Healthcare businesses face numerous threats to their executives, board members, and overall operations. One critical risk is the exposure of personally identifiable information (PII) of executives and board members through data breaches and online platforms. This exposure can lead to account compromise, harassment, and stalking. Additionally, direct threats of physical harm against executives, workplace violence from disgruntled employees, and protests or strikes by external activist groups or employees pose significant risks.
These organizations are also susceptible to viral negative social media campaigns, where users share company policies, lawsuits, or whistleblowing information to attract negative attention. Unprofessional employee conduct on social media can also result in boycotts and reputational damage when employees publicly post controversial content while associating themselves with the company.
Below are the top threats we’ve seen across the healthcare industry that will impact your business in 2025.
Exposure of Personally Identifiable Information (PII) for Executives/Board Members
Details: The exposure of sensitive information most commonly occurs through data breaches, where an executive’s or board member’s PII (including, but not limited to, address, phone number, credit card information, usernames, email addresses, passwords, and IP addresses) is compromised and shared on credential-sharing forums, message boards, deep web marketplaces, paste sites, and more. These exposed details can be combined with other information found on social media into a ‘dox’ document, where PII and other information are compiled into a single post or file.
Impact: The potential co-opting of an executive’s accounts for malicious purposes could compromise other areas of the business, while the executive and/or their family could be put at risk of stalking, harassment, and other threats.
Mitigation: A business must locate PII exposures, alert executives to the need for added security measures and heightened awareness, and attempt to remove the exposed information where possible. They must also maintain a Digital Exposure Report (DER), which is an up-to-date compilation of all located PII related to an executive or board member, with recommendations for remedial actions. An Executive Protection Program (EPP) should be implemented, involving a quarterly review of the DER with updated information regarding data breaches, impersonation accounts, PII exposure, and related threats.
In addition, businesses must track data broker sites (such as Radaris and FastPeopleSearch), which collect and sell information available through marketing or government entities, including property records. They must compile where this information is located, what is available, and the steps required to remove it. This process is something being formalized as a new initiative.
Direct threats to Executives/Board Members
Details: Users on social platforms, message boards, forums, and other online spaces may post threats of physical harm directed at an executive or board member.
Impact: There is a potential risk that users may follow through with these threats, putting the executive’s safety in jeopardy.
Mitigation: The business must investigate to identify the individual making the threat, review additional accounts for any concerning content, and examine public records for criminal history. This information should be provided to security personnel within the company (such as front desk security at each facility), security details assigned to the executive, and/or law enforcement to enable additional intervention.
Protests at Facilities/Strikes Against Healthcare Businesses
Details: External activist groups may protest at company facilities, headquarters, meetings, conferences, or other events, while employees may organize strikes against the company.
Impact: These activities can disrupt company operations and have the potential for escalation.
Mitigation: The business must monitor announcements of protests or strikes and alert the company ahead of time to allow for preparation and to reduce risks associated with such events.
Threats of Workplace Violence
Details: Disgruntled employees or former employees may resort to acts of violence.
Impact: There is potential for physical harm to employees and the destruction of company property.
Mitigation: The business must monitor references to the company and report any potentially concerning content, which can then be shared with human resources, security personnel within the company (such as front desk security at each facility), and/or law enforcement for further intervention. Monitoring individuals of interest for concerning content directed at the company, its executives, or employees is also essential for early detection and prevention. Download the full Report on Workplace Violence.
Viral Negative Social Media Responses
Details: Users may post new or old company policies, lawsuits, or whistleblowing information in an effort to stir up a frenzy of negative responses and attention.
Impact: There is a potential for loss of revenue, boycotts, protests at facilities, and significant damage to the company’s reputation.
Mitigation: The business must monitor mentions of the company and report any potentially concerning content to leadership and social media managers. Early alerts enable the company to issue official statements and take remedial action in a timely manner to mitigate the impact.
Unprofessional Employee Conduct on Social Media
Details: Employees may post unprofessional or controversial content on their social profiles, which also list their employment details. Users may then target the company for the views expressed by their employees, calling for their termination.
Impact: The business may face call campaigns and potential boycotts, leading to reputational damage.
Mitigation: The business must monitor references to the company and report any potentially concerning content to human resources or social media managers. Early alerts allow the company to prepare, reduce risk, and educate employees on social media conduct policies and recommendations.
NetPlus Group works with many healthcare businesses to reduce threats to their operations. We act as an extension to our clients’ internal security teams by actively monitoring online activity for company mentions, identify PII exposures, and report any concerning content quickly.
Effective security services offered by NetPlus Group include compiling and reviewing Digital Exposure Reports (DER), maintaining an Executive Protection Program (EPP), and tracking data broker sites that collect and sell information.
Schedule an appointment to discuss your unique requirements.