Risk Insider: Jack Hampton

Breaching the Electronic Levees

By: | October 24, 2016 • 3 min read
John (Jack) Hampton is a Professor of Business at St. Peter’s University and a former Executive Director of the Risk and Insurance Management Society (RIMS). His recent book deals with risk management in higher education: "Culture, Intricacies, and Obsessions in Higher Education — Why Colleges and Universities are Struggling to Deliver the Goods." His website is www.jackhampton.com.

October 21, 2016.

In what was described as a stunning breach of global Internet stability, a coordinated cyberattack struck online social networking and other systems including Twitter and PayPal.

In a distributed denial-of-service, hackers flooded servers, causing them to collapse under the overload.

Such attacks are common and we are getting used to them. This is not good.

Mounting evidence shows hackers are becoming more powerful, more sophisticated, and increasingly interested in targeting core infrastructure providers.

Yesterday Twitter, tomorrow the electricity grid and nuclear power plants.

We have been there before. The year was 2005. The event was Hurricane Katrina.

Today’s “Katrina” is not a natural disaster. Neither is it limited to the U.S. Gulf Coast. It’s a national or global cyber attack.

Here’s what we knew. Major portions of New Orleans flooded on average every three years for the prior 200 years before Katrina struck in 2005. Even heavy rain exceeded the capabilities of pumps trying to get rid of the water.

Advertisement




Since the early 1800s, the city enforced a code of burial in tombs above ground. Nobody wants flooding to uproot caskets and have them floating in the streets.

The cemeteries, called “cities of the dead,” were a major attraction. Even today you can pay $25 a person and take the whole family on a “2-Hour Cemetery & Voodoo Walking Tour” in New Orleans.

So planners in that city rationally had their eyes on tourism dollars. But what about risk management?

Rain is one thing. Levee breaches are another.

The entire city was protected either by high ground or levees built to withstand a Category 3 storm. Atlantic hurricanes had been growing in intensity.

Katrina was a Category 5 upon arrival in Louisiana. The levees failed.

Katrina should have been seen in advance. Not the exact date. Not the horror. Just the madness of how we often fail to fix the obvious until it’s too late.

Today’s “Katrina” is not a natural disaster. Neither is it limited to the U.S. Gulf Coast. It’s a national or global cyber attack.

The recent attack on Twitter and others did more than disturb our instant messaging. It gave us a glimpse of an impending electronic catastrophe.

We recall automobiles with faulty ignition switches that can kill or injure us. We replace defective smart phones that catch fire or explode, with the potential to take down commercial airliners.

Why do we ignore the fact that we are connecting our entire daily life — emails, phones, cars, appliances, hospitals, electrical networks, and pacemakers — to a single vulnerable system? We need more than electronic “levees” built to withstand a rainfall when we are facing a cyber tropical cyclone.

Does this risk management failure stem from being penny-wise and pound-foolish?

The annual U.S. spending on national defense is $600 billion. The government budget deficit is also $600 billion. Annual social security and disability benefits amount to $930 billion.

How much is too much to reasonably spend to protect us as we stand here, watching these approaching electronic storm clouds?

Spending for personal virus protection? $30 annually per computer.

Spending for business systems? Thousands to millions of dollars.

Spending to stabilize a global communication network that could allow really bad people to cause devastation and calamity? Priceless.

2017 Teddy Awards

The Era of Engagement

The very best workers’ compensation programs are the ones where workers aren’t just the subject of the program, they’re a part of it.
By: | November 1, 2017 • 5 min read

Employee engagement, employee advocacy, employee participation — these are common threads running through the programs we honor this year in the 2017 Theodore Roosevelt Workers’ Compensation and Disability Management Awards, sponsored by PMA Companies.

A panel of judges — including workers’ comp executives who actively engage their own employees — selected this year’s winners on the basis of performance, sustainability, innovation and teamwork. The winners hail from different industries and regions, but all make people part of the solution to unique challenges.

Advertisement




Valley Health System is all-too keenly aware of the risk of violence in health care settings, running the gamut from disruptive patients to grieving, overwrought family members to mentally unstable active shooters.

Valley Health employs a proactive and comprehensive plan to respond to violent scenarios, involving its Code Atlas Team — 50 members of the clinical staff and security departments who undergo specialized training. Valley Health drills regularly, including intense annual active shooter drills that involve participation from local law enforcement.

The drills are unnerving for many, but the program is making a difference — the health system cut its workplace violence injuries in half in the course of just one year.

“We’re looking at patient safety and employee safety like never before,” said Barbara Schultz, director of employee health and wellness.

At Rochester Regional Health’s five hospitals and six long-term care facilities, a key loss driver was slips and falls. The system’s mandatory safety shoe program saw only moderate take-up, but the reason wasn’t clear.

Rather than force managers to write up non-compliant employees, senior manager of workers’ compensation and employee safety Monica Manske got proactive, using a survey as well as one-on-one communication to suss out the obstacles. After making changes based on the feedback, shoe compliance shot up from 35 percent to 85 percent, contributing to a 42 percent reduction in lost-time claims and a 46 percent reduction in injuries.

For the shoe program, as well as every RRH safety initiative, Manske’s team takes the same approach: engaging employees to teach and encourage safe behaviors rather than punishing them for lapses.

For some of this year’s Teddy winners, success was born of the company’s willingness to make dramatic program changes.

Advertisement




Delta Air Lines made two ambitious program changes since 2013. First it adopted an employee advocacy model for its disability and leave of absence programs. After tasting success, the company transitioned all lines including workers’ compensation to an integrated absence management program bundled under a single TPA.

While skeptics assume “employee advocacy” means more claims and higher costs, Delta answers with a reality that’s quite the opposite. A year after the transition, Delta reduced open claims from 3,479 to 1,367, with its total incurred amount decreased by $50.1 million — head and shoulders above its projected goals.

For the Massachusetts Port Authority, change meant ending the era of having a self-administered program and partnering with a TPA. It also meant switching from a guaranteed cost program to a self-insured program for a significant segment of its workforce.

Massport’s results make a great argument for embracing change: The organization saved $21 million over the past six years. Freeing up resources allowed Massport to increase focus on safety as well as medical management and chopped its medical costs per claim in half — even while allowing employees to choose their own health care providers.

Risk & Insurance® congratulates the 2017 Teddy Award winners and holds them in high esteem for their tireless commitment to a safe workforce that’s fully engaged in its own care. &

_______________________________________________________

More coverage of the 2017 Teddy Award Winners and Honorable Mentions:

Advocacy Takes Off: At Delta Air Lines, putting employees first is the right thing to do, for employees and employer alike.

 

Proactive Approach to Employee SafetyThe Valley Health System shifted its philosophy on workers’ compensation, putting employee and patient safety at the forefront.

 

Getting It Right: Better coordination of workers’ compensation risk management spelled success for the Massachusetts Port Authority.

 

Carrots: Not SticksAt Rochester Regional Health, the workers’ comp and safety team champion employee engagement and positive reinforcement.

 

Fit for Duty: Recognizing parallels between athletes and public safety officials, the city of Denver made tailored fitness training part of its safety plan.

 

Triage, Transparency and TeamworkWhen the City of Surprise, Ariz. got proactive about reining in its claims, it also took steps to get employees engaged in making things better for everyone.

A Lesson in Leadership: Shared responsibility, data analysis and a commitment to employees are the hallmarks of Benco Dental’s workers’ comp program.

 

Michelle Kerr is associate editor of Risk & Insurance. She can be reached at [email protected]