Strategic Communication Essential for Healthcare Cybercrises, Experts Say
As healthcare organizations continue to grapple with the rising threat of cyber incidents, crisis communication planning is more critical than ever. Tom Bolitho, a crisis communications expert at FTI Consulting, emphasizes that the proactive development of a communications strategy is essential for any medical practice anticipating a major cybersecurity event.
Bolitho asserts that maintaining transparency and consistency is vital when managing communications during a cyber crisis. It is crucial for healthcare entities to disseminate accurate and unambiguous information to patients, employees, regulators, and the broader public during such events. He notes that organizations must avoid making premature statements or speculating about the incident, as misinformation can exacerbate the situation and undermine trust.
A central tenet of effective communication during a cybersecurity incident is adhering to the facts and demonstrating an unwavering commitment to transparency. Bolitho points out that it’s imperative for organizations to avoid discussing unverified information that may change as more details emerge. He explains the importance of placing patient care at the forefront of communication efforts, particularly in the critical early stages following a cybersecurity breach.
In a recent interview with Information Security Media Group, Bolitho discussed various aspects of cyber incident communication strategies. He highlighted best practices for managing information flow before, during, and after a cybersecurity event, emphasizing the need for preparation to mitigate technology outages that could impede electronic communications. Additionally, Bolitho touched upon national security implications tied to communications during cyber events affecting critical infrastructure and the complexities involved in liaising with law enforcement, regulators, and external analysis entities during a crisis.
Furthermore, he addressed the specific challenges faced when handling serious insider breaches, which can pose unique risks to organizations’ reputations and operational effectiveness. Bolitho’s extensive experience in managing cyber incidents within the healthcare sector and across various multinational brands equips him with insights that are invaluable for business owners seeking to reinforce their cybersecurity protocols.
As Bolitho notes, understanding the tactics and techniques outlined in the MITRE ATT&CK framework can provide organizations with deeper insights into potential vulnerabilities. Tactics such as initial access, privilege escalation, and persistence may be relevant when analyzing recent cyber incidents, allowing businesses to adapt their approach to risk management and communication.
In an era where cyber threats are ubiquitous, the call for robust communication strategies has never been more urgent. Business owners in the healthcare sector must take proactive measures to safeguard their operations and ensure effective communication with all stakeholders during potential crises. The importance of creating a strong foundation for crisis communication can help mitigate the impact of cyber incidents and foster resilience in an increasingly uncertain digital landscape.
