Case Study

Issues

Preparing for cybersecurity threats 

A large public healthcare system engaged Revive to support them after they noticed unusual network activity and suspected they were the target of a cyber-attack. 

While cybersecurity consultants worked to determine the depth and breadth of the potential attack, Revive began to develop communications plans in the event the cybersecurity experts identified a breach. Revive activated its crisis and issues team which worked hand-in-glove with the client’s own internal and third-party analysts as well as its executives to develop the response strategy. 

Aligning communications to minimize negative attention 

Healthcare data breaches are both reputational and operational threats to health systems across the country. Any response to such needs to be treated with the seriousness it deserves. 

Working with the client’s own team, Revive developed a strategic communication plan that would protect the hospital’s highly regarded reputation, show concern for affected parties, demonstrate the health system’s strong resolve to fixing the problem and minimize negative media attention. 

Revive coordinated across all informed parties to ensure the communications plan was aligned with the legal plan. Using this information, Revive developed a messaging framework that was tailored to key audiences. By being proactive and developing messaging to inform FAQs, talking points, letters and media statements, the health system was prepared to handle the issue if and when it became public information. The key messages that Revive developed also ensured that the health system would speak with a unified voice throughout the issue and equipped the health system to respond quickly to information requests and therefore lessen the spread of false information. 

Strengthening future communications efforts 

Network and forensic analysis concluded that although there was unusual activity present there was no conclusive evidence that patients’ personal information was compromised. Therefore, this breach was a false alarm and there was no need to inform the public or patients of the mishap. No unnecessary notices to patients and the public were sent out. Although this was a false alarm, the client was able to reflect on the lessons learned and strengthen their future communications efforts should there be a breach in the future. With Revive’s help, the health system’s team now has a portfolio of messaging at the ready in the event of any future cybersecurity issues.