Skip to contentSkip to navigation

Healthcare cybersecurity incidents: How to establish control and protect reputation

Healthcare cybersecurity incidents: How to establish control and protect reputation
Written by
Senior Account Executive

Mariah Schippel

Senior Account Executive

It’s no surprise that healthcare organizations are a top target for hackers who seek to exploit vulnerabilities and cash in on valuable patient data. In 2022 alone, there were more than 340 incidents of data compromises in the healthcare sector. For healthcare organizations, it’s less a matter of “if” then “when” and “what.” And, the biggest question after recognizing the issue is often “what’s next?”

For some time, the focus was on a perceived lapse in security that led to the specific incident. Today, the conversation is less about Monday morning quarterbacking and more about the organization’s response.

Hackers disrupt our day-to-day lives in a variety of ways, but there is nothing more personal or urgent than healthcare. Meaning that patients, their families, and their care teams may not have patience or understand when an organization silently navigates the challenge of mitigating damage and restoring operations.

What’s an organization to do?


Plan for the worst—hope for the best. When you get that call at midnight on a Sunday informing you that your organization is experiencing a cybersecurity incident, you will thank yourself for having a playbook in place that outlines roles, responsibilities and response. Getting your legal counsel to review and approve your plan eliminates some of the back-and-forth and supports smarter, more nimble communication that builds confidence among internal and external stakeholders. Every situation is different, but scenario planning and drilling can take you 90 percent of the way.


You have your plan in place, but what are some of the hallmarks of a successful response? It’s all about demonstrating empathy and instilling trust. Legal teams and insurance underwriters can be the bane of any communicator during a cybersecurity incident (although we appreciate that they keep us out of trouble!). We often can’t say much because it is an active negotiation or investigation, but that doesn’t mean that we should go radio silent as patients and employees speculate why certain systems are down. What can you do? At the very least:

  • Communicate the impact on operations to front-line managers and implement your workaround plan to keep care accessible
  • Publish information where stakeholders will look for answers, such as a website notification banner, that acknowledges the impact and promises to keep stakeholders updated as you are able to share more information
  • Equip call centers with a statement and FAQs

Share information about what happened and when systems will be restored as soon as you can. Even breadcrumbs of information help to build trust.


Communicators can’t always fully control how their organization is able to respond in the initial stages of a cybersecurity incident—although laying the groundwork with a strong plan helps influence what can be done. The real opportunity to shore up reputation happens in the months following the incident. We recommend that organizations start with three key steps:

  1. Clear the air—Have leadership participate in controlled forums to discuss what happened. Op-eds, blog posts, and one-on-one meetings with stakeholders give leaders a chance to say what couldn’t be said in the midst of the cybersecurity incident and explain why they had to take certain steps.
  2. Shift the narrative—The cadence of content development quickly resumes, so focus on positive storytelling. Uplifting human stories create a positive narrative that is unlikely to include the cybersecurity issue – such content plays a critical role in improving search results online.
  3. Contextualize the issue—Use the incident as an opportunity to call for a national solution and help address the issue across the industry. Act as a resource to help other victims.

A healthcare cybersecurity incident comes with many unknowns. And while they also come in many different flavors– from ransomware to phishing to data breaches and more – a commitment to preparation and an endorsed communication strategy will give your organization the control you need to emerge stronger.

This article was initially published by our sister company Padilla.

——— Mariah Schippel is a Senior Account Executive at Padilla, sister company of NATIONAL Public Relations