Strong Crisis Response Is Critical During Cyberattacks

Having strong cyber security in healthcare is important in today's digital world. Be prepared for cyber security threats and data breaches with a crisis response plan.

COVID-19 challenged healthcare brands in 2020. Now there is an increased need for a strong crisis response due to a rising number of cyberattacks and data breaches that can hold your hospital hostage. While IT departments typically manage cyber security in healthcare, marketing teams must be able to communicate with patients about cyberattacks and data privacy.

Healthcare systems are increasingly targets of cybercriminals. In 2020, nearly two healthcare data breaches of 500 or more records occurred each day. On average, resolving such a breach costs more than $8.5 million.

The costs of ransomware payments, restoring data and resuming operations are just part of the financial hit. Regaining patient trust comes at a higher cost, especially if names, birth dates, Social Security numbers and medical information are posted online.

According to the Edelman Trust Barometer 2021, nearly 70 percent of survey respondents say they are “concerned” about hackers and cyberattacks, while more than half of those report being “fearful.” A slightly lower number is concerned about contracting COVID-19.

While the same survey indicates a slight decline for healthcare sectors, overall trust remains at 66 percent.

Almost everything about the healthcare journey seems to pose security risks now—drive-by and pop-up testing sites; vaccination clinics in convention centers, churches, and parking lots; and increased risks with remote patient monitoring.

Add in the battle with misinformation about COVID-19 and vaccines. Compounding those worries, a recent World Health Organization warning reveals that counterfeit or compromised vaccines and forged vaccination certificates are readily available on the dark web.

So, how do we protect our patient’s trust in us as guardians of their health and confidential medical information?

Play nice with the IT department.

You’ve been in meetings where the IT team looks at the marketing team like you’re aliens! How can you not understand what they’re saying? Probably because it’s a completely foreign language!

As healthcare moves from controlled environments, the need to strengthen cybersecurity measures within healthcare with clear communication increases. This requires collaborating with IT to develop a strong crisis plan in case of a breach.

While IT prioritizes healthcare cyber security by working to ensure confidentiality and integrity of patient data, the marketing team needs to tell those patients about what you’re doing to protect their privacy.

Ramping up security can also include communication to hospital staff about such cautionary measures as:

  • Protecting patient information on computer screens:
    • Carefully monitoring printers to safeguard patient data;
    • Securing laptops or other remote work devices with patient records;
    • Protecting log-ins and passwords, ie. do not keep on random Post-it notes.

Make a crisis response plan. Test it. Tweak it.

Remember instructions on shampoo bottles to “wash, rinse, repeat?” That rings true when creating a strong crisis response plan. Most healthcare facilities were unprepared for the coronavirus crisis. One director of a hospice care service remarked that shortly before the pandemic, her team drafted crisis plans for every imaginable scenario. The one they turned to when the pandemic hit was created as a joke—what to do in case of a “zombie apocalypse.”

Crisis communication plans are fluid documents to revisit every few months in collaboration with department heads throughout the hospital. Due to the growing number of cyberattacks, several free resources are now available including:

Set expectations for open, transparent crisis communication.

Breaches of patient records increased more than 180 percent in the second half of 2020. Most of those resulted from hacking, not misplaced computers or flash drives.

As any hospital can be a target of cyber threats, you want a strong response in place if it happens. As others work behind the scenes, the marketing department should position the CEO to communicate openly and as transparently as possible.

Keeping responses brief, simple and to the point is critical to maintaining trust. Ransomware attacks are likely to interrupt hospital operations, sometimes prompting closed ERs and cancelled surgeries. Tell the public. Don’t leave them wondering.

Treat bad news as extra media coverage for protecting the public.

The American Hospital Association warns that cyberattacks are not “white collar crimes, but threat-to-life crimes” and advises hospitals to remain vigilant against cybercriminals. A lack of cyber security in healthcare poses a serious threat to your facility and patients.

If a breach occurs, immediately respond to the crisis by sharing with the media the steps you’re taking to protect patients. Regard it as an opportunity to remind people how to safeguard their own data. Update them on phishing schemes or fraud alerts, especially relating to health information.

The entire community is at risk to cyber crimes. Even if you can’t share specifics about the attack, direct responses to reassure your patients that their protecting their health remains your priority.