10 Critical Health Care Risks for 2020 and Beyond

From increased risk of infection to burgeoning cyber security threats, here are some of the top risks facing the health care industry as it begins this new decade.

By: Jared Shelly | July 9, 2020

There’s plenty to keep a health care risk manager awake at night. If they entered 2020 worried about dangerous cyber attacks and violence against staff — they’re now adding delayed diagnoses and infection preparedness to the list thanks to the COVID-19 pandemic.

The daily demands facing health care organizations are already daunting. Providing quality patient care, encouraging patients to take active roles in their care, and dealing with changing regulations aren’t easy.

At every turn, there are hurdles that can disrupt facility operations and put patients at risk. If risks aren’t managed correctly, they can cause workers comp claims, malpractice claims, or fines from government entities.

But don’t worry (too much); we’ve got you covered. Here are the most critical health care risks right now and some best practices to ensure you’re prepared.

1) Ransomware

Hackers freeze a hospital’s computer systems then make an extortion demand to open them back up. It’s a simple idea with catastrophic results.

“In health care and hospitals, if you don’t have access to computers, you don’t have access to electronic health records so your physicians and nursing staff providing care have to revert to paper records and charts. They have that as backups but it’s a pretty frightening situation,” said Trevor Weyland, senior vice president at Arthur J. Gallagher.

Ransomware on health care entities rose 350% in Q4 of 2019, according to Corvus Insurance. And paying it can be expensive.

“At Gallagher we’ve helped our clients deal with situations where the ultimate payments have been more than $1 million,” said Weyland. He said that in other cases, the ransom can rise as high as $10 million.

To combat such attacks, partner with knowledgeable vendors and cyber insurance professionals who understand forensic investigations.

Encrypt data, segregate information in various parts of your system, implement multi-factor authentication, and train employees to identify phishing attacks so they don’t click on malware that allows attackers into your system.

2) Delayed Diagnosis and Treatments

COVID-19 has created a backlog of patients for other ailments. Some people have voluntarily delayed trips to the hospital in the name of social distancing.
In other instances, hospitals have delayed elective surgeries to make room for COVID patients.

Either way, the pandemic presents unparalleled challenges for the safe and effective delivery of patient care — which could lead to malpractice claims.

“In an effort to maintain patient safety and preserve resources, elective and non-emergency procedures were restricted, creating a backlog of patients waiting for procedures and surgeries. As a result, we could potentially see an increase in claims alleging delayed diagnosis and treatment,” said Diane Doherty, senior vice president of health care risk engineering and medical risk at Chubb.

3) Social Engineering Fraud

A cyber scammer can impersonate an executive or vendor and trick them into wiring money away from the company.

For example, the hacker sends an email from the CEO of a hospital group ordering the CFO to wire money to a third party.

In 2019, impostor emails sent to health care organizations jumped 300% and subject lines that included terms like “payment”, “request” and “urgent” appeared in 55% of all impostor email attacks, according to research by Proofpoint. And when the money is gone, it’s (probably) gone forever.

“Sometime the bank can reverse a transaction if you’re fast enough or lucky enough but oftentimes the money goes from one place to the next really quickly and becomes untraceable or unrecoverable,” said Weyland.

4) Violence Against Health Care Workers

Emotions run high inside hospitals and doctor’s offices. Patients and their families can be receiving bad — sometimes horrible news — and disagreements with health care practitioners could lead to violence.

That could be due to a perceived lack of communication, complexities of navigating the health care systems or just stress. With COVID-19, the anger may be even more exacerbated because family members may not be permitted to visit loved ones at all.

Of the 25,000 workplace assaults occurring annually in the United States, 75% of them are in health care settings, according to the American Journal of Managed Care.

“Health care facilities are a place of care and healing. That’s why it is so shocking when they are rocked by violence,” said Doherty. “Unfortunately, many health care organizations still see violent incidents as remote threats that will never happen at their facilities.”

5) Health Records Sold on the Dark Web

Hackers may threaten to expose data, passwords or other sensitive information on the dark web.

If purchased, those records can be used for medical fraud where one person has an operation in someone else’s name — and being covered by the victim’s insurance company.

“A hacker will steal your data and sell it en masse or individually on the dark web. Health care data is about as private as you can get. All information about you and your illnesses is deeply personal for everybody,” said Weyland.

6) Telemedicine

The concept of treating patients via a phone call or video conference is nothing new — but COVID-19 is propelling it into the mainstream.

It’s easy to understand why — people are avoiding the doctor visits at all costs in an effort to avoid contracting the virus. But the growth of telemedicine leads to its own share of exposures.

As providers rely on people accessing information from home or remotely, the scope of the network under a provider’s control is being accessed by more people — and could lead to more cyber threats.

Plus it’s hard for a provider to know if someone’s home WiFi is actually secure enough to prevent intrusions.

“The net your computer system spreads is growing. People working at home might be using their own personal computers to do work, well that’s a pretty uncontrolled situation for an organization,” said Weyland.

He recommends that anyone working from home use work-issued computers if possible.

7) Infection Control Preparedness

Response plans for infectious diseases aren’t new to health care organizations, but after COVID-19, they’re coming under far more scrutiny.

That’s why hospitals, doctors and other providers are working with insurers and local and federal state agencies to stay up-to-date on the latest guidance.

“Health care organizations are working around-the-clock to maintain rigorous infection control standards and processing, especially when it comes to screening protocols, adequate supplies of personal protective equipment and patient care equipment, environmental cleaning and disinfection protocols,” said Doherty.

8) Health Care-Acquired Infections

When sick people congregate, there’s an increased risk that harmful germs and bacteria could spread. That helps lead to health care-acquired infections (HAIs). A commonly known HAI is MRSA, a staph infection resistant to antibiotics, but there are plenty of others.

The Centers for Disease Control and Prevention report that each day, approximately 1 in 31 U.S. patients has at least one infection in association with his or her hospital care, “underscoring the need for improvements in patient care practices in U.S. health care facilities. While much progress has been made, more needs to be done to prevent health care-associated infections in a variety of settings.”

9) Supply Chain

Demands for personal protective equipment (PPE) during the pandemic put health care supply chains center stage. When facilities don’t have the equipment and products they need to provide care or keep practitioners safe, risks abound.

In the wake of the pandemic, health care organizations are reevaluating supply chains to more closely track inventory and develop relationships with domestic and foreign manufacturers and distributors.

“Optimizing the supply chain is one way that health care leaders are adapting in order to help mitigate risks and enhance patient safety,” said Doherty.

10) Mental Health of Health Care Workers

Providing care takes a serious toll on the practitioners. They see people suffer, deliver bad news, and can experience high levels of stress and anxiety. That’s especially true for doctors, nurses and others working in emergency rooms and intensive-care units — or helping to fight a pandemic.

In response, health care systems are offering resources to address and support workers like emotional support hotlines, daily virtual support groups, recharge rooms, meditation, yoga classes, and employee assistance programs.

“The stress of increased demands, fear for personal safety, high cost of human suffering caused by the crisis and resulting loss of life is taking a serious psychological toll on our health care providers,” said Doherty. &

Jared Shelly is a journalist based in Philadelphia. He can be reached at [email protected].

Why Insureds Might See an Uptick in M&PL Claims

George Schalick, Jr., Senior Vice President of the Management and Professional Liability Division, Philadelphia Insurance Companies

The current soft market might come as a bit of a surprise as it does not track with previous underwriting cycles and economic conditions. Afterall, many privately held and non-profit organizations struggled during the early days of the pandemic with shutdowns and rapidly declining revenues. But the Government assistance programs, like the Paycheck Protection Program loans, helped keep many afloat during the tough times.

“During COVID many organizations stopped doing business until they were able to sort out all of the health and safety challenges,” Schalick said. “They were forced to lock down, but then all the government assistance programs allowed them to keep people employed. The increased volume of claims we anticipated we would see coming from the lockdowns and restrictions that were imposed upon businesses in the U.S. didn’t manifest at first.”

“Just because there wasn’t an onslaught of reported claims at the beginning of the pandemic, doesn’t mean the circumstances that would give rise to a claim being reported didn’t occur. Courts and the judicial system were closed or slowed and now that they are back open, we’re starting to see the circumstances that occurred during the COVID lockdowns becoming claims today,” Schalick said. “Litigation is progressing.”

Added to the delayed pandemic litigation is a concern over newer claims that might be filed as the country inches toward an economic downturn. Though a recession was avoided in 2023, experts think a soft dip could occur in 2024, with 76% of economists saying there’s a 50% or less chance of an economic downturn this year — that almost always results in more management liability claims.

“During the Great Recession in 2008, we saw an almost immediate spike in claims because of the economic conditions and the pressure it placed on organizations. They were making personnel changes with significant belt tightening almost immediately.” Schalick said.

What’s in Store for M&PL Policy Rates in 2024?

Despite an uptick in claims and increased economic uncertainty, management liability rates haven’t increased, resulting in market-wide pricing levels that may not meet the increased pressure of rising settlements and jury verdicts.

“Rates are going the other direction and settlement values are not falling,” Schalick said.

The mismatch between rates, claim frequency and severity is, in part, because carriers experiencing the dramatic soft market in the public D&O market are seeking premium gain in the private and non-profit market.

“In the public company market, the rates have been decreasing significantly. The rates were increasing in the private, not-for-profit market, and rightfully so, but there’s a desire to supplement overall mid-size D&O for carriers who also write private not-for-profit, and they see that as an opportunity to aggregate premium,” Schalick said. “So the always competitive landscape in the private, not-for-profit market has dramatically increased in the last 18 to 24 months.”

Still, companies of all sizes and types should be concerned about management liability rates in the future. Legal system abuse is resulting in increases in both the amount of litigation and the size of verdicts plaintiffs are receiving.

Certain areas of the country are particularly vulnerable to this type of legal system abuse. As a result, insureds in these localities are likely to be vulnerable to rate increases.

“The environment is so positive for the plaintiff that forces premium increases so carriers are able to stay in that market long term,” Schalick said.

Why a Tenured Carrier Partner Can Help Insureds Navigate An Uncertain Market

It’s clear that insureds are facing an uncertain M&PL market over the next few years. Fortunately, carriers with a long history in the M&PL space will be there to offer stability.

Philadelphia Insurance Companies has been supporting this market for 35 years. PHLY is committed to offering long-term rate stability, even as economic and claims trends start to push premiums upwards. They have an appetite for all sorts of companies, large and small, for-profit and nonprofit alike.

“We’ve been at this game for a long time and are one of the most tenured underwriters in this space,” Schalick said. “We like to stay very consistent.”

PHLY has worked with both for-profit and non-profit on management liability policies. With dedicated M&PL teams throughout the company’s 13 regions, PHLY provides the support agents and brokers are looking for on behalf of their clients. The teams know their regions well and can respond to local trends. They’re also dedicated to making the renewal process as easy as possible for their partners and policyholders.

“We have real confidence in our results, so we focus a lot on making the renewal experience as painless as possible for all agents and insureds,” Schalick said.

The company is also investing in tools to help insureds avoid losses. Earlier this year, they launched a new online risk management platform, PHLYGateway, which offers resources for insureds on how to create an employee handbook and trainings on issues such as recognizing workplace sexual harassment and discrimination.

If insureds have questions, they can consult a Best Practices Help Line, provided via the platform. That way, they can get on the spot risk management guidance to help them prevent claims.

To learn more, visit: https://www.phly.com/mplDivision/managementLiability/default.aspx.

This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Philadelphia Insurance Companies. The editorial staff of Risk & Insurance had no role in its preparation.