Your Next Medical Public Relations Disaster: Stolen Patient Records
It's likely that your health system, hospital or practice will soon be the victim of a cyber crime. Your medical public relations disaster is not “if,” but “when.”
The actual victims include patients and the loss of personal data. Compromised health record information is a medical public relations emergency waiting to happen. Your brand and marketing goodwill is vulnerable.
That is, if it hasn’t happened already. Your patient electronic medical records (EMR) database is a prime target. Perhaps it was among the 100-million-plus health records already stolen. “Experts say healthcare record hacking is skyrocketing. It's up an astounding 11,000 percent last year alone,” according to NBC News.
“Roughly one out of every three Americans had their health care records compromised and most are completely unaware. Such hacks give criminals a wealth of personal information that, unlike a credit card number, can last forever.”
Many records show up for sale where hackers openly advertise what they've stolen. “One site offers fresh healthcare profiles stolen last year in California boasting ‘you can use those profiles for normal fraud stuff or to get a brand new healthcare plan for yourself.’”
Recent examples range from insurance companies to doctor’s offices. And from a big city medical center to a rural, community hospital.
A few months ago, a high-profile Los Angeles hospital was the victim of a cyber attack for ransom. With nationwide news coverage, Hollywood Presbyterian Medical Center reportedly paid “about $17,000 to hackers who infiltrated and disabled its computer network.”
News coverage was less spectacular at the 18-bed Clay County Hospital (in Illinois). An undisclosed ransom was demanded for stolen patient records.
Why health records? Why now?
Cybersecurity experts warn that electronic health records are an attractive target for hackers for several reasons:
- The healthcare industry is comparatively new to digital data storage. Youthful EMR installations are less secure or defense-minded. (Retail data breaches, on the other hand, are going down.)
- The industry is more fragmented than others, such as banking. And health data is more vulnerable. It is shared by various providers and offices, service and support firms, and individuals.
- Personal identifier data is valuable on the black market. A stolen credit care can be canceled. But names, Social Security numbers and similar info can be used repeatedly to get loans or commit other fraudulent offenses.
How to prepare for your pending medical public relations mess...
There’s no “good news” side to being the victim of identity theft and/or ransom. Statistics say that it’s likely to happen to you. Use the time to prepare in advance for how you will deal with the PR, marketing and patient experience side of “bad news.” Some steps to take:
- Create a strategic plan that includes your entire organization. Recognize that it’s a looming crisis that deserves the time and attention of top management and every department.
- Provide maximum disclosure with minimum delay. Let the public and the entire organization know—to the extent possible—the timely and pertinent details.
- Direct news media calls to the designated spokespersons. Be forthright and responsive, but coordinate exactly who speaks for the organization.
- Use extra communications methods to inform patients, all stakeholders and the community. Don’t rely only on external news media “to get the word out” to the public.
- Be regular and consistent with news and updates. Nobody likes “bad news.” But the public appreciates open and honest distribution of important news and details.
If you don’t have a medical public relations plan in place, give us a call at (800) 656-0907. We can discuss your business goals and a cost effective healthcare public relations program.