5. The Rise of ESG in Healthcare Private Equity BY RYAN THOMAS & SEHRISH SIDDIQUI
PE firms are under increasing pressure from their limited partners to integrate environmental, social and governance (ESG) matters into their operations and investment practices at the fund and the portfolio company level. What was initially a priority for public companies in 2022 picked up momentum and became entrenched and here to stay for PE funds with institutional investors. Many funds now employ dedicated ESG specialists within their management companies to support these efforts and related limited partners (LP) communications and reporting. 2023 should only see increased adoption of ESG practices and initiatives throughout the PE community. Healthcare-focused PE funds are no exception and should expect to see investor pressure soon, if not already, and should consider expanding their ESG capabilities and practices in 2023. ESG priorities for healthcare investors in 2023 could include the following: • Enhance ESG-related diligence policies and procedures (in coordination with outside lawyers and advisors). • Track KPIs and implementing common policies at the portfolio level. • Focus on key ESG-related LP priorities such as diversity initiatives at board and portfolio company levels.
• Reduce the carbon footprint at the portfolio level. • Concentrate on employee retention and wellness.
• Consider how to positively impact the community and regional economic development. For those healthcare services companies in particular that include multi-location and jurisdiction PPM organizations and that have a broad reach across numerous local communities, these focused efforts could have a tangible impact if coordinated at the management level and benefit the many geographies serviced by the larger organization. PE funds with a developed internal ESG function and expertise should be best positioned to lead the market in these efforts and, ideally, garner the attention of the LPs with these priorities in 2023 and beyond. 6. Cyber Security & Ransomware Attacks BY BOB BREWER Cybersecurity threats that affect PE firms and their portfolio companies and targets continue to evolve rapidly. Unfortunately for PE firms, more sophisticated attacks – such as ransomware, critical third-party vendor outages, and supply chain attacks – can materially disrupt the operations of portfolio companies, ruin a portfolio company’s relationships, and ultimately result in significant reputational and value downside. Concurrently, a continuous stream of new regulatory requirements and data privacy protection statutes are being promulgated that squarely impact PE firms and portfolio companies. • The highest data breach percentages U.S. healthcare companies ever experienced were during the beginning of the pandemic. With a looming recession and geopolitics, indications are 2023 will be worse than the outset of the pandemic. • Ransomware attacks now account for most healthcare data breaches and have quadrupled. This trend is likely to continue in 2023. Threat actors are more focused on both shutting down systems for ransom and exfiltrating data to sell it back multiple times to the data owner. • Data from the U.S. Department of Health & Human Services (HHS) indicates a shift away from attacks on large hospital systems and payers to smaller providers and third-party vendors. We anticipate attackers to continue to focus on the types of companies PE firms invest in, like smaller and mid-sized healthcare entities and third-party vendors.
4 | BASS, BERRY & SIMS
Powered by FlippingBook