Cyber risk rises as a commercial health threat

S&P Global Ratings sees commercial group health insurance as a relatively calm segment of the U.S. insurance market, with specialty drug costs being the top focus of conversation and cyberattacks rising as an emerging threat.

Health insurance analysts in New York this week for the rating agency’s latest insurance conference said they have a stable view of the U.S. health insurance market overall.

They view commercial group health insurance as being especially steady, without the kind of government funding pressure roiling the Medicare plan or the coverage eligibility rule changes hitting Medicaid plan enrollment.

When S&P is talking to insurers about the commercial group sector, one topic that comes up in everyday conversation is the high cost of covering the new GLP-1 drugs for the treatment of obesity, according to Francesca Mannarino, an S&P Global Associate director.

Insurers are also talking about the increased use of behavioral health services, Mannarino said.

Medicare plan issuers have reported facing an overall spike in the use of health care. In the commercial group sector, reports about higher utilization are cropping up at regional plans in some parts of the country but not in others, Mannarino said.

Cyber

S&P released its U.S. health insurance market view report for 2024 at the end of January. One concern missing on the list of top risks for both the market as a whole and the commercial group sector is ransomware attacks and other cyberattacks.

Less than a month later, hackers got into the systems at UnitedHealth’s Charge Healthcare health data services subsidiary and disrupted U.S. health care delivery and claim processing operations.

Related: UnitedHealth CEO grilled by Senate panel for cybersecurity failings in massive hack

“Cyber risks have become very apparent,” Mannarino said. “It’s something we’re continuing to monitor.”

At this point, however, S&P addresses cyber risk through its relationship with other factors the analysts consider, such as earnings, she said.

S&P is also including cyber security expertise as part of assessing governance at all companies it rates.