What Can Be Done About Nuclear Verdicts?

“Nuclear verdicts” are putting a strain on corporations and their insurers, an insurance executive writes in this month’s Best’s Review. Paul Horgan, head of U.S. national accounts for Zurich, says the insurance industry is acting to address this trend but can’t do it alone.

The phrase refers to “exceptionally high” jury awards that, Horgan says, “exceed what most would consider reasonable.” He adds that such verdicts are becoming more common “and are being driven, in part, by aggressive and effective plaintiff’s attorneys.”

Commercial trucking is one of the most industries most heavily affected by nuclear verdicts. When considering verdicts of more than $1 million, the average size of awards related to trucking incidents increased nearly 1,000 percent from 2010 to 2018, according to a study by the American Transportation Research Institute (ATRI).  

One piece of the picture

Nuclear verdicts are just one part of a larger trend that includes increases in class action suits and “litigation funding,” in which third-party investors assume all or part of the cost of a lawsuit in exchange for an agreed-upon percentage of the settlement. According to Bloomberg, hedge funds, private-equity, and sovereign wealth funds “are piling billions into the outcome of high stakes court cases at a faster rate than ever before,” turning litigation funding into a $39 billion global industry in 2019.

These and other aspects of runaway litigation are considered major contributors to “social inflation” – a common term for claims and losses rising faster than general inflation and leading to more expensive insurance for businesses and consumers.

“Just a few years ago,” Horgan writes, “the top verdicts in the United States were measured in the millions of dollars…. Today, it’s in the billions.” He adds that the median settlement of the top 50 U.S. verdicts rose from $28 million in 2014 to $58 million in 2018.

“Without a strong defense,” Horgan writes, “nuclear verdicts will become the norm, and the fallout will be devastating.”

Defense counsel have begun employing some of the same techniques as plaintiffs’ attorneys, according to Horgan, but more is needed to address runaway litigation. He says it’s “critical for corporations to exert pressure on their state and federal legislators to put an end to this.”

Learn More at JIF

At Triple-I’s Joint Industry Forum in New York City this week, a panel is being dedicated to the topic of runaway litigation, its impact on claims and losses, and what can be done about it. Moderated by Frank Tomasello, executive director of The Institutes Griffith Insurance Education Foundation, the panel features the following participants:

There’s still time to register by December 1, 2021 (11:59 p.m.).

Triple-I/Milliman:
Cat Losses, COVID
Keep the Pressure
on Rates, Profitability

By Loretta Worters, Vice President, Media Relations, Triple-I

The property/casualty insurance industry will run at an estimated 101 combined ratio for 2021, slightly worse than what was projected three months ago, putting pressure on rates and profitability, according to the latest underwriting projections by Triple-I and Milliman actuaries.

The industry is projected to experience 7.7 percent net written premium growth in 2021, followed by 5.2 percent in 2022 and 5.5 percent in 2023, due to the economic recovery and hard market.

The quarterly report, Insurance Information Institute (Triple-I) / Milliman P/C Underwriting Projections: 2021-2023, was presented at an exclusive members only virtual webinar moderated by Triple-I CEO Sean Kevelighan.

Dale Porfilio, Chief Insurance Officer, Triple-I

Triple-I Chief Insurance Officer Dale Porfilio explained that the 2021 estimated combined ratio – a measure of insurance company underwriting profitability — worsened from prior quarterly analysis “primarily because actual third-quarter catastrophe losses were worse than expected, with Hurricane Ida being the most destructive event.“

The 2021 year-to-date catastrophes are now the worst since 2017, when Harvey, Irma, and Maria all struck the U.S., Porfilio said.

He added that “healthy premium growth is projected for 2021-2023, as a result of economic recovery and a hard market” – an extended period of increasing premiums and decreasing capacity. Porfilio noted, however, that “insureds will continue to face rate pressure from the uncertainty of the pandemic.”

On the personal auto side, Porfilio said personal auto experienced improving combined ratios from 2016 through 2020, with 2020 heavily influenced by the lower miles driven during the pandemic.

“With miles driven in 2021 back to 2019 levels, we expect combined ratios to also return to pre-pandemic levels,” he said. “The greater concern for the entire industry is the observed riskier driving behaviors, such as impaired driving, speeding, and failure to wear seatbelts, leading to more severe accidents and increased fatalities.”

Jason B. Kurtz, Principal & Consulting Actuary, Milliman

Looking at the commercial side, Jason B. Kurtz, a principal and consulting actuary at Milliman – an independent risk-management, benefits, and technology firm – said the hard market persisted in the third quarter, particularly in commercial product lines.

For commercial multiple-peril insurers, Kurtz said, “We are currently estimating a 2021 combined ratio of 109 percent. This line got off to a difficult start in the first quarter due in part to the Texas freeze event, resulting in a historically high first quarter incurred loss ratio on a direct of reinsurance basis.”

Turning to workers compensation, Kurtz noted that underwriting profits will continue, although margins are shrinking. “The pandemic recession significantly impacted premium volumes, but we are finally seeing premium growth again with the economic recovery,” he said.

Dave Moore, President, Moore Actuarial Consulting

In commercial auto, underwriting losses are forecast to continue through 2023, said Dave Moore president of Moore Actuarial Consulting. “We believe social inflation is playing a role in these combined ratios remaining above 100 percent despite many successive years of steady rate increases,” he said. “We continue to observe a significant rebound in premium growth due to the economic recovery and the hard market driving rate increases.”

Moore added that Triple-I will be publishing research later in the month on social inflation, funded by a research grant from the Casualty Actuarial Society (CAS).  “We estimate social inflation increased commercial auto liability claims expense by roughly $20 billion for accident years 2010 – 2019.”

Michel Léonard, VP, Senior Economist, Head of Economics and Analytics, Triple-I

Michel Léonard, vice president, senior economist, and head of Triple-I’s Economics and Analytics Department, discussed the economic drivers of insurance performance for 2021 and going into 2022. He noted that the insurance industry is expected to grow by 3.4 percent in 2021, 2.4 percent below U.S. real GDP growth of 5.8 percent.

“This aligns with historical trends whereby the insurance industry declines less than the overall economy going into downturns but lags national averages during recoveries,” he said, adding, “Going into Q4, as more 2021 data becomes available, the more cool-headed forecasts for overall U.S. growth and inflation have prevailed. While both remain higher than usual on a year-over-year basis, overall U.S. growth is still falling short of making up for the growth lost to the pandemic over the last two years.” 

With the 2021 Atlantic hurricane season nearly over, it is on track to be an above-average season with a total of 21 named storms (trailing only 2020 and 2005 for the most named storms in a single season), according to Dr. Philip Klotzbach, research scientist in the Department of Atmospheric Science at Colorado State University.

Klotzbach, who is also a Triple-I Non-Resident Scholar, gave his updated projections for the 2021 hurricane season, which officially ends on November 30.  He noted that the season had seven hurricanes and four major hurricanes. “The most significant hurricane of the 2021 season was Hurricane Ida, which resulted in nearly 100 fatalities and $65 billion in total damage for the United States,” Klotzbach said. “In addition to devastating storm surge and strong winds near where the storm made landfall along the central Louisiana coast, Ida brought catastrophic flooding to the mid-Atlantic states, highlighting the significant impacts that hurricanes can generate well inland.”

Triple-I Study Sees “Constrained” Growth For Insurers in 2021

From financial economists’ exuberant growth forecasts early in the year to central bankers’ coining of the term “transitory” inflation to pushback against Federal Reserve “tapering”, credible economists have never diverged so widely in their economic outlooks as they have in 2021, says Dr. Michel Léonard, head of Triple-I’s Economics & Analytics department.

Michel Léonard,
V.P., Sr. Economist, Data Scientist, Head of Economics and Analytics

Léonard is author of Triple-I’s fourth-quarter insurance economic outlook report, Soft Landing, Headwinds and Rebound. The quarterly report is available to Triple-I members only at economics.iii.org and is a companion publication to Triple-I’s Insurance Economics Dashboard. Non-members interested in learning about membership can contact Deena Snell.

Triple-I’s analysis translates broad economic growth drivers into business line-specific terms. So, while the insurance industry is expected to show a 3.4 percent growth rate in 2021, Léonard says, it will underperform overall U.S. GDP growth of 5.8 percent because it is “constrained by its ties to industries with growth rates significantly below and inflation rates significantly above the U.S. rates overall.”  

According to the report, concerns about “runaway inflation” subsided in the second half of 2021 as prices for most goods in the consumer supply index (CPI) trended lower and overall inflation peaked at 4 percent. However, for a basket of goods whose prices tend to affect insurance claims and losses – think automobiles and replacement parts, among others – inflation remained above 10 percent. This is due primarily to supply-chain and labor-force disruptions.

As a result, the Triple-I report sees the insurance industry’s combined ratio increasing (underwriting profitability falling) due to low underlying growth and high line-specific inflation. It also sees the industry’s 2021 investment returns outpacing 2020’s, despite headwinds.

Executive Exchange: Pandemic Lockdown Speeds Insurance Digitization Growth

The global pandemic accelerated many technological advances that were already underway in the insurance industry – changes that are likely to pick up speed as COVID-19 recedes, according to Rohit Verma, CEO, Crawford & Co.

Triple-I CEO Sean Kevelighan recently spoke with Verma about the dramatic changes taking place as virtual interactions became more necessary and expected by consumers – especially in the early stages of the COVID-19 crisis. Crawford is a global provider of claims management solutions. 

“We have a self-service app which had probably a seven to 10 percent adoption rate,” Verma said in the conversation, which you can watch in full below. “Within the first three months, that adoption rate went up from seven to 10 percent to about 35 to 40 percent.”

Verma said he expects further acceleration of digitization in insurance, with start-ups partnering with larger, established companies to transform how insurance is done. The biggest obstacle, as he sees it, is the question: “Do we approach problems with a viewpoint of how we do solve them digitally, or do we approach them on how we solve them traditionally?”

Verma will be one of five senior executives participating in the C-Suite Panel on Resilience at Triple-I’s 2021 Joint Industry Forum on Thursday, Dec. 2, in New York City.

With Violent Crime Up, Negligent Security
Is a Looming Hazard

By Maria Sassian, Triple-I Consultant

While property crime (except for car theft) has been on the decline, the United States has been experiencing a worrying surge in violent crime since the start of the pandemic.

Murder and non-negligent manslaughter rose 29.4 percent in 2020 from 2019, the biggest rise since recordkeeping began in 1960, according to F.B.I. data.  The trend continued in the first half of 2021, when the number of homicides increased 16 percent from the same period in 2020 and 42 percent compared to the same period in 2019. Aggravated assault increased 9 percent, and gun assaults were up 5 percent, according to the Council on Criminal Justice.

Crime analysts have suggested several possible contributing factors, including the many strains brought on by the pandemic; a pullback in enforcement by the police; and a spike in firearm purchases.

Negligent security

When a violent crime occurs on a business or residential property, the victims often can hold the owners liable for damages stemming from “negligent security.”  Negligent security cases are based on the obligation (“duty of care”) of a property owner or tenant to provide a safe environment for their customers, residents, or visitors. According to PropertyCasualty 360, such cases are a “significant and growing subset of premises liability.”

Examples of negligent security include:

  • Poor lighting,
  • Lack of security guards or guards who fail to do their job properly, and
  • Insufficient locks or other security devices.

The duty of care borne by property owners can vary based on the types of businesses they operate. A shopping mall with limited hours may have a lower duty of care than an assisted living facility charged with caring for vulnerable residents 24/7.

Negligent security cases incur significant investigation and settlement costs, though few make it to trial.  Cases that do go to trial can get widespread media coverage, and juries, sympathetic to violent-crime victims, can hand down massive awards.  In Georgia, for example, lawsuits stemming from criminal attacks in CVS and Kroger parking lots ended in verdicts of $43 million in Fulton County and $69.6 million in DeKalb County, respectively, in 2019. CVS and Kroger were held liable on the basis that they should have had more security.

Risk management

Property and business owners can prepare to demonstrate that they have taken reasonable precautions by making sure crime prevention practices are in place. Steps that can be taken include:

  • Have on-site security staff and make sure they follow up-to-date policies and procedures,
  • Make sure security equipment is up-to-date and working,
  • Make sure all staff is trained in security and in how to handle potentially dangerous situations,
  • Perform regular inspections on lighting, stairs, windows, and doors,
  • Maintain landscaping properly, and
  • Investigate all threats of criminal activity.

The role of insurance

Negligent security is part of the broader coverage of premises liability. Whether you are covered or not depends on your individual policy. If negligent security is excluded, it should plainly say so in the policy. If the policy language  is ambiguous, courts may favor the policyholder in a coverage dispute.

When you’re covered, your insurance underwriting professional will work with you to make sure recognized crime prevention practices are being followed on the property. That way you will be prepared to prove that you followed reasonable precautions if a violent crime occurs.

If a violent crime does happen and a negligent security insurance claim is filed, the insurer will want to respond quickly to investigate the security measures that were in place, retain legal counsel, and engage a premises security expert. Delays in developing a defense plan can adversely affect the outcome and cost of the case. It’s important for the policyholder to have an emergency call list in the event of a crime and to have someone from the claims group on that list.

An insurance adjuster can help to resolve complex claims quickly, as well as help property owners prevent future incidents. The adjuster might dig into a property’s history to illuminate what’s considered “normal” and what activities owners should reasonably have anticipated. A history of break-ins or muggings, for example, could establish that the owner knew about the risk and, therefore, should have strengthened security measures in response, according to Engle Martin & Associates, a loss-adjustment and claims-management provider.

The adjuster may also look at the property owners’ social media and online reviews for previous complaints about security.  If the owners issued warnings about criminal activity and shared their attempts to improve security, for example, that can bolster their defense, said Natalie Prescott, casualty claims manager at Engle Martin.

Taking appropriate security measures and understanding your insurance coverage will go a long way toward helping you be prepared if a violent crime happens on your property.  Of course, you should seek guidance from your insurance or legal professionals about your specific circumstances.

This Just In:
Insurance Isn’t Boring

I just learned that November 3 is National Cliché Day. Who knew?

So, what better time than now (before it’s too late!) to bust the cliché that insurance is a boring industry.

The cliché might be rooted in the idea that insurance is all about remaining cozily in some imaginary “safety zone”.  Or maybe in the fact that the industry’s visual surface tends to be one of dull-looking paperwork full of fine print.

But think about it: the entire industry is rooted in risk!

Automobile accidents and other forms of property damage are only the start of it. There’s liability risk – the risk of being sued: product liability, professional liability, employment practices, directors and officers, errors and omissions, medical malpractice – the list goes on, and insurance professionals have to understand these areas of risk intimately to price policies, set aside appropriate reserves, and pay claims in a timely fashion.

Is climate-related risk keeping you up at night? You’re not alone. Insurers have been working on that one for decades, empowered by sophisticated modeling and analytics capabilities.  They aren’t just worrying about extreme weather and climate – they’re partnering with other industries, communities, and governments to do something about it.  

And, speaking of sophisticated technology – what about cyber risk? The average cost of a data breach rose year over year in 2021 from $3.86 million to $4.24 million, according to a recent report by IBM and the Ponemon Institute — the highest in the 17 years that this report has been published. These kinds of numbers add up quickly. Unlike flood and fire – perils for which insurers have decades of data to help them accurately measure and price policies – cyber threats are comparatively new and constantly evolving. The presence of malicious intent results in their having more in common with terrorism than with natural catastrophes.

These are just a few of the risks types insurance professionals look in the eye daily, working with a wide range of experts across industries and disciplines to meet them.  From the individual and family level to businesses large and small to the global economy, insurers play a critical role as both risk-management partners and financial first responders.

Keep these things in mind next time you catch yourself stifling a yawn at the mention of insurance!

CNBC’s Contessa Brewer to Interview Triple-I CEO at Joint Industry Forum

CNBC business journalist Contessa Brewer will interview Triple-I CEO Sean Kevelighan at Triple-I’s Joint Industry Forum (JIF) on December 2.

“Insurance is one of the industries I cover for CNBC, so I look forward to discussing the top issues of the day at one of its premier events,” Brewer said.  “Given 2021’s extreme weather, high-profile cyberattacks, and economic volatility, insurance has been in the news constantly, so there are plenty of things to talk about.”

The 2021 JIF is being held at the New York Hilton Midtown. The in-person, daylong program, bringing together the most accomplished thinkers and leaders in insurance, will be conducted in accordance with New York City’s Covid-19 protocols.

“CNBC is a recognized world leader in business news and reaches millions of Americans across all of its platforms,” Kevelighan said, adding that he looks forward to “a robust discussion” with Brewer. The agenda also includes panels on insurance economics, insurer talent and recruitment initiatives, and the societal costs of runaway litigation. 

Click here to register.

How Insurers Can Manage the “Great Resignation”

By Maria Sassian, Triple-I Consultant

If you didn’t quit your job this year, chances are you’re thinking about it:  41 percent of the global workforce is considering leaving their employer this year according to a Microsoft study.

U.S. workers are quitting in record numbers: 4.3 million resigned in August, nearly 3 percent of the U.S. workforce and the most in the 20 years since Department of Labor began keeping track. This followed 3.98 million resignations in July and 3.99 million in April.

While the reasons so many workers are quitting now are often related to low wages and poor working conditions, the pandemic has also led many people with “good” jobs to reevaluate the role of work in their lives and to pursue jobs that are more meaningful to them. The mass exodus has employers worried.

According to a Gartner survey of human resource leaders, 91 percent are “increasingly concerned” about employee turnover in the near future. Employee turnover costs U.S. businesses close to a trillion dollars a year, by some estimates (made before the pandemic).

What does this mean for insurers?

To shed light on how the Great Resignation is affecting the insurance industry, we turn to the Jacobson Group’s Insurance Labor Market Study conducted in third quarter of 2021 jointly with Aon. The study found that insurance professionals who were waiting to make moves earlier in the pandemic are now exploring their options and re-evaluating their positions with their current employers – a situation that makes recruiting, especially at experienced levels, “extremely competitive.”

Other key findings from the survey include:

  • 56 percent of companies plan to increase staff during the next 12 months, driven by the life/health segment, at 73 percent;
  • If the industry follows through on its plans, a 1.81 percent increase in industry employment is expected during the next 12 months;
  • Understaffed areas and business expansion were the top two reasons cited for increasing staff;
  • Technology is the area most likely to increase staff for large companies, followed by sales/marketing and underwriting;
  • Medium-sized companies want to increase staff in technology, followed by analytics;
  • Small companies have the greatest need for technology talent, followed by claims;
  • Technology and product management are the top two areas in which companies are looking to add experienced staff;
  • Technology, analytics, and actuarial positions are the most difficult to fill; and
  • Operations and actuarial roles were identified as areas most likely to add entry-level positions.

Not all insurers are looking to hire more workers; 13 percent report that reorganization and automation will be the primary reasons for staff reductions during the next 12 months.

What companies can do to retain talent

Leaders are advised to become more methodical in how they keep valuable human capital from walking out the door. According to Anthony Klotz – the  professor of management at the Mays Business School at Texas A&M University credited with coining the term “Great Resignation” – employers often don’t give enough thought to the off-boarding process and employees often don’t give the real reasons that they are quitting. Instead of just having an exit interview in which employees are asked why they’re leaving, he suggests talking to their coworkers and friends at the company who will be aware of their actual reasons.

Once the main causes of turnover are identified, a company can create customized programs to correct these issues. According to Ian Cook, an HR strategist, “adopting a truly data-driven retention strategy isn’t easy, but it’s worth the effort to do it right, especially in the current market…. With greater visibility into both how serious your turnover problem really is and the root causes that drive it, you’ll be empowered to attract top talent, reduce turnover costs, and ultimately build a more engaged and effective workforce.”

Of course, salary and benefits are still important in retaining and recruiting. Sixty percent of American employees say the COVID-19 crisis has caused them to think more carefully about the benefits their employer provides and about 68 percent anticipate their workplace benefits to play a more critical role in their future job selection, according to research from Voya Financial, Inc.

Many workers report feeling overwhelmed and depleted, a condition the pandemic has exacerbated. Employers can use the pandemic as an opportunity to offer an outstanding employee experience by listening and engaging with their workforce. After surveying hundreds of workers, McKinsey has identified several factors that go into the creating the right environment. They include: a sense of social cohesion, and purpose; collaborative teams; clear responsibilities and opportunities to learn and grow; an organizational sense of purpose that aligns with workers’ personal values; and a suitable physical and digital environment that gives them the flexibility to achieve a work–life balance.

People who report having a positive employee experience have 16 times the engagement level of employees with a negative experience, and they are eight times more likely to want to stay at a company, McKinsey research found.

As COVID-19 Drives Rise in Domestic Abuse, Insurers Seek to Empower Victims

Layoffs, loss of income, and living in isolation with abusers due to working remotely have increased the incidence of domestic violence. Associated Press photo.

By Loretta Worters, Vice President – Media Relations, Triple-I

When you think about domestic violence, insurance typically isn’t top of mind.  But financial security and access to resources can make all the difference to victims when deciding to leave an abusive relationship. And insurance is an important component of financial planning that can help survivors move forward.

Financial abuse is a common tactic used by abusers to gain power and control in a relationship. The forms of financial abuse may be subtle or explicit but, in general, include tactics to conceal information, limit the victim’s access to assets, or reduce accessibility to the family finances.

Growing evidence shows the pandemic has made intimate partner violence more common—and often more severe.  Layoffs, loss of income, and living in isolation with abusers due to working remotely have dramatically increased the incidence of domestic violence, further hampering a victim from leaving an abusive situation.

Survivors struggling to get back on their feet may also be forced to return to their abuser.  That’s why it’s so important that survivors understand how insurance works and what a critical role it can play in gaining financial freedom and economic self-sufficiency.

In support of Domestic Violence Awareness Month, Triple-I offers financial strategies to protect victims before and after leaving an abusive relationship. They include securing financial records, knowing where the victim stands financially, building a financial safety net, making necessary changes to their insurance policies and maintaining good credit. 

The National Coalition Against Domestic Violence (NCADV) reports that 10 million people are physically abused by an intimate partner each year, and 20,000 calls are placed to domestic violence hotlines each day. In addition, 85 percent of women who leave an abusive relationship return because of their economic dependence on their abusers.

“Home is often times a dangerous place for survivors of domestic violence, and COVID-19 exacerbates the circumstances, due to the abusers’ ability to further control,” said Ruth Glenn, president and CEO of the NCADV. “Tactics abusers use include ruining the credit of their victim as well as financial and digital abuse, such as stimulus funds being co-opted by abusers to an increase in domestic online harassment,” she said. 

Experts agree that domestic online harassment can come in many forms, from impersonating a victim by email to sabotage her work to controlling information about the pandemic to make her more fearful and dependent.

Since 2005, The Allstate Foundation has been committed to ending domestic violence through financial empowerment by helping to provide survivors with the education and resources needed to achieve their potential and equip young people with the information and confidence they need to help prevent unhealthy relationships before they start.  The Allstate Foundation offers a Moving Ahead Curriculum, a five-module program that helps prepare survivors as they move from short-term safety to long-term security. Modules of the curriculum include: Understanding Financial Abuse; Learning Financial Fundamentals; Mastering Credit Basics; Building Financial Foundations and Long-Term Planning.

“One of the most powerful methods of keeping a survivor trapped in an abusive relationship is not being able to support themselves financially,” Glenn explained. “That’s why insurance and financial education are so important,” she said.  “Education can save a life.”

Cyberattacks on Health Facilities: A Rising Danger

By Max Dorfman, Research Writer, Triple-I

As cyberattacks have increased in recent years, one area of particular concern has been those that target hospitals and health systems. These attacks have affected not only private information but also threatened the lives and well-being of patients.

A major shift

Hospitals rely more than ever on computerized systems to manage their information and systems. With the added complications related to the COVID-19 pandemic, the dangers associated with cyberattacks have only worsened.

“It’s part of a trend we’ve seen building over the last couple years, even before the pandemic,” said Scott Shackelford, chairman of the IU Cybersecurity Risk Management Program. Unfortunately, health-care providers are very much in the crosshairs. Not only do they often have insurance and deep pockets, but doctors need access to patient information to perform procedures and provide required services.

Because of this vulnerability and urgency, Shackelford said, “They are more likely to pay up.”

“If you look at the surveys that have been done, about one-in-three health providers have been hit by ransomware attacks just since 2020, and there’s been a 45 percent uptick in that rate since last December,” Shackelford added.

One recent attack, on Johnson Memorial Health in Franklin, Indiana, disabled its computer system. Although the hospital said it could still manage its patient intake, the loss of computer capabilities slowed operations down dramatically.

“We’re used to sending lab orders via computer, sending prescriptions to pharmacies via computer, so we’re going back to a real reliance on paper again,” Johnson Memorial President and CEO David Dunkle said. “We’re using more human runners, people taking lab recs between the ER and the lab.”

Hospitals have been slow to respond

Although there have been major technological advancements in the medical field, not all health systems have provided robust IT teams or thorough safety protocols. One area of note is with new medical devices, which take years to earn FDA approval and can come with outmoded software and operating systems without the latest security mechanisms.

This has given hackers the ability to disable medical imaging devices like MRIs. They can then shut down or interfere with machines.  A recent study by McAfeeEnterprise’s Advanced Threat Research Team uncovered that an IV pump created by German medical manufacturer B. Braun possessed a susceptibility that would allow hackers to change medicine doses remotely.

And while traditional phishing attacks require a user to open a corrupted file — a trend that is now on the decline — new attacks can use so-called Zero Click malware, which can infect a system merely through receiving a text or email.

Additionally, sensitive data that health systems possess gives hackers the opportunity to sell this information online — or threaten to — with demands rising into the millions of dollars. After a 2009 U.S. law was passed that required Medicare and Medicaid providers to implement electronic health records, these risks have only accelerated.

Life and death circumstances

Hospitals are now not only seeing the financial risks with cyberattacks, but the threat to their patients’ lives.

In July 2019, Springhill Medical Center faced a massive ransomware attack that disabled its electronic devices. This failure created dire circumstances for one infant, causing doctors to be unable to monitor the child’s condition during delivery. The infant died, and the hospital is being sued by the mother for malpractice—a charge Springhill denies.

Another attack in Düsseldorf, Germany in 2020 saw the death of a 78-year-old woman from an aortic aneurysm. What was supposed to be a routine pick-up turned into a nightmare, when the local hospital’s system was disabled by a ransomware attack, forcing the emergency department to turn away the woman and causing the ambulance to travel much farther. During this time, the patient’s condition worsened, and she eventually died.

How much worse can it get?

By the middle of August of 2021, 38 attacks on health-care providers or systems had interrupted care at approximately 963 U.S. locations. For all of 2020, only 560 sites were affected in 80 separate incidents, according to Brett Callow, a threat analyst at security firm Emsisoft.

With the vast amount of data and equipment at each of these health facilities—as well as the linked networks of many systems—the threat of cyberattacks in health care will only continue to grow unless more action is taken.

Latest research and analysis