Healthcare is a major hacking target. Get ready before things get messy.
Data breaches are stinging organizations in all sectors of the healthcare industry. According to IBM, the average cost of a data breach is $3.86 million, and the financial stakes for healthcare are even higher. The average cost of each lost or stolen record is about $408, which is twice as much as in the financial industry.
>> READ: 5 Data Breaches That Show How Cybersecurity Must Evolve
The financial burdens are not the only challenges that arise from a data breach. Company branding, especially for healthcare organizations, relies on trust. It’s important for companies to be prepared for communication challenges in the face of a crisis. I’ve outlined five steps healthcare companies need to follow in the wake of a data breach.
A faulty response to a crisis is oftentimes irreversibly damaging for a healthcare organization, which is why creating a communications plan that considers all potential risks is critical.
Not all breaches will be the same, so it is important to consider multiple scenarios. Identify the potential for risk in your organization and imagine the worst-case scenario. Next, identify your stakeholders. Who will be affected by this breach? What are the financial, emotional and overall business effects of the breach? Finally, how are we going to rectify the situation?
Sketch out the scenarios and action plans to prepare your team for swift and consistent action.
A crisis is not a time of concealment — it’s important to be open with your customers, patients and investors. Explaining the who, what, when, where and why is necessary to preserve patient and customer trust, while simultaneously respecting patient privacy and other regulatory matters. Ensure that your risk assessment and legal teams are involved in the drafting and approval of any statement. You want to make it right, but you also need to protect your company’s rights.
With the rise of data breaches, consumers expect some information immediately. Healthcare communications teams need to create a comprehensive statement that coveys what happened and when, who it affects and the action plan in place to address the issue. If you don’t have a complete view of the situation when the news is breaking, share the details you have and notify them of timing for more information.
With any communications plan, it’s important to cover all of your corporate communication channels with a clear, consistent message. The official statement should appear on your website in the form of a homepage announcement or a blog. Use your email distributions lists to inform your stakeholders about the breach and next steps. Create social media posts that link to your official statement on all relevant platforms. Depending on the impact of the breach, a press release can also be beneficial.
Equally as important are the internal communication pieces — your organization needs to communicate the situation to your internal employees, board members and investors. A good way to start is with a series of email communications from the executive level with corresponding small groups or one-on-one meetings with managers. Managers will need talking points and coaching on how to answer difficult questions.
With over 2 billion breaches occurring in 2017, consumers expect more than an apology. Healthcare data breaches are particularly sensitive.
Communicate what steps your organization is taking to fix the situation and how you are improving security systems. Institute a hotline, email address or dedicated support team to answer questions from affected customers.
Since the stakes are so high in a healthcare data breach, I recommend finding an experienced public relations partner to help handle the moving parts. A strategic PR partner will assist with tasks such as effective press release writing, media training, interview prep, social media content creation, and the list goes on and on. A data breach is not the time to short change your communication strategies.
A PR partner also brings an outside perspective to the mix. With the benefit of experience, PR professionals can plan for the long-term communication challenges in the aftermath of a data breach. Time does not stop for a data breach and neither should the commitment to your brand. The right partner can help plan for the future and create new strategies for your brand to succeed post-breach.
By planning for a crisis appropriately, you not only set your organization up for a quick recovery but also set a precedent of trust and respect for your end users — even when the worst happens.
Kristen Broyles is an experienced social media marketer with a penchant for B2B tech and healthcare clients. She brings a passion for storytelling to building audiences and engagement in under 280 characters.
Get the best insights in healthcare analytics directly to your inbox.
Related
Judge Upholds $4.3M Data Breach Fine Against MD Anderson
What to Do Before and After a Data Breach
How Healthcare Organizations Can Protect Against Medical Identity Theft
Cybersecurity panel: Hospitals threatened by attacks aimed at vendors
November 4th 2024Chief Healthcare Executive presents another installment from our conversation on cybersecurity, with experts from the American Hospital Association, HIMSS and Providence. They talk about breaches tied to business partners.
Cybersecurity panel: The scope of recent ransomware attacks in healthcare
October 28th 2024Chief Healthcare Executive hosted a discussion on cybersecurity with leading experts from the American Hospital Association, HIMSS and the Providence health system. They talked about the growing problem of cyberattacks.