The headlines were unsettling, not shocking at first. But when UnitedHealth, the healthcare behemoth responsible for processing 50 percent of all US patient medical claims annually, revealed it was the victim of a ransomware attack described as “the most serious incident leveled against a US healthcare organization,” alarm bells went off everywhere.
UnitedHealth paid the $22 million ransom demand in bitcoin, and relied on crisis response training when the news hit: they owned the mea culpa; they acted swiftly; they repaired subpar critical systems; they offered assistance to the providers and customers impacted by the attack; and they communicated their efforts with stakeholders and the public, and continue to do so months later.
Fast forward three months and UnitedHealth and the hack are in the headlines again: this time because their CEO is front and center at a Congressional hearing. It isn’t pretty. “Grilling” the CEO was something that united Democrats and Republicans in a rare instance of bipartisanship.
This is an example of what we call the ripples. Even though UnitedHealth did everything right in RESPONSE, it was what they didn’t do to PREPARE and PREVENT that kept coming back.
This situation serves as a very important lesson for a number of reasons: Number one – some crises are completely preventable. Take time to take stock of how your business runs and investigate where your blind spots are. Number two – ensure you have a bulletproof crisis plan to set in motion if needed that employs second-level thinking to ride the ripples. And number three – invest in #1 via ongoing crisis preparedness and vigilance so you won’t have to rely on #2.
Here is a quick exercise you can run at your next team huddle or monthly all-hands meeting, to help test if your organization is prepared to manage a crisis like this should it land on your doorstep:
Discussion Questions:
- What would you do if this happened to you?
- What would you do to restore stakeholder trust?
- Can you think of a preventable crisis your organization needs to prepare for?
Kith facilitates crisis preparedness workshops that will help your company attain the clarity, trust and speed you need to respond confidently – no dithering! – to any crisis. We’d be happy to have a conversation about how we can help your company be ready to chart an effective course to reputation protection.