Healthcare, Cybersecurity and Heartbeats
During HIMSS 2016, I was reminded of the simple reality that healthcare is about heartbeats. Yes, it’s a complex industry with many niches and focus areas, but at a fundamental level the industry revolves around human life — keeping our hearts beating.
It’s clear that the community tasked with protecting those heartbeats finds itself both empowered and embattled by how technology is changing their world. Digitization of care greatly improves the healthcare experience for patients and practitioners alike, yet that digitization has also awoken a broad set of cyberadversaries who see the healthcare industry as a rich target for theft, fraud and vandalism. Perhaps even worse, industry cyberattacks have the potential of hampering the flow of patient file information, possibly causing physical harm.
Stopping cyberattacks should always be a goal, but it’s never a guarantee. At HIMSS I discussed how healthcare companies can think about navigating cybersecurity crises from a communications point of view. Here are three points that should be considered:
- First, one size never fits all. Success in a cybercrisis starts with a versatile plan that prepares for different threat scenarios. The way your company responds to a ransomware attack holding your data hostage is fundamentally different than your response when attackers take your patient portal offline. In healthcare there isn’t just one threat scenario, there are many. Understanding and anticipating these reactions will help you keep a steady hand while reacting to turmoil in the public eye, and help you reassure customers who may be hearing doom and gloom from others in the industry more concerned with amplifying your news cycle in an attempt to grow their own businesses. It all starts with planning for specifics and speaking in specifics.
- Second, triage matters in cybersecurity too. A crisis tends to throw people into chaos and puts people off their game. Your job is to create order out of chaos. For example, having clear roles and responsibilities on everything from who takes the media’s calls to keeping executives informed is mission critical. Cybersecurity news cycles have a habit of moving quickly and leaving you behind (often without the courtesy of waiting for your public statement). If you miss your window to influence the narrative, the reputational damage can be severe and unnecessary.
- Third, don’t lose your voice. The most dangerous phase of the news cycle isn’t hour one, it’s everything that comes after the initial news is reported. Cybersecurity news has a pattern. Our internal research shows that if you stay engaged from breaking news through resolution you consistently receive more positive coverage. Period. End of story. Unfortunately, if you cede the microphone, even unintentionally, during a cybercrisis, chances are very good that someone else will pick it up. When that happens you’ll see your news turn 11 percent more negative just like that. Keeping an authoritative, customer-focused voice throughout the news cycle is your best defense against this type of Monday morning quarterbacking.
It pays to have a detailed plan, an organized team, and the vision necessary to always keep your customer in your sights. Cyberattacks might be inevitable, but they don’t have to be crippling. In my agency’s experience, the right plan can quickly treat a cyberheadache, and help return healthcare professionals’ focus back to where it belongs — on heartbeats.