Skip to main content
Public Relations

Beyond the breach: A new era in healthcare crisis communications

Unless you live under a rock, it’s pretty hard to have missed the recent announcement that Change Healthcare, a unit of UnitedHealth Group, experienced a cyberattack that left the largest U.S. healthcare payment system paralyzed, according to The New York Times.

So, what does the breach mean for how healthcare companies talk about security and cyber threats?

While cyberattacks have almost become commonplace in healthcare, this is one of the most significant breaches in recent history, impacting hospitals and healthcare organizations nationwide—even eliciting a formal statement from the U.S. Department of Health and Human Services on how providers can continue to serve patients despite cash flow concerns.

This high-profile incident highlights the vulnerabilities inherent in the healthcare industry’s digital infrastructure and marks a pivotal moment in how organizations must approach security and cyber threat communications. In this new era, the focus shifts significantly toward addressing the technical aspects of cybersecurity and how these issues are communicated to the public, patients, and other stakeholders.

For a health tech public relations agency, the Change Healthcare cyberattack serves as a critical case study. It underscores the need for a comprehensive strategy encompassing crisis communication, proactive education, and transparent, ongoing dialogue about cybersecurity measures and protocols.

Healthcare technology companies must work harder to build and maintain trust, ensuring individuals are informed about the steps being taken to protect sensitive data against increasingly sophisticated cyber threats.

The cyberattack: A wake-up call for healthcare

Without delving into the technical specifics that could inadvertently assist potential future attackers, it’s crucial to understand the magnitude and implications of this breach.

Change Healthcare’s systems were significantly compromised, leading to widespread disruption in the processing of healthcare payments. This incident interrupted operational workflows and exposed the sensitive personal data of millions, putting patient trust and data security at considerable risk.

For B2B communications, trust is pivotal. As the industry strives for interoperability across systems, this interconnectivity demonstrates the cascading consequences that can arise from a single point of failure. The fallout from this attack has laid bare the fragility of patient, provider, and payor trust in the digital age.

As data breaches become increasingly common, each new incident chips away at the public’s confidence in healthcare providers’ ability to safeguard their most personal information. The recovery from such breaches is both technical and deeply rooted in restoring this lost trust through transparent communication and demonstrable improvements in security.

PR strategies in the wake of cybersecurity threats

It can be easy to hope for the best and hope hackers or rogue organizations won’t target your company. Unfortunately, for most organizations, experiencing a cyberattack is a question of when and not if.

That’s why it’s paramount that organizations regularly evaluate security protocols and have a crisis communications plan ready for timely and transparent communication with stakeholders to help manage the narrative and present a position of preparedness, not reactiveness.

Here’s how healthcare organizations can navigate the complex landscape of PR in the wake of cybersecurity threats.

Emphasizing crisis communication plans

A robust healthcare crisis communications plan is the first line of defense for any organization facing a cyberattack. Such a plan should:

  • Clearly identify the crisis communication team, including PR professionals, legal, cybersecurity experts and key decision-makers within the organization who can respond quickly.
  • Outline specific internal and external communication protocols, ensuring timely and accurate dissemination of information.
  • Include templates for press releases and social media posts to be adapted in real-time, enabling swift responses to evolving situations.

Your crisis communication plan must be dynamic, allowing for rapid adaption as details of the cyber incident unfold. Regular drills and updates to the plan are essential to prepare for potential cybersecurity incidents, ensuring all team members know their roles and responsibilities when a crisis occurs.

Educating the public on cybersecurity measures

An integral role of PR in the wake of a cybersecurity incident is to educate the public about the measures being taken to safeguard patient information and prevent future breaches. This can involve:

  • Detailed explanations of new or enhanced cybersecurity protocols being implemented
  • Tips and resources for patients on protecting their personal health information
  • Webinars or public forums with cybersecurity experts to discuss steps the organization is taking and to answer questions

This educational effort helps rebuild trust and positions your organization as a proactive and transparent entity committed to security and privacy.

Looking ahead: The future of healthcare crisis communications

The future of healthcare crisis communications is inevitably tied to the continuous evolution of cybersecurity threats.

As we look forward, here are some predictions and strategies for staying ahead:

Continuous evolution in response to cybersecurity challenges

  • Integrated communication strategies: Expect a more integrated approach between PR, marketing, legal and cybersecurity teams to ensure cohesive messaging around security issues.
  • Advanced technology use: Look for the adoption of advanced technologies like AI and machine learning in communications strategies to predict and personalize messages about cybersecurity, enhancing engagement and trust.

Innovation in PR and marketing strategies

  • Dynamic content strategies: Organizations must continually innovate in their content strategies to keep their audience informed and engaged about security measures and data protection efforts, meeting them where they receive information.
  • Interactive platforms: The use of interactive platforms and tools, such as webinars, live Q&A sessions and virtual reality experiences, to educate the public about cybersecurity in healthcare will become more commonplace.

Staying ahead in cybersecurity

  • Proactive measures: Implementing advanced cybersecurity measures and effectively communicating these efforts will be critical to building and maintaining trust.
  • Partnership and collaboration: Collaborating with other healthcare organizations, cybersecurity firms and regulatory bodies to establish industry-wide standards and share best practices for cybersecurity and communications will become a bigger priority.

The intersection of communications and cybersecurity is becoming increasingly crucial in the digital transformation of the industry, and every healthcare leader should be paying attention to it.

By adapting PR and marketing strategies to increase focus on security, education and transparency, healthcare organizations like yours can navigate this challenging landscape, protect patient data and maintain trust.

Andrew Thompson-Young

Author Andrew Thompson-Young

More posts by Andrew Thompson-Young