"When these things happen, you move into warp speed, that's why it's important to have that plan and have the basics down early, so you don't have to start from scratch," he says.
At Geisinger, the PHI breach affected 25,000 individuals, a fraction of the number affected at WellPoint, but both organizations took the same course of action. They offered fraud protection and credit monitoring to those whose information was exposed. Geisinger extended its offer of protection for one year; WellPoint offered coverage for two years.
The situation at WellPoint is trickier because the story is now getting another life with recent news of the HHS fine. Cindy Sanders Wakefield, regional director of public relations for WellPoint, was the point person on the original PHI breach.
"Our philosophy at WellPoint, for corporate communications, is that we've got to be transparent and we've got to share accurate information to all appropriate audiences as quickly as possible," she says.
Wakefield was named as a co-winner of Crisis Manager of the Year in 2011 by PR News for the way she handled WellPoint's breach. The organization cited her leadership in "developing materials for internal teams to respond to and inform the media after the incident, helping to minimize the impact of this crisis."