UnitedHealthcare CEO Shot and Killed in Manhattan
UnitedHealthcare CEO Brian Thompson, 50, was shot and killed Wednesday morning in what appears to be a targeted attack outside a Manhattan hotel where the health insurance company was holding an investor conference in New York City.
The Security Management team will continue to add information to this article as the investigation continues.
What We Know So Far
Updated 12 December
Law enforcement officials have arrested a suspect in the killing of Brian Thompson. Read more about the suspect and the arrest in Security Management's coverage from earlier this week here.
Updated 11:00 a.m. 5 December
The investigation into the killing of UnitedHealthcare CEO Brian Thompson continues. Police are using video surveillance cameras throughout Manhattan to map out the gunman’s path to and away from the shooting. Cameras from inside a Starbucks two blocks from the crime scene captured the gunman’s partially hidden face when he visited shortly before the attack. Police have released at least five images of the suspect so far.
The gunman was lurking on the other side of the street as Thompson walked up to the Hilton Midtown, then the attacker crossed the street to open fire. Police found a cell phone and a bottle of water that may have been dropped by the shooter as he ran from the scene.
Law enforcement officials said shell casings collected after the shooting appear to have been inscribed with words including “delay” and “depose,” which are possible references to ways health insurance companies try to avoid paying patients’ claims, according to The New York Times’ ongoing coverage.
Meanwhile, corporations and healthcare providers have been ramping up their personal protection for top executives following the shooting, CNN reported.
“The tragic shooting of the UnitedHealthcare CEO underscores the increasing threats faced by corporate leaders today,” Jonathan Wackrow tells Security Management. Wackrow is senior managing director and COO of Teneo Risk. “CEOs and high-profile executives are not only the faces of their organizations; this visibility inherently increases their risk, making them attractive targets for those with malicious intent. In an interconnected world, threats to executives are multifaceted. Physical dangers such as assaults, active shooters, and kidnapping attempts are compounded by digital risks, including the exposure of personal information and the proliferation of fake social media accounts that amplify threats. Additionally, ideological and political motivations further heighten these risks, as executives can become symbolic focal points for protests or attacks tied to corporate actions or affiliations.”
4 December
At 6:45 a.m. on 4 December, Thompson was walking alone to the New York Hilton Midtown from a nearby hotel when a gunman—who had been “lying in wait for several minutes”—approached him from behind and opened fire, killing the CEO, said New York City Police Commissioner Jessica Tisch. The attacker ignored other passersby while waiting for Thompson to arrive.
The shooter fled the scene down an alleyway and then pedaled a rental e-bike into Central Park several blocks away from the hotel. The shooter is still at large, and a manhunt is underway.
Thompson was shot at least once in the back and once in the calf, police said. The shooter’s stance and proficiency in clearing a jam in the pistol suggest he has experience with firearms, said NYPD Chief of Detectives Joseph Kenny in a press conference.
Kenny refused to confirm if a silencer was used on the shooter’s firearm as was previously speculated. He did confirm, however, that Thompson did not have a security detail with him while walking to the Hilton Midtown.
Police have offered a reward of up to $10,000 for information leading to an arrest and conviction. The NYPD released video surveillance images of the shooter online.
UnitedHealthcare’s parent company, UnitedHealth Group, closed its investor conference early, shortly after employees heard about the attack.
“We are deeply saddened and shocked at the passing of our dear friend and colleague Brian Thompson, the CEO of UnitedHealthcare,” the company said in a statement. “Brian was a highly respected colleague and friend to all who worked with him. We are working closely with the New York Police Department and ask for your patience and understanding during this difficult time. Our hearts go out to Brian’s family and all who were close to him.”
What This Means for Security
Targeted violence incidents against Fortune 500 executives are rare, but threats against high-profile executives and business figures are much more common.
“Targeted threats against high-level executives, particularly CEOs of high-profile companies, are not daily occurrences but happen frequently enough to warrant continuous vigilance,” says Harry Arruda, CEO of risk management firm and executive protection provider Cooke & Associates Inc. “Executives face threats based on their visibility, prominence, decision-making roles, and personal wealth.”
He adds that “data shows a rising frequency of incidents linked to broader societal factors, including polarization, activism, and the accessibility of personal information online.”
Wednesday's shooting is likely to be a watershed moment for executive protection (EP) for private organizations, says Fred Burton, executive director, protective intelligence, at Ontic.
Most of the CEOs Burton has worked with during more than 40 years in security have rebuffed traditional close protection models, thinking that they are either unnecessary, bad for business, or undercut their reputation. More discrete countersurveillance models—shadowing the executive in plainclothes, threat monitoring—are more popular, but many executives still deny that they are at risk or that they might have enemies, he says.
Thompson had recently received several threats, law enforcement officials said, although it is currently unclear how those threats factored into his personal security. Healthcare executives often receive threats because of the nature of their work, The New York Times reported.
“The one thing that I’ve learned in this business… is that tragedy forces change,” Burton says. “And it usually takes tragedy for security protocols to change.”
Arruda adds that the attack on Thompson “underscores the inherent vulnerabilities faced by executives during transitions, particularly at high-profile events like investor conferences. These transitions—such as arrivals and departures—pose significant risks due to public exposure, predictable movements, and limited control over the environment. This incident highlights the necessity for enhanced planning and adaptable strategies to mitigate both premeditated and opportunistic threats.”
The attack could potentially shake up perceptions about threats in healthcare security overall, especially since most healthcare organizations’ executives don’t consider adding close protection until there’s a credible threat against them, says Drew Neckar, CPP, principal consultant for COSECURE Enterprise Risk Solutions and a former healthcare security executive.
Many healthcare professionals may categorize UnitedHealth as an insurer rather than part of the healthcare ecosystem, but they share a lot of the same concerns and issues that trigger threats and malicious action, Neckar says. Although the unknowns far outweigh the knowns about the Thompson shooting at the moment, it’s still a particularly noteworthy and rare event for a healthcare industry executive to be targeted and attacked. Neckar couldn’t find any other significant incidents of a U.S. executive in this sector being targeted and shot in the past 24 years.
“Frankly, in the healthcare space, it’s much more common for the direct caregivers to be targeted by people with a grievance—people with a family member who died, people who feel that they’ve been denied care, people who haven’t been prescribed the medication they want,” Neckar says. “Close to 20 percent of the shootings that have occurred in the healthcare sector in the past 20 years are of physicians, nurses, and direct caregivers who have been targeted by patients or family members. But it’s not that often that the executives are front and center.”
Threat Assessments for CEOs
EP decisions should be predicated by holistic threat assessments, according to the ASIS International Protection of Assets (POA) manual on personnel security.
“The purpose and approaches to assessing the threats, vulnerabilities, and risk of a principal have certain nuances,” according to the manual. “Unlike assessments on static facilities, risk assessments in the protective environment consider the specific principal’s risk as a result of career, public image, lifestyle, current position, and status, as well as family history. The scope of assessment may extend to include not just the principal but the impact the entity they represent (faith-based group, corporation, etc.) has on their risk.”
CEO protection should be predicated on this baseline threat assessment, with security teams considering a variety of elements (company incidents, known threats, disgruntled employees, internal protocols, publicized events) and revising it on a regular basis to include persons of interest and controversial issues or social elements, Burton says.
The POA recommended that security and EP leaders analyze executives’ risk based on the individual’s organizational position, access to and level of exposure among potential adversaries, access to wealth or other lifestyle attributes, publicity, and travel practices. Not all executives will face the same risk and require the same level of protection.
An EP risk analysis should answer:
- Who would want to harm the executive?
- How are adversaries gaining information about the executive?
- What is the current likelihood of the various identified threats?
- Does the executive desire, require, and accept protection during the workday? Only when traveling? Twenty-four hours a day?
In addition, if a company makes news because of a high-profile issue or incident—such as a data breach or a lawsuit—threats can change.
“High visibility tied to contentious events amplifies threats due to public scrutiny, reputational fallout, and heightened adversary motivation,” Arruda says.
In these cases, executives can be “symbols of accountability, often targeted for blame, retaliation, or extortion related to the incident,” he says, and media coverage of the incident can amplify executives’ personal visibility, “turning them into focal points for public frustration or revenge.”
As the POA noted, “A key feature of risk assessments is that they do not last. The level of risk shifts often, so risk assessments must be performed on a recurring basis.”
It is also easier than ever before to obtain information about executives that individuals could use to monitor their movements or plot an attack. This includes where they live, who their family members are, and locations they may frequent when not at work.
“I can find out an enormous amount of information about almost all Fortune 1000 C-suite leaders, and it's not hard to track them down if they speak or go to a conference,” says Dale Buckner, CEO of duty of care provider Global Guardian.
Following Wednesday's shooting, Buckner adds that there will be renewed efforts by boards to enhance protection of C-suite members, even if executives are resistant to the idea of an executive protection detail.
CEOs will sometimes say “' I live under the radar, I'm not flashy, I don't run around in Maseratis and make a big spectacle of myself. People don't know who I am when I walk in the restaurant,'” Buckner says.
But boards are trying to protect corporate assets, and that includes the people that are the company's leaders.
“What we're seeing in the executive protection space is an ever increasing demand based on board directed security of their C-suite to increase the protection C-suite, because boards are realizing that the world can find out about you,” Buckner continues. “They can track you, they can figure out your lifestyle, and you're an easy target.”
“It doesn't matter what industry you're in, it doesn't,” Buckner says. "If you're a leader and you make decisions, you can disenfranchise people, therefore you can increase a threat to you, therefore you're increasing a threat to the company. That's the linkage, or the nesting from the board down to identifying that these threats can be real, whether you believe that you're a target or not.”
Security Advances
Hotel entrances and lobbies are notoriously difficult places to secure, since they are designed to be open to the public and to be comfortable for guests to linger in for long periods, Burton says. But a well-trained security professional should be able to conduct an effective advance and monitor for potential threats ahead of a principal’s arrival.
“If you had good countersurveillance ahead of time or good advance work, would you have picked this guy out—the shooter—ahead of time?” Burton asks. “In all probability, yes.”
“It’s hard to ‘lurk’ when you have something like this planned without giving off signals,” he adds. “Having said that, you have to have a security officer there who is trained to look for those types of people.”
Advances consist of three elements: the pre-advance, trip advance, and site advance, says Chuck Tobin, CTM, president of AT-RISK International LLC and president of the International Protective Security Board (IPSB).
“The pre-advance is conducted prior to physically visiting the location,” Tobin tells Security Management. “It includes research conducted by the security team to understand the risks posed during the trip. It may include a review of persons of interest located in proximity to the principal’s travel as well as though that may travel to the event. Overall security risks considerations are reviewed as well as the detailed itinerary. The pre-advance is pretty complex, but it should catch persons of interest, plan arrivals and departures, solidify security strategies, etc.
“The trip advance is conducted by the advance agent/team prior to the principals travel to get eyes on all destinations, routes, and finalize planning for any rooming, evacuation, and shelter in place strategies,” he continues. Multiple advances may be conducted depending on the scope of the event.
“The site advance is performed by an advance agent during the actual movement of the principal,” Tobin concludes. “An advance agent during this phase of the movement would arrive prior to the principal at each location. They would verify the security conditions and confirm arrival details. Once the package arrives, the advance agent would likely hop on to the next location. They certainly would have noticed someone lingering in proximity to the hotel.”
“This incident serves as a stark reminder of the critical need for proactive and comprehensive security planning for high-profile executives,” Arruda says. “By addressing vulnerabilities such as time and place predictability, operational gaps, and risks inherent in high-profile events, organizations can better safeguard their leaders. Implementing solutions like route flexibility, counter-surveillance, and real-time intelligence integration can significantly reduce exposure and enhance overall security effectiveness.”
Executive Protection Resources
For more information about executive and close protection, check out these resources from ASIS International and our partners across the industry.
ASIS International Resources
ASIS International has a robust set of resources and educational tools for security professionals across all fields, including executive protection.
- Essentials of Executive Protection Certificate Program
- Executive Protection Community (ASIS members only)
- Protection of Assets manuals, particularly the volume on personnel
- ASIS Webinars
ASIS International is also developing a new standard on executive protection, expected by the end of 2025. The sector-agnostic standard aims to provide minimum criteria for the development, implementation, operation, and maintenance of an effective executive protection (EP) program utilizing industry accepted risk management principles. It will provide guidance for the assessment of threats, vulnerabilities, and risks to the protected person(s), the identification and justification of protective services, and delivery of support based on industry-driven guidance. Read more about ASIS Standards and Guidelines here.
International Protective Security Board (IPSB)
ASIS International and the IPSB signed a Memorandum of Understanding last month to promote collaboration and information-sharing. Read more about the MOU here.
Read peer-reviewed research and articles from the field of close protection in the IPSB’s Close Protection and Security Journal.
Security Management Coverage
Security Management covers a wide variety of security topics, including close protection and threat assessments. We have collected a few related articles below for additional insights:
- Building a Methodology for Proactive Close Protection
- When Second Homes are a Primary Concern
- Modernizing Your Approach to Executive Digital Risk Management
- Executive Protection in the Age of Technology: Addressing the Risks
- How to Improve Your Situational Awareness