Protecting a system’s reputation during data breach

We immediately formed a campaign team of system leaders, counsel and communications professionals to manage the crisis as the single source of information. We disseminated information through channels including a dedicated website and call center.

Together, we developed consistent, empathetic messaging to curb misinformation and establish authority on the issue. We then implemented a strategic plan targeting staff, patients and the media.

• For staff, we distributed talking points and instructions to direct queries to a dedicated call center. We worked with the call center vendor to develop the responses and to convey rapid action.
• For patients, we drafted letters from the hospital apologizing for the data breach, explaining how it happened, outlining steps being taken and offering free credit monitoring.
• For media, we developed and proactively shared a press release to control the story. Once the story broke, we monitored and managed responses to traditional and social media.

Patients had clear information about how to protect themselves after the breach. The health system, meanwhile, suffered minimal media coverage from the data breach. By being transparent and sincerely apologizing, health system leaders maintained staff and community trust. By shaping the story early, media reported the incident in a fair way that inflicted no lasting damage.