Managing a Security Breach

The best time to manage a security breach is right now before one happens. Unfortunately, as hackers employ increasingly savvy methods of stealing information, network data breaches are happening more and more frequently to businesses of all types, putting some pretty high-profile companies and in the news. However, according to a Ponemon Institute and Verizon Data Breach Investigations Report, the healthcare industry experiences more data breaches than any other business sector. The Department of Health and Human Services is required to maintain a list of healthcare companies that have had data breaches. In the past two years, 16,435,340 patient records have been illegally accessed. And only it’s getting worse. April saw 46 reported healthcare data breaches, a 48% increase over March and 67% higher than the average over the past six years.

According to the Infosec Institute, the average cost of a data breach experienced by a non-healthcare related business is $158 per stolen record. Healthcare organizations, on the other hand, are hit with an average cost of $355. According to the Infosec Institute, credit card information and Personally Identifiable Information (PII) sell for a couple of bucks on the black market, but Personal Health Information (PHI) can sell for as much as $363. The reason it’s so valuable in comparison is because, while credit cards and other financial sources can be shut down, PHI is largely unchangeable. Cybercriminals use it to target victims with frauds and scams. Other hackers use PHI to illegally get prescriptions for their own use or to sell on the black market.

The Federal HIPAA Security Rule mandates that all healthcare providers must safeguard electronic health records (EHR) by using the appropriate physical and electronic precautions to help ensure the safety of patient health information. Any breach of 500 records or more must be reported, regardless of breach methodology: hacking, accidental disclosure by an employee, lost or stolen laptops or mobile devices, or other unauthorized access.

We’ve Been Hacked! Now What?

Once the horse is already out of the barn, you’re forced into a reactive position. Being proactive is always the better route to take. However, if your systems have been breached, here are some immediate steps to take to help manage the situation and address any backlash or negative press.

The first step is to shut down systems to prevent further damage. You’ll also want to identify exactly where and how the breach happened. A lot of breaches are traced back to email attachments.

Hackers leave a trail of time stamps and code. Your IT department will be able to identify these and assess the entire system. Note: If you use SSL Certificates (which you absolutely should be) you must report the breach to your Certificate Authority.

Managing Public Fallout

The biggest hurdle in getting out in front of a data breach that has already occurred is communication and notification. All 50 states, the District of Columbia, Guam, Puerto Rico and the U.S. Virgin Islands have now enacted laws that require both private and government entities to notify individuals when a security breach has occurred. 

As soon as you’ve discovered that your systems have been hacked into, it’s important that you control the message. Don’t let someone else interpret the story, and certainly don’t EVER try to cover up anything. Always be as transparent as the situation allows. A cover-up will always come back to bite you, and it will make your organization appear untrustworthy. It’s as important to inform your internal teams (IT department, any staff with patient contact, PR and marketing department for crisis communications) as it is to broadcast the message externally (email to patients, email to organization stakeholders, an official press release). Depending on the size of your organization or the scope of the breach, you may also want to arrange a press conference with local and/or national media. In this case, it’s best not to attempt to go it alone; let the pros with PR and media relations expertise take the reins.

Basic rules of engagement include:

  1. Accept responsibility if an internal situation or point of failure was the cause of the breach.
  2. Give details and spell out exactly how the breach happened.
  3. Explain the measures that you plan to take to help ensure a similar breach doesn’t happen in the future.
  4. Internally, figure out what you’re going to offer the affected patients (e.g., a year’s subscription to a credit monitoring service).

How to Help Prevent a Breach

Taking a few simple steps can help to keep the bad guys out of your organization. Password security is the easiest one to take. All passwords should be at least 12 characters long and use letters (upper and lowercase), numbers and special characters. IT experts at Georgia Institute of Technology found that a hacker can crack an 8-character password in less than two hours. A 12-character password, on the other hand, would take roughly 17,000 years to crack. It’s also important to prohibit the use of most commonly used passwords such as 123456 or “password.”

Make sure to have Cyber Liability Insurance Coverage (CLIC). While a CLIC policy won’t protect you from cybercrime, it can protect you from financial or business interruption loss due to a cyber attack. CLIC typically covers the following:

  • The investigation:It’s important to conduct a thorough forensics investigation to discover exactly what happened, how you can repair the damage, and how you can prevent a future reoccurrence. Investigations typically involve not only your internal IT department, but also the services of a third-party security firm, and coordination with local law enforcement and even the FBI if necessary.
  • Business losses:A CLIC policy will often include many of the same items that are covered by your organization’s errors and omissions policy, in addition to financial losses because of network downtime, overall business interruption, data recovery and costs resulting from crisis management consulting.
  • Notification services:This coverage includes sending the mandatory data breach notifications to patients and other affected parties, which, as indicated above, are mandated by law in all U.S. states and territories, as well as paying for credit monitoring for people whose information was or might have been breached.
  • Lawsuits and extortion:This coverage includes any legal expenses, settlements and regulatory fines that you may incur as a result of the breach. It might also include reimbursement for the costs of cyber extortion, such as money lost as a result of being hit with ransomware.

Taking these steps will help protect you from an attack as well as help you mitigate the potentially negative impact of an IT security accident. When implemented correctly they will also reflect your organization in a more positive light, showing that you’re reliable, responsible and transparent.

McDonald’s

Marketing / Communications

We help one of the world’s best brands increase sales and guest counts through reputation management and content marketing that successfully maximizes paid media efforts.
 

Find out how.

Close

Request Your Guide to Ghidotti!

We’d love to start a conversation with you about how we can create results for you. First step? Request your very own Guide to Ghidotti to learn more about our public relations and content marketing firm. This is a look inside our agency and will give you a good feel for who we are, what we do and how we partner with our clients to move the needle.


Close

Are You the Next Rock Star on the Ghidotti Team?

The Ghidotti Team is overflowing with full-fledged rock stars. Sure – we’re looking for the best, brightest, most creative, most organized. You get the picture. But what we REALLY want is someone who we can laugh with, depend on, learn from and do great work together. Learn more about who we’re looking for and what you can expect.

Ghidotti is currently hiring for three positions listed below – Account Executive, Account Supervisor and Media Relations Manager.

Account Executive Job Description: 

In the Account Executive position, emphasis is placed on growing independent work within the areas of project management, client relations, media relations, digital/marketing, and/or lead generation among other skills. You are the face to our clients and will play an integral role in daily communication and should be able to demonstrate tactical excellence. 

  • Write client and internal correspondence effectively and with limited supervision.
  • Successfully plan and execute client activities such as media tours, digital and social campaigns, business missions and/or other special events. 
  • Proactively identify blog content story ideas and work with the supervisor to develop. 
  • Develop relevant blogs, e-newsletters and website content effectively and with limited supervision. 
  • Successfully manage independently the execution of all client content calendars, which can include media relations pitch calendars, blogs, social content and paid media campaigns.
  • Exhibit competency and efficiency in drafting copy for client marketing materials and/or campaigns, such as website content, e-newsletters, collateral materials, paid media campaigns, etc. 
  • As it relates to social/digital media, regularly suggest ideas, manage the planning, and comfortably execute campaigns on behalf of clients. Efficiency with Canva, a plus!
  • Assist in the management of interns, when applicable. 
  • Be proficient in WordPress.
  • Easily navigate agency platforms such as Cision, TVEyes, Sprout Social, Sprinklr.
  • Depending on the needs of the service area, responsibilities may extend beyond the items above as skill sets, client contracts and other extenuating circumstances dictate.

Apply for this open position by emailing Bethany Siems at bethany@ghidotti.com.

 

Account Supervisor Job Description: 
In the Account Supervisor position, a staff member will be responsible for assisting and managing the public relations, content marketing, digital media, account services and/or creative/strategy for clients. This position requires fully developed specialty skills, a strong understanding of the industry landscape and an understanding of client priorities and objectives.
  • Serve as the account strategist/lead and oversee/play a clear leadership role on at least three clients.
  • Manage the implementation of work plans and ensure client deliverables are successfully met on deadline.
  • Play a leadership role in the sales process by identifying additional services to sell to existing clients and assisting with RFP responses, new business proposals, presentations, etc. with senior leadership or independently.
  • Display a strong understanding of and effectively communicate Ghidotti’s service offerings to existing clients.
  • Successfully supervise at least one junior staff member, including providing guidance on their professional growth.
  • Begin to play a role in the agency’s marketing efforts, guiding aspects of certain campaigns and/or helping to execute in their areas of expertise.

Account Services: 

  • Play a clear leadership role in the planning and execution of integrated marketing campaigns for clients.
  • Develop and write comprehensive strategic marketing plans for clients.
  • Handle vendor contracts and ensure proper billing.
  • Demonstrate a clear track record of successfully meeting deadlines and timelines.
  • Handle day-of logistics on behalf of clients, responding quickly and effectively.
  • Assist in providing leadership and professional development on client relations, helping team members improve their skills in managing conflict, presentations, sales, etc.

Client Strategy: 

  • Develop or oversee the visual content creation for client materials, including e-newsletters, website content, digital campaigns, marketing collateral, etc.
  • Oversee the development of marketing materials and branding campaigns.
  • Manage creative marketing campaigns on behalf of clients.
  • Demonstrate a clear track record of leading brainstorms, and providing and implementing creative ideas for proposals, presentations, etc.
  • Continually provide new and ‘fresh’ ideas for proposals, new business proposals and current clients’ marketing campaigns.

Apply for this open position by emailing Bethany Siems at bethany@ghidotti.com.

 

Media Relations Manager Job Description: 

In the Media Relations Manager position, a staff member will be responsible for assisting and managing the public relations, content marketing, digital media, account services and/or strategy for clients. This position requires fully developed specialty skills, a strong understanding of the public relations industry landscape and an understanding of client priorities and objectives. 

Main Responsibilities – General: 

  • Serve as the account strategist/lead and oversee/play a clear leadership role on media relations client accounts.
  • Display a strong understanding of and effectively communicate Ghidotti’s service offerings to existing clients. 
  • Successfully supervise at least one junior staff member, including providing guidance on their professional growth.

Main Responsibilities – Media Relations: 

  • Develop strategic media relations plans, direct management and outreach for client accounts with the supervision of Senior Leadership.
  • Perform with Senior Leadership to prepare a plan for strategic crisis communications.
  • Manage and facilitate the execution of media relations outreach for special events, programs and major initiatives.
  • Perform as spokesperson and coordinates official responses to media inquiries.
  • Conduct media training with clients in preparation for external media interviews. 
  • Support framing and development of main message points for better positioning prior to media interviews.
  • Prepare speeches, talking points and varied communications materials assisting client spokespersons.
  • Write pitches, backgrounders, press releases, key messages and blog posts.
  • Manage and monitor reporter hotline, client media relations calendar, metrics, media relations processes and press release approvals.
  • Propose ideas proactively for media pitches to stimulate media coverage.
  • Consistently pitch stories and secure strategic media placements assisting client reputation and business goals.
  • Manage and supervise media events along with initiatives defining company stories.
  • Identify proactive stories for trade, business as well as consumer media across multiple client industries.
  • Develop and maintain close media relations to improve press efforts.
  • Identify brands promoting opportunities and improve awareness of services and products.

Main Responsibilities – Client Strategy: 

  • Develop or oversee the visual content creation for client materials, including e-newsletters, website content, digital campaigns (webinar/live stream events), etc.
  • Demonstrate a clear track record of leading brainstorms and providing and implementing creative ideas for proposals, presentations, etc.
  • Continually provide new and ‘fresh’ ideas for new business proposals and current clients’ PR campaigns.

Apply for this open position by emailing Bethany Siems at bethany@ghidotti.com.

 

Rock Star Environment

We strive to create a fun, engaging atmosphere where high fives, chicken minis, and celebrations are commonplace. We lift one another up, honor achievements and reward hard work.

  1. Professional Enrichment

    Whether instructor-led, web-based or sharing during Fireside Friday, we are always learning more!

  2. Community Engagement

    We love the state of Arkansas. Our team enjoys outings to locally-owned businesses and pride ourselves on community involvement. In addition, employees are often offered free tickets to community events to get out and enjoy life with friends and family.

  3. Team Building

    Quarterly adventures for the team!

  4. Winter Recess

    We shut this place down at the holidays so we can all rest, relax and reinvigorate for the new year.

  5. Summer Fridays

    We get an early jump on the weekend every Friday during the summer.

  6. Volunteer Time Off (VTO)

    Along with your PTO, you also get VTO to use to support your favorite charity or organization.

Does this describe you?

Apply for one of our open positions or just send us an email letting us know why you should be part of this Rock Star team. Email bethany@ghidotti.com.