Companies are reevaluating their security measures in the wake of last week’s fatal shooting of UnitedHealthcare CEO Brian Thompson.
A number of companies have scrubbed their websites of top executives’ biographies and photographs. Others are closing offices or canceling in-person events.
While some of these are temporary measures meant to protect workers amid heightened social media vitriol aimed at the health insurance industry and corporate America, security experts told USA TODAY they expect permanent shifts after last week’s killing.
“I think this is a wakeup call to many,” said Paul Sarnese, owner of Secured & Prepared Consulting and former president of the International Association for Healthcare Security and Safety. “I see this as a lightning rod moment to change the security landscape.”
Killing spurs online vitriol toward insurance companies
Thomspon, 50, was fatally shot outside a Midtown Manhattan hotel on his way to speak at an annual investor conference.
Holiday deals: Shop this season’s top products and sales curated by our editors.
New York Police Department Chief of Detectives Joseph Kenny told reporters Thompson did not appear to be accompanied by a security detail at the time of the shooting. Thompson’s wife, Paulette Thompson, told NBC News he had received threats ahead of the event.
Minnetonka, Minnesota-based UnitedHealthcare, one of the largest insurers in the nation, has received scrutiny for its denial rates. Multiple media outlets have reported shell casings at the scene had the words “deny” and “depose” written on them ‒ terms associated with insurance companies’ strategies for rejecting claims.
Suspect Luigi Mangione, 26, on Monday was charged with murder and other felonies in connection with the fatal shooting, as previously reported by USA TODAY. An internal intelligence report from the NYPD said the gunman viewed himself as a martyr against “corporate greed” and the insurance industry, according to multiple news outlets.
The incident has prompted other companies – especially those in the insurance sector – to reevaluate their security measures.
“It’s important that you understand, how are we viewed?” said Dave Komendat, founder and president of DSKomendat Risk Management Services and former chief security officer for Boeing. “And if we’re not viewed favorably and we have people out there representing that service, that product, in a public setting, what steps do we need to take to mitigate risk?”
Matthew Peters, vice president of protective services at security provider Guidepost Solutions, said phone calls have “at least quadrupled” since Thompson’s killing, with companies from “every single industry” reevaluating their security programs, especially security around in-person events like investor meetings and holiday parties.
“It was an eye-opening experience for many CEOs. … Most of them think they’re anonymous. A great deal of them, they drive themselves to work or just jump in a cab,” Peters said. “Firms have to think about the concept of duty of care, protecting their most valuable assets. What measures are they enacting to protect their people?”
UnitedHealthcare CEO killing:New details emerge after Luigi Mangione charged in killing of Brian Thompson
How companies are responding
Nearly a quarter of CEOs and 16% of other executive officers in S&P 500 companies received home and/or personal security services last year, according to an April report from WTW, a risk management service provider. The median value of security services for CEOs was just under $50,000.
Those numbers may soon be on the rise, according to Sarnese of Secured and Prepared Consulting, who said incoming calls asking for security advice have doubled in the past week.
“I can tell you that those organizations that never considered having an executive protection program are reevaluating that decision,” he said. “They’re reevaluating their websites, they’re reevaluating their signage, their directories.”
Centene, a Missouri-based insurer, said its investor day this week will be held virtually instead of in person. UCare, a Minnesota-based nonprofit insurer, told USA TODAY it closed offices this week after receiving “a concerning comment in a phone call.”
Other companies are limiting executive information on their website. UnitedHealth Group, parent company of UnitedHealthcare, removed top executives’ biographies and photographs from its site after the shooting. A link to Indianapolis-based Elevance Health’s leadership team now leads to the insurance provider’s home page. A similar link on Blue Cross Blue Shield’s website listing senior management redirects to an “about us” page.
Medica, a health insurance company based in Minnesota, told The Associated Press it removed executive biographical information from its website and temporarily closed its offices “out of an abundance of caution.”
CVS spokesperson Amy Thibault said the company, which owns health insurer Aetna, removed executive photos from its website. UnitedHealthcare, UnitedHealth Group, Medica, Blue Cross Blue Shield Association and Elevance did not respond to requests for comment.
Removing this sort of information online is a “reasonable step” and can make it more difficult to identify executives, but it’s not clear how effective they are in the long term, according to Komendat. Personal information can be hard to scrub from the internet, especially if someone is intent on tracking it down.
“What’s more important is really understanding the risk profile that comes along with your company,” he said. “If they’re working in a field or an industry that’s generally unpopular or not viewed favorably, I think there will be pressure and expectations” to make changes.
