UnitedHealthcare CEO shooting is driving corporations to bolster security

The targeted killing of UnitedHealthcare CEO Brian Thompson, a powerful executive walking alone on a New York sidewalk, is forcing a broad examination of security practices by corporations whose leaders are frequently subject to threats and internet vitriol.

Thompson, 50, was reportedly the subject of threats before he was fatally shot Wednesday morning outside the midtown Manhattan hotel where UnitedHealthcare was holding its annual investor conference. New York police said Thompson was not accompanied by a security detail at the time he was shot by an unidentified gunman, who remained the subject of a manhunt Friday.

The reported threats, and publicly available information about the event, should have “necessitated some level of protection,” said Jonathan Wackrow, chief operating officer for Teneo Risk and a former Secret Service agent. “The question remains, why did he not have it?”

Thompson's killing, by a masked gunman who waited for him before methodically shooting him from behind, shocked corporate leaders and the public alike. But security consultants said the shooting, while exceedingly rare, was indicative of rising levels of danger for executives whose companies are often the subject of intense public controversies.

Health-care leaders can face a particularly high risk of violence, security experts said, given that their decisions can affect whether people have access to critical medical care.

The targeting of Thompson also highlights the potential danger to executives who aren’t household names. Though he ran a business that provided health insurance to 50 million people and brought in $281 billion in revenue last year, Thompson oversaw a subsidiary of a larger company — UnitedHealth Group — and wasn’t its public face.

Executives in the internet age have faced rising risks, as online databases make it possible to track corporate planes and identify executives’ home addresses.

There were some indications that health insurance companies have taken immediate steps to enhance security. UnitedHealth has removed the web page listing the photos and bios of its top executives. CVS, which owns insurer Aetna, has also removed photos of its leaders on its website.

UnitedHealth said late Thursday that “our priorities are, first and foremost, supporting Brian’s family; ensuring the safety of our employees; and working with law enforcement to bring the perpetrator to justice.” The company “will continue to be there for those who depend on us for their health care,” it added. It did not respond to questions about threats against Thompson or his level of protection.

Five of the nation’s largest insurers — CVS’s Aetna, Elevance, Humana, Kaiser Permanente, and the Blue Cross Blue Shield Association — either declined to say whether they were taking extra security measures or did not respond to requests for comment.

“Out of respect for the Thompson family, we’re not commenting at this time,” said Phillip Blando, a CVS spokesperson.

“We will not comment on Humana’s security procedures,” a Humana spokesperson said.

Law enforcement officials have not identified a motive for Thompson’s killing. Police found words on shell casings at the scene that echo a common criticism of insurance companies — delay, deny, defend — that could indicate he was targeted in connection with his work, according to a person with knowledge of the investigation.

Corporate leaders are sometimes the subject of direct verbal protests or even physical confrontation by activists, analysts said.

“There are always issues and incidents involving leaders within companies, but they’re more low level — you get people having paint thrown on them, eggs tossed,” said Dave Komendat, president of DSKomendat Risk Management Services and a former chief security officer at Boeing. He participated in a telephone call with dozens of corporate security officers to discuss best practices after the shooting.

Health insurers like UnitedHealthcare have “at times, a lot of angry customers,” said Fred Burton, a former special agent with the U.S. Diplomatic Security Service who now works at Ontic. “I guarantee you, anybody else in this sector — in the health-care sector — is reassessing their security posture to see what kind of threats are out there.”

Just over a quarter of the companies in the Fortune 500 reported spending money to protect their CEOs and other top executives. Of those that did, the median payment for personal security doubled over the last three years to about $98,000.

In many companies, investor meetings like the one UnitedHealthcare’s Thompson was walking to when he was shot are viewed as very risky because details on the location and who will be speaking are highly publicized.

Some firms respond by beefing up security. Others forgo in-person meetings with shareholders. Government health insurance provider Centene Corp. joined that group Thursday, citing the UnitedHealthcare executive’s death in announcing that its upcoming Investor Day will be held online, rather than in-person as originally planned.

“Determining the need for and appropriate level of an executive-level protection program is specific to each organization,” said David Johnston, vice president of asset protection and retail operations at the National Retail Federation. “These safeguards should also include the constant monitoring of potential threats and the ability to adapt to maintain the appropriate level of security and safety.”

Some organizations have a protective intelligence group that uses digital tools such as machine learning or artificial intelligence to comb through online comments to detect threats not only on social media platforms such as X but also on the dark web, says Komendat. They look for what’s being said about the company, its employees, and its leadership to uncover risks.

“There are always threats directed towards senior leaders at companies. Many of them are not credible,” Komendat said. “The question always is trying to determine what is a real threat vs. what is someone just venting with no intent to take any additional action.”

But while corporate security concerns are increasing, security measures are not ubiquitous. Less than a quarter of S&P 500 companies provided home or personal security as a financial perk to their CEO in 2023, according to WTW, a risk management consultancy. Only 16% provided such services to top executives other than the CEO. Such disclosures only concern security outside the workplace.

Thompson, for instance, was also a top executive of UnitedHealthcare’s parent corporation, UnitedHealth Group, and received pay valued at $10.2 million last year. The company didn’t report paying any fees for personal security for its executives — benefits that have to be disclosed if they exceed $10,000 — in securities filings going back to 2018.

Some security consultants said that having a professional protecting Thompson might have made a difference, pointing out that they might have taken a more circuitous route to the hotel or swept the area beforehand to see if anyone was loitering.

“If there was a detail on the gentleman, I think it certainly could have been avoided,” said A.J. Caro, CEO of Arrow Security, which provides security guard services to hospitals, schools, and various businesses.

Still, many executives chafe at protection and feel they’re not in danger. More than just having a security specialist present, executives need one they can confide in about things happening in their personal lives that could make them a target, too, said Manny Mounouchos, founder and CEO of Avante, a Toronto-based security firm that provides executive protection globally.

Wackrow, the former Secret Service agent, said that Thompson’s shooting may mark the beginning of lasting change in corporate security.

It “was really the first time that many corporate leaders actually saw the manifestation of a threat into physical, targeted violence,” he said. “It played out right before their eyes. I think that for a lot of corporate leaders, that rattled them.”

The Associated Press contributed to this article.