Count On Coffey
Back to Issue 3, 2025Surviving a data security breach
One thing high on your list of marketing nightmare scenarios is happening: Your IT department is reporting a data breach at your organization. What's to be done? First, take a deep breath and remember you are not alone. In the U.S. in 2024, 603 healthcare organizations went through some form of data breach. The good news is that you'll get through it, too, and there are steps you can take toward regaining the trust of your patients and community.
1. Respond immediately and communicate clearly
The first step in preserving trust is to respond with speed and transparency.
Hospitals and health systems must:
- Promptly and appropriately inform patients about the breach using clear, honest communication informed by breach council.
- Use all channels available, including website banners and alerts, secure text messaging, and HIPAA-compliant emails.
- Provide details about what went wrong—as long as it doesn't compromise ongoing security efforts.
- Establish a dedicated hotline to address patient concerns.
2. Demonstrate enhanced security measures
To rebuild confidence, it is also important to show your commitment to strengthening cybersecurity.
For example:
- Invest in advanced encryption technologies.
- Implement comprehensive employee training programs.
- Conduct regular security audits.
- Demonstrate proactive enhancements to cybersecurity infrastructure.
3. Offer tangible support
Providing concrete assistance to affected individuals can help regain trust. You could:
- Offer credit monitoring services or identity theft protection services.
- Offer optional incentives, such as appointment discounts or free consultations.
4. Implement strategies for building long-term trust
Rebuilding trust is an ongoing process that requires consistent effort. Be sure to:
- Maintain regular communication with patients, explaining improvements and ongoing security measures.
- Invest in patient relationships by training staff members on how to build stronger connections.
- Emphasize patient privacy in all interactions.
- Showcase a long-term commitment to data security through actions and communications.
5. Learn and improve
Demonstrate that the organization has learned from the incident:
- Conduct a thorough post-incident analysis.
- Update incident response plans based on lessons learned.
- Implement stronger preventive measures.
- Report on the steps your organization has taken to prevent future breaches.
6. Adhere to compliance and risk management best practices
Emphasize ongoing efforts to maintain regulatory compliance and manage risks:
- Conduct regular risk assessments to identify and address vulnerabilities.
- Establish comprehensive risk management plans.
- Ensure that all business associate agreements are up-to-date and compliant with HIPAA regulations.
A chance to forge stronger, more resilient bonds
Use this opportunity to revisit all aspects of your communication strategy, reach out to colleagues who have gone through similar events and remember that rebuilding trust takes time. Be consistent and transparent, and your efforts will pay off.
"While a cybersecurity event will always be a crisis, you can prepare," says Mindy Warner, Vice President of Marketing & Public Relations at Liberty Hospital in Liberty, Missouri. "If you are aware of another health system that has gone through such an experience, reach out. Chances are they will be happy to share their key learnings. Lean on relationships with key partners, such as other area hospitals and EMS—it will be important to work together to ensure the best patient care remains readily available. Engage breach council immediately. They will be instrumental in providing guidance and supporting communications. Ensure back-up policies, procedures and order sets are ready. Prepare your senior leadership team to be transparent, available and visible."
Categories: Security

Partner with an agency committed to security
Coffey’s web hosting and mailing services data systems are HITRUST CSF-certified. If you’re looking for a digital partner who takes security as seriously as you do, give us a call at 888.805.9101.