As digital transformation rewrites healthcare delivery, patients are no longer judging providers solely on bedside manner or even clinical outcomes. Increasingly, they’re asking, “Can I trust you with my data?”
It’s not a question to be ignored. In 2024, we saw several high-profile breaches, including the ransomware attacks on Change Healthcare and Ascension Health. The impacts of these incidents weren’t confined to the IT department. They delayed care, disrupted claims processing and created anxiety for patients navigating an already complex system.
While most healthcare providers are investing heavily in cybersecurity, the public’s perceptions haven’t caught up. According to a recent survey of 1,000 U.S. adults, 89% expressed concerns about the security of their protected health information (PHI). More than half felt powerless to prevent a breach.
What’s driving patient unease
One factor of patient trepidation is visibility. The media’s coverage of ransomware incidents has made breaches feel routine. At the same time, patients rarely hear about the measures organizations are taking to safeguard their data, or how those measures impact care. Without this level of transparency, patients begin to speculate, which creates concern.
Artificial intelligence is also a growing factor. AI is becoming increasingly embedded throughout the healthcare journey, powering ambient documentation, driving diagnostics and streamlining payer workflows. These innovations promise efficiencies, but they also introduce new unknowns. In the same survey, a third of respondents said AI would make healthcare data less secure. Uncertainty around how AI is governed only deepens concerns around autonomy, privacy and the integrity of care.
That uncertainty complicates data policy and touches the core of the patient-provider relationship. If patients worry that machines are making decisions without oversight or exposing their private records, it’s harder to feel safe, seen and supported.
Cybersecurity is now a brand issue
For healthcare leaders, the takeaway is clear: cybersecurity is no longer a function managed in the IT department’s back office. It’s a front-line brand issue, with real implications for patient satisfaction and loyalty.
That means providers need to rethink how they talk about security. It’s no longer enough to be secure; you must communicate security clearly.
Getting ahead of the breach
Effective communication is one of the most overlooked aspects of cybersecurity preparedness. When a breach occurs, organizations must focus on containment and technical remediation. But the first thing patients want is reassurance, and that starts with clarity and speed.
That focus matters, especially when things go wrong. When asked what they could expect after a data breach, patients overwhelmingly wanted three things: immediate notification, a clear explanation of what data was impacted and identity monitoring services.
The way an organization responds to a crisis can either reinforce trust or erase it permanently. Security teams, communications professionals and marketers need to work together, not just when a breach occurs, but before it happens. Providers must prepare messaging frameworks that address breach readiness and third-party risk, incorporating IT, communications, legal and marketing functions. They must train spokespeople to respond swiftly and empathetically. And they must treat cybersecurity as a pillar of their brand identity, not an operational afterthought.
Proactive communication builds trust
The upside? Healthcare brands have a real opportunity to lead in implementing cutting-edge technology, communicating transparently and building trust. Transparency around the protections in place, how vendors are vetted and how patients can take an active role in their own data security can go a long way toward building confidence.
It also helps patients feel empowered. Research found more than 70% said they would take steps like enabling two-factor authentication or changing passwords if given the chance. That’s a powerful reminder that most people don’t expect perfection, but they do expect to be part of the process.
Healthcare providers that acknowledge this, bring patients along, communicate clearly, and treat cybersecurity as an extension of care, can turn resilience into a lasting competitive advantage.
Photo: Traitov, Getty Images
With 15+ years of agency and in-house PR, Matthew Briggs works closely with teams to plan and execute integrated communications strategies across PAN’s B2B technology and healthcare portfolios. Strategic planning, crisis communications, narrative building and executive communications round out just a few of his areas of expertise for clients that include PointClickCare, Quanterix and Loyal Health. Matthew’s collaborative approach and passion for narrative building is only exceeded by his commitment to building strong client partnerships and the love of a good story. When he’s not playing his guitar, you can usually find him on the ski slopes with his family during the winter or jumping in lakes with his kids in the summertime.
Ariel (Burch) Novak has a 13-year tenure at PAN, during which she has worked with B2B technology brands, with a passion for cybersecurity, including Booz Allen Hamilton, HPE, Citrix, Thales and Vercara.
Ariel began her career as a reporter, receiving an award from the New England Press Association. Her passion for compelling storytelling is evident in her award-winning campaigns helping clients build strong narratives. Ariel is based in Maine and graduated from Bates College. She’s an avid reader and enjoys cultivating PAN’s annual Summer Reading List – she’s always open to book recommendations (whether a novel or a picture book to read with her two young children)!
This post appears through the MedCity Influencers program. Anyone can publish their perspective on business and innovation in healthcare on MedCity News through MedCity Influencers. Click here to find out how.
