Top Risks Facing Healthcare Organizations

U.S. healthcare services expenditures grew to $4.3 trillion in 2021, representing 18.3 percent of the country’s economy — which averages out to $12,900 per person. Expenditures are projected to grow to $7.2 trillion by 2031.

In the meantime, hospitals face mounting financial losses as workforce expenditures continue to rise. Wages and benefits are hospitals’ largest expense, accounting for 56 percent of spending on average. Additionally, the proportion of the population aged 65 and over continues to increase (to almost one in five in 2023), causing Medicare costs to rise and adding to the care burden for healthcare providers. The sector also faces increased costs due to federal healthcare reforms and must continually adjust to a complex and changing regulatory environment. Furthermore, the increased frequency of aberration verdicts and the overall rising cost of litigation create strain on already limited financial resources.

Although healthcare providers are expected to benefit from technological innovation and digitalization — influencing everything from administration to supply chain to patient care — the impact of these investments on costs is uncertain. Due in part to the coming wave of digitalization, the number of entities operating in the sector is expected to increase over the next five years despite continued industry consolidation.

Current Risks

From 2021 to 2023, cyber attack or data breach rose from the number two risk to the number one risk for the healthcare sector. Healthcare organizations have distinct cyber risk profiles because they are subject to regulation; they transmit and store extensive personally identifiable information and protected health information; they widely use digital devices and networked systems; and they rely heavily on outsourced service providers, such as payment processors and test processing laboratories.

Top 10 Current Risks

1. Cyber Attack or Data Breach
2. Workforce Shortage
3. Failure to Attract or Retain Top Talent
4. Regulatory or Legislative Changes
5. Rising Healthcare Costs
6. Damage to Brand or Reputation
7. Increasing Competition
8. Pandemic Risk and Health Crises
9. Tech or System Failure
10. Failure to Innovate or Meet Customer Needs

The number of U.S. patients whose healthcare data was exposed to a data breach more than doubled, from 37 million to 87 million, from 2022 to 2023. Globally, healthcare organizations averaged 1,463 cyber attacks per week in 2022, up 74 percent from 2021. At the same time, many healthcare providers are adopting advanced technologies such as virtual reality, robotics and artificial intelligence (AI). Although they can be highly effective in helping to control costs, reduce staff burnout and improve training, patient engagement and clinical decision making, these technologies also compound cyber exposure.

Two interrelated risks, workforce shortage and failure to attract or retain top talent, ranked second and third, respectively, in 2023, compared to number one and number five in 2021. Healthcare providers continue to struggle to attract and retain nurses and other health professionals in a wide range of clinical and support roles. As a stopgap measure to address the urgent shortage, which was exacerbated by the COVID-19 pandemic, many employers have been relying on short-term contract workers (so-called travelers) attracted by higher wages. However, according to a recent report, 86 percent of surveyed clinicians who have been on long- and short-term “travel” contracts reported being more willing to explore permanent employment in 2023, with 46 percent indicating they already had plans to return to permanent employment. This is a significantly higher number than in 2022, when only 55 percent reported they were considering the switch to permanent positions.

Additionally, new research on workforce burnout found the prevalence of burnout among U.S. physicians was 63 percent in 2021, compared with 46 percent in 2011. Likewise, nurses report persistently high levels of burnout, due to high nurse-to-patient ratios and excessive administrative tasks, among other reasons. Elevated levels of burnout have caused more nurses to leave the profession, further exacerbating workforce shortages, which in turn adversely affects patient care, increases medical errors and raises safety concerns that could reduce recovery and even survival rates. In Aon’s 2023 Benefits Survey of Hospitals, 89 percent of health systems reported mental health as a major concern.

Rising healthcare costs risk jumped from number eight in 2021 to number five in 2023. Low unemployment means more workers have access to employer-sponsored benefits; however, the cost of those benefits is rising for employers and employees alike. Among all consumers, the average annual cost for healthcare is projected to be $7,221 in 2023, increasing from $6,813 last year. About half of the average person’s healthcare expenses are for inpatient and outpatient hospital services, which the Milliman Medical Index projects will increase 4.2 percent in 2023 due to higher utilization and inflation.

Medical-malpractice-related costs are also significant for healthcare delivery organizations, accounting for about $60 billion (or 2 to 3 percent of total costs), excluding costs incurred through defensive medicine, such as additional tests and treatments, to avoid lawsuits. Healthcare organizations have an imperative to reduce medical errors, which recently ranked as the number three cause of death in the U.S. (behind heart disease and cancer). Given the effect of social and economic inflation on the value of demands and ultimate settlement and judgment amounts, healthcare organizations can face an even higher level of liabilities, despite continued focus on quality and safety.

Underrated Risks

AI, including generative AI, is on the rise as healthcare organizations expand efforts to evaluate and implement AI solutions in operational and clinical functions. Four common reasons for AI failure include functional errors, software rot (slowly deteriorating software quality over time), unexplained programming glitches and human error. Inaccurate data coding and the ability to alter AI algorithms are additional risks that can produce “hallucinations” in data, which can then be misinterpreted, leading to negative outcomes that can be measured only after they have been established as trends.

Although disruptive technologies didn’t make the top 10 risk list in 2023, they have shifted the competitive landscape in healthcare, challenging senior leaders to respond and compliance and risk management functions to keep up with the extent and pace of change.

Future Risks

Increasing competition and failure to innovate or meet customer needs are two risks that will climb in the future. The rising prevalence of telehealth and other ambulatory-care provisions is expanding care access and garnering substantial cost savings for healthcare providers. Although hospitals will remain central to care delivery, higher-margin, alternative care models are growing fast. For example, the market for ambulatory surgical centers is estimated to grow by $23.18 billion between 2022 and 2027, a CAGR of 5.81 percent, with half of that growth coming from North America.

Top 10 Future Risks

1. Cyber Attack or Data Breach
2. Workforce Shortage
3. Failure to Attract or Retain Top Talent
4. Regulatory or Legislative Changes
5. Rising Healthcare Costs
6. Increasing Competition
7. Failure to Innovate or Meet Customer Needs
8. Aging Workforce and Related Health Issues
9. Economic Slowdown or Slow Recovery
10. Business Interruption

The risks of workforce shortage and failure to attract or retain top talent ranked second and third, respectively. An associated risk, aging workforce and related health issues (an underrated risk that does not make the top 10 in 2023), is ranked ninth in the future. The number of adults aged 65 and older, both overall and as a percentage of the workforce, has steadily increased over the past 20 years. As this sizable demographic continues to increase, demand for skilled nursing facilities and in-home care will increase accordingly. Higher demand for elder care and higher-acuity patients combined with staff shortages and an aging healthcare workforce could escalate the risk of work-related musculoskeletal injuries and time away from work.

Proactive healthcare organizations are increasing risk mitigation efforts with a focus on targeted health and wellness programs to bolster the health of an aging workforce, workplace accommodations and better post-injury treatments and return-to-work efforts.

How Can Healthcare Organizations Mitigate These Risks Effectively?

To address accelerating cyber risk in an increasingly punitive legal and regulatory environment — one with more and more frequent contractual insurance requirements specifying cyber liability — healthcare organizations can take steps to ensure they have robust and sufficient coverage. They can also explore options for transferring risk, beyond insurance. For example, some exposures can be transferred contractually when outsourcing services. Additionally, the marketplace is evolving for loss control resources, data breach coaches, dedicated claims resources and preapproved panels of vendors and service providers to address each element of breach response. Many hard lessons have been learned from the debilitating effect of recent ransomware attacks on hospitals, and the key takeaway has been that resilience, redundancy, preparation and advance planning are crucial elements.

In response, boards and insurers are requiring organizations to share more information on the risk and impact of cyber events. As a result, we are seeing a substantial increase in demand for cyber impact analysis and modeling capabilities.

To confront the workforce shortage and attract and retain top talent, it is imperative for employers to take steps to ensure that they are meeting workers’ expectations and needs, including fostering a safe work environment, rewarding careers and advancement opportunities, scheduling flexibility and competitive compensation and benefits. In Aon’s 2023 Benefits Survey of Hospitals, 77 percent stated they offer remote and hybrid work models in an effort to address recruitment and retention challenges.

General Disclaimer
This document is not intended to address any specific situation or to provide legal, regulatory, financial, or other advice. While care has been taken in the production of this document, Aon does not warrant, represent, or guarantee the accuracy, adequacy, completeness or fitness for any purpose of the document or any part of it and can accept no liability for any loss caused by reliance on it. Any recipient shall be responsible for the use to which it puts this document. This document has been compiled using information available to us up to its date of publication and is subject to any qualifications made in the document.