But what if you miss something?
What if your safety net fails?
Unfortunately, despite having security protocols and following a policy, your clinic may find itself hacked and your data held for ransom.
If a situation such as this happens, it is vital that you have a PR plan prepared for how to handle your patients and the press. HIPAA regulations require your patients to be informed if their personal information is breached, and it is often difficult to keep bad news from reporters.
Thankfully, being prepared in advance with a press release will allow you to handle the situation with more ease and much less stress, leaving you free to focus on more important aspects of the problem. In an effort to provide you with a starting place in developing a plan for speaking with the press, we’ve written a press release template.
The benefits of technology in the medical community far outweigh the risks, but that does not mean you shouldn’t be aware and prepared for if and when they come.
For more information on cyber security for your medical practice, click here to download a Free copy of our ebook, Cyber War: Securing Patient Health Information in Today’s Electronic Environment.
Example Press Release
FOR IMMEDIATE RELEASE
Phone number and email address
City, State – [Company Name] announced today that it has suffered [describe breach incident; for example: loss of customer information stolen from computer systems, unauthorized intrusion from computers, etc.]. [Describe the number of customers and systems that have been affected or compromised]. [Explain whether the information has or has not been recovered, and, if it has not yet, what the company is doing to ensure that it is recovered]. [Company] alerted law enforcement authorities, and all necessary steps are being taken to locate those responsible for the breach. [Company] is cooperating with [others parties involved] in order to recover all of the lost information.
[Company] is launching a full investigation in order to determine the full extent of the breach. They have employed the help of [leading computer security company experts] in order to provide answers as soon as possible. [Company] expects to provide its patients with more information once it becomes available. Since the breach, [Company] is taking steps in order to secure its computer systems in order to prevent further incidents in the future.
[Insert a quote from CEO or owner of practice apologizing for incident and reassuring customers and public about the steps that are being taken to fix and prevent future problems].