The Best Laid Plans
Disclaimer: The events depicted in this scenario are fictitious. Any similarity to any corporation or person, living or dead, is merely coincidental.
Hale Everson disliked silence and wasn’t bothered by visible distractions. A natural multitasker, he liked to keep D.C. Span, the 24-hour news channel devoted to Washington politics, on his office TV.
As the Human Resources director for the Southern operations of Fuego Motors, a leading European car maker, Hale had been working for years to create a state-of-the-art health care monitoring system for the automobile manufacturing plant’s employees.
On the computer monitor in front of him, there were no less than 10 open spreadsheets.
Hale loved data and along with the auto plant’s risk manager, he had compiled plenty of it.
Hale paused at his keyboard and shifted his attention to his TV set. The U.S. Senate was voting on the passage of the Patient Protection and Affordable Care Act.
“Come on boys, come on,” he said, as he watched the “yes” votes pile up. Hale wasn’t worried about the outcome of the vote. He’d been preparing for this day for years.
When it came to what he required to work well, Brady Heller, the CFO for Apex Care, a regional hospital, was a door-shut type, even though he had a corner office. Brady hated any sort of distraction.
It wasn’t until he got home late that night and watched the 11 o’clock news that Brady found out the Affordable Care Act had passed. Brady watched impassively as his wife sat next to him.
Always keeping his cards close to his vest, Brady quietly calculated what Apex Care had spent over the past four years to acquire numerous specialty practices to build a state-of-the art Accountable Care Organization.
Brady wasn’t worried about the outcome of the vote either. He’d also been preparing for this day for years.
Brady and Hale, friends since college, were walking down the fourth fairway at the local country club when the two community leaders, key members of the local chamber of commerce, put their well-disciplined heads together.
“Nice job picking up Neil Zane’s cardiac practice buddy,” Hale said to his friend with a smile.
“Thanks,” Brady said, as he scanned the grassy rise for his golf ball.
“From what I can tell, you’ve got all the pieces in place,” Hale said.
“I sure hope I do. Cost us enough,” Brady said as he turned to set up a 2-iron shot.
“Brady, hold on just second,” Hale said. Brady turned and looked soberly at Hale, alert to the business-like tone Hale had switched to.
“I think I’ve got all my pieces in place too, and I don’t want to wait ‘til the wind changes. I want to bring my entire workforce to Apex on a direct contract. I’ve got all the data…”
“I bet you do,” Brady said.
“And with my documentation we can get this done sooner rather than later,” Hale said.
“You got everybody ready?” Brady asked.
“I’ve got everybody on board, from Turin to where we’re standing right here,” Hale said, and Brady could tell that Hale meant every word.
Within three weeks, the local business weekly ran a story under the following headline and subhead.
“Fuego and Apex Ink Healthcare Pact”
“Savings and better quality of care in focus in multi-million-dollar arrangement”
The story featured a picture of Brady and Hale shaking hands over a conference table.
Under the direct contract with Apex, Fuego’s workers and their dependents would receive exclusive health care at the regional health giant for three years. The contract was set to renew as long as costs didn’t deviate more than five percent on an annual basis from projections.
Seven months after the direct contract deal was announced, Serge Bernstein, head of Apex’s high-profile bariatric medicine and weight loss clinic, requested a face-to-face meeting with Brady.
“I have to ask you, did you have access to Fuego’s health care data before you agreed to this deal?” Dr. Bernstein asked Brady.
“I know as a matter of fact that the company keeps excellent records,” Brady said as an opening defense.
“Well, I keep pretty good data on my end as well,” Dr. Bernstein said, as he expertly swiped his digital tablet to bring ups some figures.
“The contract with Fuego says costs can’t deviate more than five percent from projections,” he said.
“That’s correct,” Brady said.
“What would you say if I told you that I am seeing instances of diabetes in that population at about 250 percent of projections?” Dr. Bernstein said.
“I’d be very concerned,” Brady said.
“Then you should be very concerned,” Dr. Bernstein said.
Two weeks later it was the hospital system’s head of orthopedics, Krishnan Gilani, who was sitting in Brady’s office.
“I’ve got a four-week waiting list for initial non-emergency evaluations,” Dr. Gilani said.
“Why?” Brady said.
“Have you heard of the Affordable Care Act? This autoworker population requires a lot of care. Many of them are overweight, which complicates treatment. I’ve also got a threefold increase in overall caseload due to all the previously uninsureds coming on board under the new law,” Dr. Gilani said.
“Wow,” Brady said.
“Wow indeed, Mr. Heller,” Dr. Gilani said. “These are substantially out of whack figures and of great concern,” Dr. Gilani said.
Hale and Brady were mostly silent as Hale lined up a putt and the two of them digested the information that the increased number of insureds coming in for treatment was threatening to broadside their direct contracting arrangement.
“It’s the first year of the program,” Hale said after his putt lipped out. “I’m sure the numbers will settle down in years two and three.”
“You’re probably right,” Brady said as he stood over his putt.
“You’re probably right.”
Hale’s view of his in-office television screen is obscured by the bulk of the autoworkers’ union vice president. To the vice president’s left is the union president. Neither of them looks healthy and neither of them looks especially pleased.
“Eighteen months ago you sold this hospital deal to us, saying it would be better for the workers and their families. You said we’d get better treatment, cheaper, and better access to treatment,” the union president said.
“I did say that, that’s true,” Hale said
“None of that was true,” the vice president said.
“We got a guy on the line, he twists his back trying to keep an engine compartment bonnet in place. You know how long it takes him to see a back specialist?”
“I don’t…” Hale begins.
“How about five weeks?” the vice president said. “Five weeks!”
“And this is the only hospital we can go to,” the president said.
“I thought health care reform was about choice. You know what? We have no choice,” the union president said.
“Am I in Russia now because I feel like I’m in Russia,” the union vice president says to the union president.
The quarterly meetings between hospital management and the medical team leaders have become so fraught with tension for Brady Heller that they begin to feel like out-of-body experiences.
Dr. Bernstein, Dr. Gilani and Dr. Helen Beers, chair of the cardiac unit, have Brady in their cross-hairs.
“When you brought my practice into your system, I was assured that I could maintain my care standards, that my cost of risk would be reduced by 20 percent and that my revenues would increase by 30 percent,” Dr. Beers begins.
“None of that has happened,” she said, fixing formidable steel blue eyes on Brady through her titanium eyeglass frames.
“Instead I’m seeing delays in payment. I am seeing care standards that I never would have tolerated independently, and I am seeing this across a number of departments, not just my own,” she said.
“We want access to full financial documentation under the terms of our contracts or we are walking, I am not kidding you,” Dr. Bernstein said.
Brady looked from Dr. Bernstein to Dr. Gilani to Dr. Beers. Nowhere was there mercy or understanding.
Hale has a board meeting of his own to attend.
“If we pay them this $3 million that they’re asking for,” the CFO for North America says to Hale.
“On top of the contracted amount,” he says, looking around the table for emphasis, to make sure everyone is getting his point.
“On top of the contracted amount,” he says yet again, unmercifully.
“What assurances do we have that we’re not going to be shelling out another $3 million in six months to a year from now?” the CFO asks.
“I’m not sure that I can offer you any assurances,” Hale says.
“We’re seeing treatment delays and co-morbidities that are beyond the scope of our projections,” he adds.
“I thought this was the best health care money could buy,” the CFO says.
“It may be,” says the North American CEO, who has made a special point to be at this meeting.
“The issue is we didn’t know it would take this much money to buy it.”
The CEO fires Hale Everson that very evening.
A sizable regional employer and a large health care system come to grief when their directly contracted health care arrangement is blind-sided by health care reform implementation. The planners of the deal fail to take into account the delays in treatment that large numbers of previously uninsured patients coming into the system will create. Contrary to their promises, standards of health care deteriorate and key stakeholders become alienated.
1. The importance of good data: Data is only actionable if it is good data. Fuego Motors thought it had adequately measured the health care risks inherent in its employee population, but events proved it to be woefully wrong. The advent of the Affordable Care Act is going to impact medical treatment and loss projections are going to have to be altered.
2. Assess your contract: Direct contracts to provide health care services to employers might make a lot of strategic sense, but they can turn into straightjackets if not written with enough flexibility to account for increasing health care costs and the unknowns of health care reform.
3. Medical practice acquisition is fraught with perils: Bigger is not necessarily better when it comes to health care business management. Conflicting work cultures and compensation and quality of care expectations can lead to disagreements, litigation or worse if contractual provisions aren’t spelled out adequately.
4. Health care regulation is in conflict: Federal health care reform is not the only wind sweeping the waters. There are numerous federal and state entities regulating health care and their missions and mandates are not in step with each other. Understanding the full lay of the land moving forward is a must.
5. Move with measured steps: There is so much going on in health care practice and regulation right now that the unknowns outnumber the knowns. Look at acquisition targets with more caution than ever before.
6. Be fully transparent: Both sides thought they had all the data they needed. But in the end, their failure to completely share with their data with their respective teams created unpleasant surprises. Being fully candid about all risks is the best strategy in this unsure environment.
The issues covered in this scenario were in part based on the impact of health care reform. This follow-up webinar focused on specific changes to the health care market in the wake of Affordable Care Act implementation and presented actions insureds can take to prepare themselves moving forward.
Stabbed in the Back
Disclaimer: The events depicted in this scenario are fictitious. Any similarity to any corporation or person, living or dead, is merely coincidental.
Part One: Opportunity Knocks
Jack Fisk, nice and warm in the comfort of his study in Fort Collins, Colorado, sat and stared at the message in his personal email account inbox. He sat and stared at it for a long time.
Jack took a sip of herbal tea and a nibble of the lemon cookie at his elbow. Then he went back to staring at the message. There it was in black and white, an offer from a Chinese national — an offer he felt he couldn’t refuse.
As a lead engineer with Super Diamond, a manufacturer of mining and drilling equipment, Jack was an integral part of a team that developed one of the most effective drilling bits ever made. The bit, used in gold mining and deep-sea oil extraction, was helping to push Super Diamond into record-breaking revenue territory.
There was only one problem and it was a very big one, for Jack at least. Super Diamond’s top line was breaking records, but Jack Fisk felt left out. Where were his millions, he wondered.
Well here they were. He didn’t know how they found him, but they found him.
The deal was this. Hand over some of Super Diamond’s top-secret product information and receive a seven-figure reward.
As Jack considered the offer, he felt entirely justified in taking it. It was his creativity and knowledge, more than anyone else’s, which led to the product breakthrough. He was sure of it. He knew it in his gut.
Here’s what Jack didn’t know. Another employee of Super Diamond, an IT executive based in Mumbai, was looking at a very similar email. This employee, Vijay Bhakta, enjoyed super-user status within Super Diamond’s computer networks, with access to all of its servers.
The Chinese had done their homework. Jack, married with two children, lived a pretty straight life. The lure of a big paycheck was more than enough for him.
Vijay enjoyed a riskier lifestyle. Money was a good motivator for him, but just as compelling were the offers of drugs and prostitutes the Chinese were dangling in front of him.
In approaching Vijay, the Chinese were after more than product information. They wanted access to Super Diamond’s customer list and information on its entire product line, not just the drilling bits that Jack helped develop.
Both executives, unbeknownst to the other, took the bait.
For the next 18 months, Jack used the time-honored method of downloading proprietary information onto a thumb drive, walking out the door with it, and painstakingly sending it to his Chinese contact using his personal email address in the quiet comfort of his study at home.
The Bitcoin payments from the Chinese, amounting to $2.7 million in 18 months, arrive faithfully. Jack uploads his company’s precious trade secrets just as faithfully.
Vijay is introduced to a hacker who, armed with the IT exec’s user information and passcodes, invades Super Diamond’s system at will over the same time period.
Vijay is also faithfully compensated, with cash drops and services meeting his other needs, under the terms of his agreement with the Chinese.
At the end of 18 months, fully exploiting their two points of entry, the Chinese own the keys to the Super Diamond kingdom. They know how to make a number of Super Diamond’s products and they know exactly who to sell them to and at what price.
Part Two: A Chilling Recognition
Super Diamond’s risk manager, Cathleen Sunbury, is enjoying an invigorating game of tennis with a friend on a sunlit court in San Diego, when she gets an urgent text from the company’s COO.
“Please get to the office, ASAP,” says the message. “Urgent.”
A chill runs through Cathleen.
“Uh oh,” she says, as she and her friend grab a water break courtside.
“What is it?” her friend says.
“I don’t know what it is, but it doesn’t look good,” Cathleen says. “I gotta go.”
“Is this because I was winning?” her friend asks.
That would normally be a funny jibe between friends. It’s not today.
At the office, other company executives share with Cathleen what they know. Sales in several of Super Diamond’s key Asian markets have suddenly softened.
There is also an indication that the company suffered an IT breach, but the extent of it is difficult to ascertain. Whoever broke in did a great job of covering their tracks. What was accessed and what was taken appear to be unknowns. The company’s IT department is at a loss.
“I know who to call,” Sunbury says, banking on a conversation she had with a former higher-up in the FBI who now works for a cyber forensics firm in Philadelphia.
The Super Diamond CEO and CFO initially balk at the forensic firm’s price tag.
The vice president of the forensic firm, who led key cyber investigations for the FBI before entering the private sector, snorts in derision.
“Your company is horrible at this,” the forensics VP says.
“Your IT department has no idea what happened and it will take them months to figure it out,” he says.
“It’s looking like you have an internal perpetrator, possibly more than one. How much longer can you afford to wait to determine what’s going on?”
The phrase “possibly more than one” overwhelms any resistance on the part of the CFO and the CEO. They sign on the dotted line with the forensics firm.
The forensic firm gets right to work. To connect the dots they pull records from a number of departments, including Human Resources and Security.
They also have their own cyber security specialist take a look at the Super Diamond network to see who might have compromised it.
It takes the forensics firm two days to come up with two names: Jack Fisk and Vijay Bhakta.
Part Three: Gone, Gone, Gone
Jack Fisk and Vijay Bhakta are dismissed and face criminal charges. As painful as that is for company executives, that’s the easy part.
What comes next for Cathleen Sunbury in her role as risk manager is far more painstaking, and far more painful.
The forensics team is able to match up human resources records, including data on when Vijay Bhakta and Jack Fisk were in the office, against data on computer use, including when an outside device was connected to Jack Fisk’s computer.
That left no doubt that the product information and additional company information that was taken from Super Diamond was the work of inside perpetrators.
The “good” news is that Super Diamond executives now understand what happened. The bad news is that their insurance policies are inadequate to cover the loss.
Determining the value of what was taken, including the cost of lost sales, is difficult, but Super Diamond executives settle on a figure of $200 million.
The company’s cyber breach policy, though, covers an occurrence in the event of a breach from an outside hacker. Bhakta and Fisk are internal perpetrators, and thus the company is not covered, its carrier says.
Compounding the pain, Super Diamond shareholders file suit against Super Diamond executives and board members. The shareholders argue that the board and the C-suites failed to take adequate measures to protect proprietary company information.
The company’s E&O and D&O policies respond to the costs of the lawsuits. But the company faces punishing premium increases for both E&O and D&O coverage going forward.
Sales are depressed, due to the theft of key intellectual property, and getting good cyber coverage at a reasonable price is flat-out impossible.
Super Diamond settles for a premium increase to cover both external and internal hacks that is 400 percent more than it faced the previous year.
Worn out by the process of determining the loss and trying to get coverage for a company that is bleeding money; Cathleen Sunbury resigns.
“I don’t know who we’re going to get to replace you,” the CEO says.
“I don’t know either,” Sunbury says, meaning no disrespect but feeling utterly defeated.
Risk & Insurance® partnered with Swiss Re Corporate Solutions to produce this scenario. Below are Swiss Re Corporate Solutions’ recommendations on how to prevent the losses presented in the scenario. This perspective is not an editorial opinion of Risk & Insurance®.
Super Diamond’s Cathleen Sunbury might still have her job and her company would be in much better shape had she partnered with Swiss Re Corporate Solutions.
Swiss Re, in addition to offering cyber insurance coverage that would have covered an internal perpetrator incident such as the one detailed in “Stabbed in the Back,” would also advise Sunbury and her fellow executives at Super Diamond on being much better prepared to defend against and respond to it.
Having a forensics team, a crisis (breach) communications partner and the right law firm lined up ahead of time would have saved the company a lot of time and trouble. Swiss Re offers all of that as part of its coverage.
In just one example, imagine the costs that Super Diamond will incur if it has to go after Vijay Bhakta and Jack Fisk in civil court, or what it’s going to spend defending itself against shareholder lawsuits.
Swiss Re Corporate Solutions would have paid for Super Diamond’s legal defense, compensated it for lost revenue, and paid for data reconstitution and additional legal costs as part of its CyberSolutions product.
The lost sales in Asia that Super Diamond experiences when Jack Fisk sells its intellectual property to a Chinese national would also be covered under that policy.
On the front end, Swiss Re would work with Super Diamond to identify which of its mining or drilling technologies were most valuable; in other words, naming the “crown jewels” that the company absolutely could not afford to lose control of. That would also involve ascertaining where those “jewels” are stored and who has access to them.
The upfront work would also include the services of experts with IBM who can conduct penetration tests of the company’s IT systems.
In essence, companies everywhere need to understand that any gap in its preparedness or ability to respond creates liability. There is not only the initial liability of a loss or a penetration, there is the multiplying liability of shareholders, or regulators, holding the company responsible for its negligence.
By partnering with Swiss Re Corporate Solutions and picking up its CyberSolutions product, Super Diamond would have bolstered its risk mitigation and vastly improved the efficiency of its response.
No company is safe from a cyber penetration; the record is clear on that. But experts say many companies have a lot of ground to make up to become more vigilant and better coordinated to bounce back when an incident occurs.
No entity can do this on its own. Pick the right partner(s).
Why Marine Underwriters Should Master Modeling
Better understanding risk requires better exposure data and rigorous application of science and engineering. In addition, catastrophe models have grown in sophistication and become widely utilized by property insurers to assess the potential losses after a major event. Location level modeling also plays a role in helping both underwriters and buyers gain a better understanding of their exposure and sense of preparedness for the worst-case scenario. Yet, many underwriters in the marine sector don’t employ effective models.
“To improve underwriting and better serve customers, we have to ask ourselves if the knowledge around location level modeling is where it needs to be in the marine market space. We as an industry have progress to make,” said John Evans, Head of U.S. Marine, Berkshire Hathaway Specialty Insurance.
CAT Modeling Limitations
The primary reason marine underwriters forgo location level models is because marine risk often fluctuates, making it difficult to develop models that most accurately reflect a project or a location’s true exposure.
Take for example builder’s risk, an inland marine static risk whose value changes throughout the life of the project. The value of a building will increase as it nears completion, so its risk profile will evolve as work progresses. In property underwriting, sophisticated models are developed more easily because the values are fixed.
“If you know your building is worth $10 million today, you have a firm baseline to work with,” Evans said. The best way to effectively model builder’s risk, on the other hand, may be to take the worst-case scenario — or when the project is about 99 percent complete and at peak value (although this can overstate the catastrophe exposure early in the project’s lifecycle).
Warehouse storage also poses modeling challenges for similar reasons. For example, the value of stored goods can fluctuate substantially depending on the time of year. Toys and electronics shipped into the U.S. during August and September in preparation for the holiday season, for example, will decrease drastically in value come February and March. So do you model based on the average value or peak value?
“In order to produce useful models of these risks, underwriters need to ask additional questions and gather as much detail about the insured’s location and operations as possible,” Evans said. “That is necessary to determine when exposure is greatest and how large the impact of a catastrophe could be. Improved exposure data is critical.”
To assess warehouse legal liability exposure, this means finding out not only the fluctuations in the values, but what type of goods are being stored, how they’re being stored, whether the warehouse is built to local standards for wind, earthquake and flood, and whether or not the warehouse owner has implemented any other risk mitigation measures, such as alarm or sprinkler systems.
“Since most models treat all warehouses equally, even if a location doesn’t model well initially, specific measures taken to protect stored goods from damage could yield a substantially different expected loss, which then translates into a very different premium,” Evans said.
That extra information gathering requires additional time but the effort is worth it in the long run.
“Better understanding of an exposure is key to strong underwriting — and strong underwriting is key to longevity and stability in the marketplace,” Evans said.
“If a risk is not properly understood and priced, a customer can find themselves non-renewed after a catastrophe results in major losses — or be paying two or three times their original premium,” he said. Brokers have the job of educating clients about the long-term viability of their relationship with their carrier, and the value of thorough underwriting assessment.
The Model to Follow
So the question becomes: How can insurers begin to elevate location level modeling in the marine space? By taking a cue from their property counterparts and better understanding the exposure using better data, science and engineering.
For stored goods coverage, the process starts with an overview of each site’s risk based on location, the construction of the warehouse, and the type of contents stored. After analyzing a location, underwriters ascertain its average values and maximum values, which can be used to create a preliminary model. That model’s output may indicate where additional location specific information could fill in the blanks and produce a more site-specific model.
“We look at factors like the existence of a catastrophe plan, and the damage-ability of both the warehouse and the contents stored inside it,” Evans said. “This is where the expertise of our engineering team comes into play. They can get a much clearer idea of how certain structures and products will stand up to different forces.”
From there, engineers may develop a proprietary model that fits those specific details. The results may determine the exposure to be lower than originally believed — or buyers could potentially end up with higher pricing if the new model shows their risk to be greater. On the other hand, it may also alert the insured that higher limits may be required to better suit their true exposure to catastrophe losses.
Then when the worst does happen, insureds can rest assured that their carrier not only has the capacity to cover the loss, but the ability to both manage the volatility caused by the event and be in a position to offer reasonable terms when renewal rolls around.
For more information about Berkshire Hathaway Specialty Insurance’s Marine services, visit https://bhspecialty.com/us-products/us-marine/.
Berkshire Hathaway Specialty Insurance (www.bhspecialty.com) provides commercial property, casualty, healthcare professional liability, executive and professional lines, surety, travel, programs, medical stop loss and homeowners insurance. The actual and final terms of coverage for all product lines may vary. It underwrites on the paper of Berkshire Hathaway’s National Indemnity group of insurance companies, which hold financial strength ratings of A++ from AM Best and AA+ from Standard & Poor’s. Based in Boston, Berkshire Hathaway Specialty Insurance has offices in Atlanta, Boston, Chicago, Houston, Los Angeles, New York, San Francisco, San Ramon, Stevens Point, Auckland, Brisbane, Hong Kong, Melbourne, Singapore, Sydney and Toronto. For more information, contact [email protected].
The information contained herein is for general informational purposes only and does not constitute an offer to sell or a solicitation of an offer to buy any product or service. Any description set forth herein does not include all policy terms, conditions and exclusions. Please refer to the actual policy for complete details of coverage and exclusions.
This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Berkshire Hathaway Specialty Insurance. The editorial staff of Risk & Insurance had no role in its preparation.