10 Critical Health Care Risks for 2020 and Beyond

From increased risk of infection to burgeoning cyber security threats, here are some of the top risks facing the health care industry as it begins this new decade.
By: | July 9, 2020

There’s plenty to keep a health care risk manager awake at night. If they entered 2020 worried about dangerous cyber attacks and violence against staff — they’re now adding delayed diagnoses and infection preparedness to the list thanks to the COVID-19 pandemic.

The daily demands facing health care organizations are already daunting. Providing quality patient care, encouraging patients to take active roles in their care, and dealing with changing regulations aren’t easy.

At every turn, there are hurdles that can disrupt facility operations and put patients at risk. If risks aren’t managed correctly, they can cause workers comp claims, malpractice claims, or fines from government entities. 

But don’t worry (too much); we’ve got you covered. Here are the most critical health care risks right now and some best practices to ensure you’re prepared.

1) Ransomware

Hackers freeze a hospital’s computer systems then make an extortion demand to open them back up. It’s a simple idea with catastrophic results.

“In health care and hospitals, if you don’t have access to computers, you don’t have access to electronic health records so your physicians and nursing staff providing care have to revert to paper records and charts. They have that as backups but it’s a pretty frightening situation,” said Trevor Weyland, senior vice president at Arthur J. Gallagher.

Ransomware on health care entities rose 350% in Q4 of 2019, according to Corvus Insurance. And paying it can be expensive.

“At Gallagher we’ve helped our clients deal with situations where the ultimate payments have been more than $1 million,” said Weyland. He said that in other cases, the ransom can rise as high as $10 million.

To combat such attacks, partner with knowledgeable vendors and cyber insurance professionals who understand forensic investigations.

Encrypt data, segregate information in various parts of your system, implement multi-factor authentication, and train employees to identify phishing attacks so they don’t click on malware that allows attackers into your system.

2) Delayed Diagnosis and Treatments

COVID-19 has created a backlog of patients for other ailments. Some people have voluntarily delayed trips to the hospital in the name of social distancing.
In other instances, hospitals have delayed elective surgeries to make room for COVID patients.

Either way, the pandemic presents unparalleled challenges for the safe and effective delivery of patient care — which could lead to malpractice claims.

“In an effort to maintain patient safety and preserve resources, elective and non-emergency procedures were restricted, creating a backlog of patients waiting for procedures and surgeries. As a result, we could potentially see an increase in claims alleging delayed diagnosis and treatment,” said Diane Doherty, senior vice president of health care risk engineering and medical risk at Chubb.

3) Social Engineering Fraud

A cyber scammer can impersonate an executive or vendor and trick them into wiring money away from the company.

For example, the hacker sends an email from the CEO of a hospital group ordering the CFO to wire money to a third party.

In 2019, impostor emails sent to health care organizations jumped 300% and subject lines that included terms like “payment”, “request” and “urgent” appeared in 55% of all impostor email attacks, according to research by Proofpoint. And when the money is gone, it’s (probably) gone forever.

“Sometime the bank can reverse a transaction if you’re fast enough or lucky enough but oftentimes the money goes from one place to the next really quickly and becomes untraceable or unrecoverable,” said Weyland.

4) Violence Against Health Care Workers

Emotions run high inside hospitals and doctor’s offices. Patients and their families can be receiving bad — sometimes horrible news — and disagreements with health care practitioners could lead to violence.

That could be due to a perceived lack of communication, complexities of navigating the health care systems or just stress. With COVID-19, the anger may be even more exacerbated because family members may not be permitted to visit loved ones at all.

Of the 25,000 workplace assaults occurring annually in the United States, 75% of them are in health care settings, according to the American Journal of Managed Care. 

“Health care facilities are a place of care and healing. That’s why it is so shocking when they are rocked by violence,” said Doherty. “Unfortunately, many health care organizations still see violent incidents as remote threats that will never happen at their facilities.” 

5) Health Records Sold on the Dark Web

Hackers may threaten to expose data, passwords or other sensitive information on the dark web.

If purchased, those records can be used for medical fraud where one person has an operation in someone else’s name — and being covered by the victim’s insurance company. 

“A hacker will steal your data and sell it en masse or individually on the dark web. Health care data is about as private as you can get. All information about you and your illnesses is deeply personal for everybody,” said Weyland.

6) Telemedicine

The concept of treating patients via a phone call or video conference is nothing new — but COVID-19 is propelling it into the mainstream.

It’s easy to understand why — people are avoiding the doctor visits at all costs in an effort to avoid contracting the virus. But the growth of telemedicine leads to its own share of exposures.

As providers rely on people accessing information from home or remotely, the scope of the network under a provider’s control is being accessed by more people — and could lead to more cyber threats.

Plus it’s hard for a provider to know if someone’s home WiFi is actually secure enough to prevent intrusions.

“The net your computer system spreads is growing. People working at home might be using their own personal computers to do work, well that’s a pretty uncontrolled situation for an organization,” said Weyland.

He recommends that anyone working from home use work-issued computers if possible.

7) Infection Control Preparedness

Response plans for infectious diseases aren’t new to health care organizations, but after COVID-19, they’re coming under far more scrutiny.

That’s why hospitals, doctors and other providers are working with insurers and local and federal state agencies to stay up-to-date on the latest guidance. 

“Health care organizations are working around-the-clock to maintain rigorous infection control standards and processing, especially when it comes to screening protocols, adequate supplies of personal protective equipment and patient care equipment, environmental cleaning and disinfection protocols,” said Doherty.

8) Health Care-Acquired Infections

When sick people congregate, there’s an increased risk that harmful germs and bacteria could spread. That helps lead to health care-acquired infections (HAIs). A commonly known HAI is MRSA, a staph infection resistant to antibiotics, but there are plenty of others.

The Centers for Disease Control and Prevention report that each day, approximately 1 in 31 U.S. patients has at least one infection in association with his or her hospital care, “underscoring the need for improvements in patient care practices in U.S. health care facilities. While much progress has been made, more needs to be done to prevent health care-associated infections in a variety of settings.”

9) Supply Chain

Demands for personal protective equipment (PPE) during the pandemic put health care supply chains center stage. When facilities don’t have the equipment and products they need to provide care or keep practitioners safe, risks abound. 

In the wake of the pandemic, health care organizations are reevaluating supply chains to more closely track inventory and develop relationships with domestic and foreign manufacturers and distributors. 

“Optimizing the supply chain is one way that health care leaders are adapting in order to help mitigate risks and enhance patient safety,” said Doherty.

10) Mental Health of Health Care Workers

Providing care takes a serious toll on the practitioners. They see people suffer, deliver bad news, and can experience high levels of stress and anxiety. That’s especially true for doctors, nurses and others working in emergency rooms and intensive-care units — or helping to fight a pandemic.

In response, health care systems are offering resources to address and support workers like emotional support hotlines, daily virtual support groups, recharge rooms, meditation, yoga classes, and employee assistance programs.

“The stress of increased demands, fear for personal safety, high cost of human suffering caused by the crisis and resulting loss of life is taking a serious psychological toll on our health care providers,” said Doherty. &

Jared Shelly is a journalist based in Philadelphia. He can be reached at [email protected].

More from Risk & Insurance