“It couldn’t happen to me.”
That’s a common refrain. But for the health insurance industry this week, the risk was made clear following the shooting death of UnitedHealthcare CEO Brian Thompson and the wave of social media vitriol, celebration and rage that followed.
Thompson died Wednesday morning after he was gunned down outside of the hotel where UnitedHealth Group was set to host its annual investor day. The suspect remains at large, so a motive isn’t clear, but police emphasized Thompson was targeted.
Bullet casings found at the scene also reportedly read “deny,” “delay,” “defend” and “depose”—all terms associated with claims denials from insurance carriers.
The shooting is likely to push major companies in healthcare and beyond to put a focus on security and safety, experts said.
“Sometimes it takes an event like this, where people open their eyes to what the reality and what the risk threshold really is out there,” said Glen Kucera, president of enhanced protection services at Allied Universal, a global security firm, in an interview with Fierce Healthcare.
A flashpoint for healthcare frustration
Thompson’s death became an immediate opportunity for many to vent about their own experiences with denied claims, delayed care and healthcare costs.
A post on X, formerly Twitter, with more than 100,000 likes reads: “Today, we mourn the death of United Healthcare CEO Brian Thompson, gunned down…. wait, I’m sorry – today we mourn the deaths of the 68,000 Americans who needlessly die each year so that insurance company execs like Brian Thompson can become multimillionaires.”
There are 79,000 reactions on UHG’s own Facebook post for its statement following Thompson’s death, and 74,000 of them are a laughing emoji.
Posters said their sympathy was out-of-network or that they would need to submit a prior authorization request for it. Others joked about needing more CEOs to meet their deductibles.
It’s not a secret that the health insurance industry, and healthcare more broadly, has an image problem. Polling from Gallup found that as of August, healthcare ranked among the least trusted sectors overall, beaten only by pharmaceutical companies, the federal government and the oil and gas industry.
Fifty-one percent said they had a “total negative” perception of healthcare. By comparison, 31% said they viewed the industry positively.
Healthcare organizations frequently interact with people “on their absolute worst day,” said Eric Sean Clay, president of the International Association for Healthcare Security and Safety. He said that means healthcare has unique considerations when thinking about security.
For example, a patient who experiences an adverse medical outcome may hold a grudge, he said.
“I think that definitely makes it unique in that whenever we have these adverse outcomes they sometimes can hold the organization responsible, feeling that not enough was done,” Clay said.
In addition, the way people interact with one another has grown particularly virulent over the past several years, both online and in person. The Society for Human Resource Management tracks an “incivility index” that found more than half (58%) of U.S. workers believe society is uncivil.
The index found that workers experience collectively 190 million acts of incivility each day.
Kucera said the fact that available information points to Thompson’s murder as being motivated by his job should serve as a wake-up call to others in healthcare as it’s a rare occurrence.
A CEO killed in a personal dispute, for example, isn’t likely to cause a shift in the market given that it’s an isolated incident. But Wednesday’s shooting is different.
“This really hasn’t happened in the United States in a long time,” he said. “With something now that is driven by a professional motivation, then people have to take note.”
The role of social media
While the idea of executive security likely conjures an image of armed guards with trained dogs, Kucera said one of the most critical services that has emerged over the past several years is tracking social media and the deep web.
He said that particularly since the COVID-19 pandemic there’s been a growing risk of threats online. People can also far more readily find details about executives through the internet, making it easier to follow through.
Kucera said that in a case like this—where the victim was the clear target of a planned attack—there will likely be warning signs on social media that can be identified, whether that’s outright threats, angry messages or overtures in the planning process.
“You can be a keyboard warrior and in your bedroom in the middle of the night say whatever you want to say on social media, and unless it is something so heinous and off the charts, nobody even pays attention to that stuff,” he said.
“It all needs to be tracked going forward because it’s just a bigger issue in the world today.”
Thompson’s wife, Paulette, told NBC News that there had been threats made against him and that he hadn’t altered his travel plans despite the concern. She didn’t offer details on the nature of these threats aside from them potentially being over a “lack of coverage.”
The Minnesota Star Tribune reported on Thursday that two homes owned by Thompson were targets of “swatting,” with the perpetrators calling in false bomb threats to send a large police presence to the houses.
Police investigating the killing have not yet said whether Thompson was threatened on social media. Clay said that similar threats can come in via phone or mail, too.
He said that organizations that secure social media monitoring services will aggregate sentiment online as well as provide geographic information and tracking that make it easier to assess how serious a threat may be.
“I think that’s a good tool to have because, again, it gives you an idea of, ‘Is this person in the same city we’re in, or is this person in a different country or state?’” Clay said. “It really helps you determine what sort of threat you’re facing.”
How healthcare organizations can approach security
In the wake of the shooting, corporations are taking a second look at their security approaches. Kucera said that, historically, relatively few large companies looked to executive protection directly. Allied Universal, he said, works with about 80% of Fortune 500 companies, and just a fraction of them hired security details for top executives.
However, in the days since Thompson’s death, five Fortune 500 companies have reached out about beefing up the protection for their leadership.
Kucera said there’s going to be the immediate reaction in the wake of the shooting: for example, seeking a security detail for a CEO traveling this week. But he expects that companies will also be weighing such protections in the long term.
“It will become more common,” he said.
Thompson did not have security with him at the time of the shooting and was alone when he was killed. A review of UnitedHealth Group’s proxy reports did not indicate that the company paid for security for its top brass, though CEO Andrew Witty was required to use the corporate plane for business travel.
Witty was encouraged to also use the company jet for personal travel but did not incur any such expenses in 2023, according to the filing. In comments obtained by the Guardian, Witty said the company would be beefing up security at its campuses in response to the shooting, stating it was necessary given the “climate” in the U.S.
For healthcare organizations considering changes to their security protocols in the wake of the shooting, they should start by ensuring they have a clear risk assessment that identifies the most likely threats and concerns.
Clay said that beyond hiring protection for executives, companies can install cameras or access controls that prevent people from getting into corporate offices. And, depending on the threat level, it may be worthwhile for organizations to consider extending protections into the executives’ homes, he said.
But it’s critical to pinpoint exactly what the risks are for the individual organization to determine the appropriate course of action, he said.
“There’s not a one-size-fits all,” Clay said. “Different organizations have different resources.”
Bob Hayes, a veteran security expert and co-founder of the Security Executive Council, said companies should analyze what his organization calls “C4R”: current conditions, circumstances, culture and resources. Establishing that profile lets the team move on to the next step in designing an approach that fits their individual needs.
Then, the task is to tackle the basic questions necessary to move a security protocol forward: What do we need to achieve? How do we do it? How much do we need? And why are we doing this? The answers will vary widely, and he echoed Clay in saying there is no one-size-fits-all approach to security
Kucera said companies also should plan specifically around the most public-facing executives, or those most likely to make controversial statements.
Following the shooting, UnitedHealth Group took down its webpage listing its leadership, and it had yet to be restored as of noon Friday. Some of its peers did the same or removed images of their executives from their sites.
Kucera said that CEOs may not believe this is necessary for them, so it will be up to the executive committees and security teams to make the case clear. Drilling down to the business case for greater security is a persuasive argument, he said.
“I think what’s going to happen going forward is these are going to be decisions that are going to be made by boards of directors and executive committees [that] say, ‘Hey, I realize you don’t want this, but you have to have it, because you’re so important, you’re an important asset to this company,’” Kucera said.
Hayes said this makes answering the “why” question the most pivotal. If an executive isn’t buying into a security program, it likely hasn’t been made clear as to why they should comply.
Executive protection is more than simply having a guard on hand in the event of a violent incident, Hayes said. It also encompasses having protections in place for travel to prevent accidents and having experts on hand who can handle medical emergencies for the executive team, he said.
Plus, every executive is different and what may make one hesitate varies. One leader may be concerned about cost while another may be worried about convenience, Hayes said. Articulating the “why” around security is key to overcoming those concerns.
“So the why for many of these executive protection programs isn’t the fear of getting hurt, it’s more of these real, more probable incidents that are going to happen,” he said.
Publisher: Source link
