the critical importance of effective healthcare crisis communications in the face of escalating cyber threats.

In our digitally-driven world, the healthcare industry faces an ever-growing threat of cyber attacks, and health tech vendors are not immune to the threat. The consequences of these attacks extend beyond data breaches, affecting trust, reputation and patient safety. Time becomes a scarce commodity when facing a communications crisis, and knowing how to respond can be crucial. While cyber security experts believe it is impossible to prevent breaches from ever occurring, it is possible to plan for them.

Know Your Crisis

Given the healthcare industry’s valuable data and critical infrastructure, it has become a prime target for cybercriminals. The first step to addressing a crisis is knowing what your crisis is. Understanding the common types of cyber attacks prevalent in healthcare helps you know how to respond. These attacks often include:

  • Ransomware, where hackers encrypt critical data and demand ransom for its release. One healthcare payment vendor was hit with a ransomware attack that impacted more than 600 providers.
  • Phishing, where malicious actors trick employees into divulging sensitive information. It was as simple as one employee’s compromised email at Highmark Health that led to potentially 300,000 individuals’ protected health information being compromised.
  • Data breaches, where patient data is unlawfully accessed and exploited. A recent IBM Security Report found that the average cost of healthcare data breaches has increased by 53 percent since 2020 to an average cost of $11 million.

While financial gain is a common incentive, cybercriminals might also target companies that handle sensitive data relating to health and healthcare to gain unauthorized access to medical information, commit insurance fraud, or disrupt critical services. Organizations can better tailor their security measures and crisis communication responses by understanding these motives.

The impact of cyber attacks on trust and reputation cannot be stressed enough. Patients trust healthcare organizations with their most sensitive information, and in turn, health systems and hospitals trust their third-party vendors to mitigate potential risks. As such, any breach of that trust can have severe consequences. Data breaches and other cyber attacks erode patient confidence, leading to potential legal impacts, financial losses and a damaged reputation. For health tech vendors, a known breach can be devastating for securing future clients. Crafting effective communications during a crisis is essential to minimize damage and maintain the remainder of the trust of patients, partners and stakeholders.

Need help managing your crisis? We’re ready to help!

Building Your Communications Plan

A well-prepared communications plan is the backbone of effective crisis management. In the aftermath of a cyber attack, chaos can ensue if roles, responsibilities and lines of communication are not clearly defined. A robust crisis communications plan outlines the stakeholders, their duties and the chain of command for decision-making and messaging.

When a cyber-attack occurs, swift action is vital. Organizations must identify the nature and extent of the breach to assess potential damages accurately. Concurrently, determining the appropriate authorities to notify is essential to meet legal obligations and ensure a coordinated response.

Collaboration with legal teams during a crisis is crucial. Legal counsel can assist in crafting specifically-worded communications to minimize the risk of litigation and protect the organization. Waiting or saying nothing is not a viable solution, as it provides an opportunity to shape the narrative without your input, potentially exacerbating the situation.

Internal communication is the backbone of a unified response. Employees need to be informed promptly and accurately, striking a delicate balance between transparency and preventing panic or speculation. Providing clear guidance on data handling, conducting necessary employee training and establishing a chain of command for reporting incidents will contribute to a coordinated effort to combat the incident.

Presenting with a unified and authentic voice is crucial for external communications in a crisis. Designating a singular spokesperson to share verified information, updates on the incident and preventive measures helps maintain transparency, show proof of a reaction and reestablish trust with your public. Organizations can ensure that stakeholders are promptly and consistently informed by selecting the appropriate communication channels, such as press releases, website updates and social media posts.

Responding with Empathy

It’s natural for those impacted to have concerns about potential incidents involving their sensitive information. Addressing these concerns with empathy and transparency is paramount. Acknowledging the impact on individuals affected and outlining the steps being taken to mitigate the situation can help ease anxieties and demonstrate the organization’s commitment to resolving the crisis.

Your communications should never assume or presume blame without confirmation. Keep your messaging factual and calm. After an attack, rebuilding trust and reputation is a gradual and sensitive process. Organizations must invest in enhanced cybersecurity measures to prevent future incidents and reassure stakeholders of their commitment to safeguarding sensitive data.

Communicating proactive steps for those impacted to protect their data further underscores the organization’s dedication to the welfare of its patients and partners. Consistent and proactive communication through various channels helps rebuild confidence in the organization’s ability to handle crises effectively and prioritize the safety and security of those it serves.

Secure Your Cyber Attack Communications Plan

Public relations play a pivotal role in managing the fallout of any crisis, especially a cyber attack. Proactive cybersecurity measures and a well-executed crisis communications strategy can make all the difference in maintaining trust, reputation, and patient safety. In the wake of a cyber attack, healthcare vendors need a team with keen insights and communication strategies, a decisive factor that can substantially influence operational effectiveness.

Our health technology public relations team is here to provide our expertise and support to help navigate through crises. Together, we can help protect your organization and keep your stakeholders informed, working to make you stronger from any adversity. Trust Clarity Quest Marketing to be your partner in safeguarding your organization’s reputation.

Andrew Thompson-Young

Author Andrew Thompson-Young

More posts by Andrew Thompson-Young