It’s enough to make hospitals and health care companies sick.
Consumers are more worried than ever about their protected health information (PHI) being compromised, thanks to high-profile breaches like Anthem and Allscripts.
The recent RSA Data Privacy Report, which surveyed 7,500 consumers in the U.S. and Europe, showed that 59 percent of the respondents were concerned about their medical data being compromised, while 39 percent were worried that a hacker would tamper with their medical information.
It’s an increasingly acute situation for health care providers and patients. It’s not just that personal data is being compromised—which is bad enough—but data of a highly sensitive nature.
Indeed, cybersecurity attacks are rising, and 2018 might be the worst year yet, with 67 percent of CISOs saying a cybersecurity attack will happen to their organization this year, according to recent survey from Ponemon Institute.
The cold reality is that for many health care organizations it’s not a matter of if they’ll suffer a cyber attack, but when and how severe the damage.
The proliferation of computer breaches is putting increasing pressure on the health care sector to find ways to inoculate their medical records from bad actors.
Whether it’s a cyber attack, security breach at physical locations or major mix-up with medical supplies impacting hundreds of patients, hospitals face potential crises on multiple fronts these days. Health care companies ignore the various threats at their own peril.
Hospitals and health care providers don’t have to reinvent the wheel, but certainly need to sharpen their crisis communications strategies and find proactive ways to leverage both traditional and digital PR channels.
With that in mind, here are three ways that hospitals and health care providers can bolster their crisis communications plans:
1. Marshall multiple media channels online and offline.
• Hospitals should harness a myriad media of channels to educate and inform stakeholders about what to do/what their role is in the event of a crisis.
• Create multi-channel and consistent messaging regarding crisis communications, with easily digestible information.
• Provide guidance for physicians, nurses and medical staff for how to talk to their patients about how a crisis might affect their treatment and/or hospital stays.
• Throughout physical locations—hospitals, affiliates, etc.—include easy-to-understand signage about the provider’s crisis communications plans and cite relevant websites for patients to visit to get more detailed information.
• Social channels, of course, are good for keeping stakeholders apprised about the beginning, middle and aftermath of a crisis in real time. Communicators need to train medical providers on the ground how they use various social platforms during a crisis.
• Automate your social channels so they can provide instant messaging regarding contingency plans stemming from specific crises, such as a blackout or drug shortage.
• When using social channels it’s crucial that communicators not divulge information that skirts the regulatory line or add any superfluous information.
• Wrapped around the entire process is how to measure the effectiveness of crisis communications so companies can learn from their efforts and make changes accordingly.
2. Set up company protocols.
• When a crisis hits it’s vital that hospitals ensure continuity of care. Hospitals need to create a “matrix” communications system including automated texting, social media messaging and auditory notifications throughout physical locations, for example. In crisis communications, half the battle is proper preparation and having a strong contingency plan in place.
• Perhaps most crucial protocol-wise is for communications pros to create a living, breathing document—smartly distributed online and offline—that enumerates protocols, answers critical questions and points to how to improve crisis communications incrementally.
3. Hire dedicated cyber security personnel:
• Hackers are not just targeting hospitals, but medical devices, an extremely scary prospect for hospitals’ boards of directors and C-suite executives. These systems are easy to hack because the computers often run on antiquated, unsupported systems. Medical devices must be constantly updated and reconciled with software tools. The best way to tackle the issue is for hospitals to invest in qualified cyber security personnel, who can work directly with communicators to create new (and interactive) ways for how their constituents can protect themselves from hackers.
• Despite a rash of massive cyber attacks the last several years, most hospitals don’t have a single qualified security person on staff. That must change if hospitals are not only to improve their overall crisis communications, but send a dramatic message to the marketplace that the organization takes cybersecurity seriously and is investing in ways to combat it.
There are ample reasons for U.S. health care provides to reboot their crisis communications plans, starting with an aging population demanding more medical care. The flip side to the coin is the tremendous advances in medical devices that are taking place. (In some respects, the future has already arrived via AI’s impact on medical devices/procedures.)
But the advances in medical care and high-tech treatments are a double-edged sword: While they prolong life and make things more comfortable for patients, they leave hospitals more open to cyber breaches and other criminal activities.
Hospitals and health care providers must embrace multiple communications channels to brace what’s expected to be a significant and multilayered issue for their affiliates, patients and partners well into the future.
By Liam Collopy, Executive Vice President, Harden Communications Partners, a Stanton company
Harden Communications Partners, a Stanton Company is a leader in healthcare public relations and crisis communications. For additional information, please contact us at Lcollopy@hardenpartners.com