In spring 2021, a nationally recognized Preferred Provider Organization (PPO) network, comprising over 800,000 medical professionals and millions of patients, fell victim to a ransomware attack perpetrated by the Darkside cybercriminal organization. This notorious crime group had been responsible several high-profile attacks in 2020 and 2021, including most notably the Colonial Pipeline ransomware attack in May 2021, during which Darkside shut down computerized service at a major oil provider to southeastern US and was able to request and successfully receive a ransom of $4.4 million to restore service.
Even as they worked to develop a full understanding of the attack’s impact, the PPO engaged Reputation Partners to provide communications counsel for both its customers and employees. Given that more than 93% of healthcare organizations have experienced a cyberattack in the past three years alone, plus the notoriety of the perpetrator, the PPO wanted to show its customers and employees that it was quickly addressing the incident and ensuring security and privacy.
Our team worked with the PPO to develop a response to dispel customer concerns, including communicating clearly and quickly via a prepared, public statement and several direct customer communications over the course of the investigation. RP also worked with the PPO to educate employees and ease concerns through ongoing guidance for executive communications and internal email development.
Reputation Partners also provided ongoing counsel in response to media coverage, including when one of the PPO’s competitors sought to capitalize on the incident. Several weeks following the attack, the competitor, who was known for using negative and inflammatory tactics in the past, wrote two articles citing issues at the PPO, including the recent ransomware attack. Our team worked alongside the PPO’s general counsel to guide the response and ultimately mitigate further media attention.
Once complete, the investigation found a very isolated impact on the PPO’s IT systems and no impact on personal customer identification information (PII), such as social security numbers or credit card information. As a result of the PPO’s continued communications response, plus these findings, the organization was able to dispel customer and employee concerns and continue to provide maximum value to its customers. Reputation Partners’ guidance also helped ensure minimal media attention resulting in strong customer confidence surrounding the PPO’s handling of the issue.