/ en Wed, 30 Apr 2025 03:38:01 -0500 Tue, 29 Apr 25 08:43:21 -0500 /cybersecurity <p>AHA can help hospitals and health systems prepare for and mitigate cyber threats with John Riggi, a recognized expert, as a powerful resource.</p> Thu, 01 Feb 2024 09:32:19 -0600 Cybersecurity /cybersecurity-government-intelligence-reports/2022-12-13-tlp-white-nsa-apt5-citrix-adc-threat-hunting-guidance-december-2022 <h2>Executive summary</h2><p>APT5 has demonstrated capabilities against Citrix® Application Delivery Controller™ (ADC™) deployments (“Citrix ADCs”). Targeting Citrix ADCs can facilitate illegitimate access to targeted organizations by bypassing normal authentication controls. As such, NSA, in collaboration with partners, has developed this threat hunting guidance to provide steps organizations can take to look for possible artifacts of this type of activity. Please note that this guidance does not represent all techniques, tactics, or procedures (TTPs) the actors may use when targeting these environments. This activity has been attributed to APT5, also known as UNC2630 and MANGANESE.</p><h2>Introduction</h2><p>NSA recommends organizations hosting Citrix ADC environments take the following steps as part of their investigation. Treat these detection mechanisms as independent ways of identifying potentially malicious activity on impacted systems. Artifacts may vary based on the environment and the stage of that activity. As such, NSA recommends investigating any positive result even if other detections return no findings.</p> Tue, 13 Dec 2022 11:06:06 -0600 Cybersecurity /news/headline/2025-04-29-nsa-report-includes-recommendations-ot-device-security <p>The National Security Agency April 23 released a <a href="https://media.defense.gov/2025/Apr/22/2003695617/-1/-1/0/CTR-OTAP-SMART-CONTROLLER-SECURITY-IN-NSS.PDF" target="_blank">report </a>on operational technology systems that includes recommendations for security policies and technical requirements for devices installed in national security systems. The report said that although it is tailored to NSS OT cybersecurity, those in the public and private sector can also use their OT devices to meet the outlined requirements to improve their cybersecurity infrastructure.  </p><p>“Network and internet-connected OT devices are ubiquitous in health care too — everything from building automation systems to badge readers on doors and life-safety systems,” said Scott Gee, AHA deputy national advisor for cybersecurity and risk. “We — as a sector — need to pay close attention to OT security as well.”  </p><p>For more information on this or other cyber and risk issues, contact Gee at <a href="mailto:sgee@aha.org" target="_blank">sgee@aha.org</a>. For the latest cyber and risk resources and threat intelligence, visit <a href="/cybersecurity" target="_blank">aha.org/cybersecurity</a>. </p> Tue, 29 Apr 2025 08:43:21 -0500 Cybersecurity <div class="container row"><div class="row"><div class="col-md-8"><p>The information provided in the report is pulled from threat actor data leak sites ‘as is,’ meaning, it is shared as it has been posted by the threat group. They have been known to make mistakes, have typos, mis-name victims, or use other language aside from the victim name. The report shares the information ‘as is’ and neither the source of the report, nor our team, goes to the individual sites to verify the information, though it can be (and we sometimes do) cross-referenced with other reporting sources. Neither the originator of the report, nor our team, is in direct discussion w/ the threat actors. There are cyber threat intelligence firms that do engage in cybercrime forums and can provide additional perspectives of victims and ongoing discussions occurring in those forums.</p><div class="col-md-4"><div><p><strong>For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:</strong></p><h3><a href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf">John Riggi</a></h3><h4>National Advisor for Cybersecurity and Risk, AHA</h4><h4><a href="mailto:jriggi@aha.org?subject=Cybersecurity and Risk Advisory Services Query">jriggi@aha.org</a></h4><h4>(O) <a href="tel:1-202-626-2272">+1 202 626 2272</a></h4><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf" target="_blank">More on John Riggi</a></div><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/guidesreports/2018-06-15-cybersecurity-and-risk-advisory-services" target="_blank">Learn more about AHA's Cybersecurity and Risk Advisory Services</a></div></div></div></div></div></div> Mon, 28 Apr 2025 15:45:56 -0500 Cybersecurity <div class="container row"><div class="row"><div class="col-md-8"><div class="container row"><div class="row"><div class="col-md-8"><p><strong><u>Today’s Headlines:</u></strong></p><p><strong>Leading Story</strong></p><ul><li>Patch Released for Critical SAP NetWeaver Vulnerability (CVE-2025-31324)</li></ul><p><strong>Data Breaches & Data Leaks </strong></p><ul><li>Microsoft Defender XDR False Positive Leaked Massive 1,700+ Sensitive Documents to Publish</li></ul><p><strong>Cyber Crimes & Incidents</strong></p><ul><li>Threat Actors Exploit MS-SQL Servers to Deploy Ammyy Admin for Remote Access</li></ul><p><strong>Vulnerabilities & Exploits</strong>  </p><ul><li>Chrome UAF Process Vulnerabilities Actively Exploited</li></ul><p><strong>Trends & Reports</strong></p><ul><li>159 CVEs Exploited in the Wild in Q1 2025, 8.3% Targeted Within 1-Day Vulnerabilities Exploited</li><li>All Major Gen-AI Models Vulnerable to Policy Puppetry Prompt Injection Attack</li></ul><p><strong>Privacy, Legal & Regulatory</strong></p><ul><li>FBI Seeks Help To Unmask Salt Typhoon Threat Actors Behind Telecom Breaches</li></ul><p><strong>Upcoming Health-ISAC Events</strong></p><ul><li>Global Monthly Threat Brief <ul><li>Americas – April 29, 2025, 12:00-01:00 PM ET</li><li>European – April 30, 2025, 03:00-04:00 PM CET</li></ul></li></ul></div><div class="col-md-4"><div><p><strong>For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:</strong></p><h3><a href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf">John Riggi</a></h3><h4>National Advisor for Cybersecurity and Risk, AHA</h4><h4><a href="mailto:jriggi@aha.org?subject=Cybersecurity and Risk Advisory Services Query">jriggi@aha.org</a></h4><h4>(O) <a href="tel:1-202-626-2272">+1 202 626 2272</a></h4><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf" target="_blank">More on John Riggi</a></div><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/guidesreports/2018-06-15-cybersecurity-and-risk-advisory-services" target="_blank">Learn more about AHA's Cybersecurity and Risk Advisory Services</a></div></div></div></div></div></div></div></div> Mon, 28 Apr 2025 14:42:16 -0500 Cybersecurity /news/chairpersons-file/2025-04-28-chair-file-leadership-dialogue-cybersecurity-health-care-john-riggi-ahas-national-advisor <p>Cybersecurity and physical threats are unfortunately significant enterprise risks for health care, regardless of size or location. Every hospital, physician group and medical center is at risk — and this risk puts the people we serve at risk, which is why we must take these threats seriously.</p><p>I welcomed John Riggi, AHA’s National Advisor for Cybersecurity and Risk, to our Leadership Dialogue to have a conversation about planning for and navigating cyber and physical threats. John spent nearly 30 years with the FBI before joining the AHA in 2018.</p><p>John shared three major themes we all must lean into regarding cyber and physical threats. The first is leadership. We must recognize that cyber and physical threats are an enterprise risk issue and put the necessary resources in place to be proactive and prevent these threats from occurring. Second, third parties pose a major risk. It is important to evaluate our third-party risk and put plans in place to minimize the risk as much as possible. Third, prepare, prepare, prepare! Part of preparation is educating leaders and staff and creating partnerships within the organization and in the community to be able to respond and act if and when something happens.</p><p>I hope you find our conversation insightful and strategic. Look for future conversations with health care, business and community leaders on making health better as part of the Chair File in 2025.</p><hr><p></p><p><a href="https://www.youtube.com/watch?v=fHgCZJFQa60" target="_blank" title="Leadership Dialogue Tina Freese Decker with John Riggi">Watch on Youtube.</a></p><hr><div><a href="https://www.youtube.com/watch?v=fHgCZJFQa60" target="_blank" title="Leadership Dialogue Tina Freese Decker with John Riggi"></a></div><div class="raw-html-embed"> <details class="transcript"> <summary> <h2 title="Click here to open/close the transcript."> <span>View Transcript</span><br> </h2> </summary> <p> 00:00:01:01 - 00:00:26:02<br> Tom Haederle<br> Welcome to Advancing Health. Cybersecurity is a risk. And because of that, a priority for all hospitals and health systems. In this Leadership Dialogue, Tina Freese Decker, chair of the ���������� Association, and John Riggi, AHA’s national advisor for Cybersecurity and Risk, discuss planning for cyber attacks, putting protections in place, navigating cyber threats, and rebuilding trust and confidence in the system </p> <p> 00:00:26:04 - 00:00:31:01<br> Tom Haederle<br> when cyber attacks do occur. </p> <p> 00:00:31:04 - 00:01:00:23<br> Tina Freese Decker<br> Hello, and thank you so much for joining us today. I'm Tina Freese Decker, president CEO of Corewell Health and the board chair for the ���������� Association. From data breaches to ransomware attacks to outages, cybersecurity affects patient safety and enterprise risk and is increasingly a strategic priority for hospitals and health systems. Planning for cyber attacks and putting the proper protections in place is key to ensuring sustainability, patient privacy and clinical outcomes. </p> <p> 00:01:00:26 - 00:01:34:22<br> Tina Freese Decker<br> So I am so pleased to have the ���������� Association's John Riggi joining me for today's conversation. John is an expert in this field, and he serves as the AHA's first national advisor for cybersecurity and risk. He joined AHA in 2018 after a long, distinguished 30-year career with the FBI. He brings with him tremendous experience in the investigation and disruption of cyber threats, as well as the unique ability to provide informed risk advisory services to hospitals and health systems. </p> <p> 00:01:34:24 - 00:01:41:26<br> Tina Freese Decker<br> So before we jump into the conversation, John, can you just tell me a bit about yourself so that our audience can get to know you a little bit better? </p> <p> 00:01:41:29 - 00:02:08:13<br> John Riggi<br> Thank you, Tina, so much for inviting me here today to discuss these topics, which unfortunately, as you said, top of mind for everyone. So when I ended my 30-year career at the FBI, I still wanted to be in a position to serve. I spent a lifetime doing that, and in my last role at the FBI, my job was to establish mission critical relationships with private sector, with critical infrastructure in the health care sector in particular. </p> <p> 00:02:08:15 - 00:02:29:22<br> John Riggi<br> That's when I had the privilege and honor to be introduced to AHA and Rick Pollack in talking about cyber threats. And that's when I really learned how critical a role that the ���������� Association served for the entire health care sector. I could send over, you know, an immediate urgent alert to the and with a single press of a button </p> <p> 00:02:29:29 - 00:02:56:16<br> John Riggi<br> 5000 plus hospitals received that alert. 50,000 executives received it. So I understood at that point we needed to engage in that continuing relationship. And when I retired, fortunately for me, Rick Pollack in the team said, John, you know, we've been listening to you and we think cyber will be an emerging threat, going forward. Unfortunately, none of us realized how significant a threat it would be. </p> <p> 00:02:56:19 - 00:03:00:12<br> John Riggi<br> And so, again, my privilege and honor to be here with you today. </p> <p> 00:03:00:14 - 00:03:22:21<br> Tina Freese Decker<br> Well, we are privileged and blessed that you are part of the ���������� Association team, and you're helping us navigate so many of these issues that come forward. Let's start with kind of one of the underlying questions that I have. We've seen all these cyber and physical threats that have targeted hospitals and health systems. How have they evolved over the last, let's say, 7 to 8 years? </p> <p> 00:03:22:24 - 00:03:58:21<br> John Riggi<br> Yeah, unfortunately they've increased pretty dramatically. So not only are they increased in frequency, but also in complexity and severity of impact. So on the cyber front, we have seen a, for instance, in hacking of patient health information. In 2020, it was about 450 hacks impacting 27 million individuals, not inconsequential. Last year, last year with the Change Healthcare attack, we had 259 million Americans had their health care records stolen or compromised by foreign bad guys, by foreign bad guys. </p> <p> 00:03:58:27 - 00:04:24:17<br> John Riggi<br> If we add up the numbers, just since 2020, over 500 million Americans have had their health care records compromised or stolen. So, John, wait a minute. There's only 330 million Americans. That's the population. Meaning that every American in this country has had their health care records compromised more than once. But what really concerns us are the dramatic increase in ransomware attacks, which are often accompanied by data theft attacks. </p> <p> 00:04:24:19 - 00:04:51:12<br> John Riggi<br> So these bad guys, primarily Russian speaking, believed to be provided safe harbor by the Russian government primarily but not exclusively Russian, have increased these attacks so that the impact really is not only disablement of technology, internal networks get shut down, data gets encrypted, organizations are forced to disconnect from the internet has a very, very dramatic impact on care delivery. </p> <p> 00:04:51:15 - 00:05:18:21<br> John Riggi<br> So this resulting disruption, delay to care delivery and ultimately posing a serious risk to patient care and safety, not only for the patients in the hospital, but for the entire communities that depend on the availability of their nearest emergency department for life saving care, radiation oncology, so forth. So we've seen that evolve again very significantly, and one of the reasons I think it's evolved so dramatically. </p> <p> 00:05:18:23 - 00:05:30:21<br> John Riggi<br> Geopolitics is part of that. But I think on a very base level, we as a sector depend more and more on network and internet connected technology and data. </p> <p> 00:05:30:24 - 00:05:56:13<br> Tina Freese Decker<br> Very true. You know, I did a podcast earlier this year about trust and rebuilding confidence and trust and having that public trust in health care systems and hospitals. And when you have a cyber attack or an act of violence that targets hospitals, health systems, it impacts patients, like you said, it impacts staff and our communities. How can we go about building that trust and regaining that confidence when we have these instances occur? </p> <p> 00:05:56:15 - 00:06:06:23<br> Tina Freese Decker<br> And do you have some examples of stories or insights organizations have used that have helped them navigate those cyber threats and build that public trust? </p> <p> 00:06:06:26 - 00:06:32:07<br> John Riggi<br> Great question, Tina. And also on the on the violence side, unfortunately, as I wanted to mention as well, that's increased pretty dramatically to set the stage there. I was shocked, as a former law enforcement officer, to find out nurses are the second most assaulted profession outside of law enforcement. And, you know, we expect it as law enforcement officers to be engaged, confrontational engagements. </p> <p> 00:06:32:07 - 00:06:37:09<br> John Riggi<br> You're making arrests, but nurses who just want to deliver care to help people? Shocking. </p> <p> 00:06:37:09 - 00:06:38:19<br> Tina Freese Decker<br> It's sad and unacceptable. </p> <p> 00:06:38:23 - 00:06:58:27<br> John Riggi<br> Agree, totally. So I think how do we how do we get that trust in the community? I think one - and I think we've done a fantastic job with your leadership and the AHA - acknowledge the risk, acknowledge the threat. Let's not hide it. Let's not pretend it's not there. But then to take real steps to prepare and help mitigate the impact of these threats. </p> <p> 00:06:59:00 - 00:07:25:01<br> John Riggi<br> So now we see, on the cyber side, hospitals are actively working to develop better downtime procedures, better backup systems to help shorten the length of the impact and help recover more quickly. And work with the federal government. Exchange threat information across the sector with our partners in other sectors. And really understand if we're attacked, this isn't a stigma. </p> <p> 00:07:25:02 - 00:07:51:18<br> John Riggi<br> This isn't something that an organization failed to do. We're all in this together. And on the physical side, we're working very closely with the FBI to help develop resources to help identify and mitigate targeted acts of violence directed toward health care organizations. But most importantly, our frontline health care heroes, our frontline health care workers. And again, working with the community, this is all partnership with the community as well. </p> <p> 00:07:51:20 - 00:08:08:05<br> Tina Freese Decker<br> So I'm sure you have a top ten list of things that we could do to prevent these attacks. But if you could share the top three things that we should do to prevent these attacks and how we can be resilient. And when I say attacks, I'm talking cyber and physical. We have limited time, we have limited resources. </p> <p> 00:08:08:05 - 00:08:10:19<br> Tina Freese Decker<br> But what is the most important things that we should be doing? </p> <p> 00:08:10:22 - 00:08:36:21<br> John Riggi<br> I think the overarching umbrella that all the others follow under is leadership. And really looking at these risks, acknowledging them and ensuring that both cyber and physical risks are treated as an enterprise risk issue. And then within that, on the cyber side, making sure on the defensive side that you're following well known, well-established, recognized cyber frameworks, making sure you start there. </p> <p> 00:08:36:24 - 00:09:03:08<br> John Riggi<br> Second, really thinking about third party risk. What we have seen is that a majority, the vast majority of cyber risk, cyber attacks we face come to us through insecure third party service providers. Insecure third party technology and insecure supply chain. Doesn't negate us from our responsibility to do what we can, but we have to understand that. And then the third thing is ultimately prepare. </p> <p> 00:09:03:10 - 00:09:24:08<br> John Riggi<br> We must prepare for the attack. There's an often, I would say, overused expression in the cyber security world. It's not a matter of if, but when. It's true. But I would also change that a little bit about it's not a matter of if you will be attacked. The question is are you prepared? So focusing on resiliency and so forth. </p> <p> 00:09:24:10 - 00:09:55:13<br> John Riggi<br> And then with on the physical side, education of staff, leadership priority, and working with the FBI and local law enforcement to potentially identify ahead of an incident acts of targeted violence directed towards the hospital. And then working together as a community help mitigate and prevent that act. The police always want to respond, can respond after the FBI. But I can tell you from personal experience, we'd rather prevent a crime, prevent an act of violence than respond after the fact. </p> <p> 00:09:55:15 - 00:10:19:15<br> Tina Freese Decker<br> Agree. And I think that developing those relationships with local FBI, with local law enforcement is critical because you to your point, it's not if, but when. But we'd like to be able to prevent all of it. Having those relationships is key. So I know that the AHA has been working very closely with the FBI and some health care systems to exchange that threat intelligence and enhance collaboration across our sector </p> <p> 00:10:19:15 - 00:10:28:21<br> Tina Freese Decker<br> and with federal agencies. Can you share more about that partnership and how it has helped us in identifying and mitigating both physical and cyber threats? </p> <p> 00:10:28:24 - 00:10:51:26<br> John Riggi<br> Great question again, Tina, and thank you for highlighting what we're doing with the FBI. So on the cyber front, we've been actively engaged in cyber threat, information threat intelligence exchange. Both on a very technical level, exchanging what - without getting too technical - threat indicators, malware signatures and so forth, but also identifying big strategic threats that we may face as a sector. </p> <p> 00:10:51:28 - 00:11:19:23<br> John Riggi<br> So, for instance, working with the FBI, we helped identify last year a threat to the blood supply before it was on the government's radar. We helped the government understand that cyber attacks on hospitals are not just data theft crimes. These are truly threat to life crimes. So the federal government actually previously raised the investigative priority level of ransomware attacks on hospitals to equal that of a terrorist attack once they understood what the impact was. </p> <p> 00:11:19:24 - 00:12:00:17<br> John Riggi<br> We are working very closely with the famed Behavioral Analysis Unit of the FBI, the profilers that many books and TV shows and movies have been written about to develop resources to help hospitals identify targeted acts of violence, threats that are pending against hospitals, and again, help intercede, intervene and help prevent those attacks. We have a whole series of resources available on the first ever joint FBI and Joint Health Care Sector webpage. We're about to issue a manual coming out here within the next month or so, based upon, joint work with the FBI in the field on best practices and lessons learned to prevent these acts of violence. </p> <p> 00:12:00:17 - 00:12:06:08<br> John Riggi<br> So we have a robust, almost daily interaction with the FBI and other federal agencies. </p> <p> 00:12:06:10 - 00:12:25:15<br> Tina Freese Decker<br> It's so helpful to know that we have those robust partnerships at the national level, and then we can create it at the local level, and to make sure that we're all in this together to, help protect our patients and the people that we care for in our community. So that's wonderful. My last question for you is just one about how we look forward. </p> <p> 00:12:25:17 - 00:12:38:26<br> Tina Freese Decker<br> Can you tell us what you think about is going to happen in the threat environment for 2025 and maybe into 2026? What are those things we should be watching, looking out for? And is there anything positive that you can see? </p> <p> 00:12:38:29 - 00:13:11:18<br> John Riggi<br> I will let you know there is some hope. Talk about the realistic environment. Then we'll talk about where I see the hope. So first of all, I do believe that the frequency of the attacks may decrease, but I think the bad guys are looking to make a greater impact. We have seen them go after systemically important organizations that serves health care. Change Healthcare, for example. Last year, attacks against the blood supply. The year before they attacked - found vulnerabilities in a commonly used technology and software known as Move It. </p> <p> 00:13:11:21 - 00:13:41:03<br> John Riggi<br> By attacking that software, it gave the bad guys, a Russian ransomware group, were able to gain access to millions and millions of patient records. I do believe geopolitics will have a very significant influence, for better or worse, on the level of cyber threat we face. Depending on how we deal in the outcomes of our negotiations, of our diplomatic efforts with Russia, China, North Korea and Iran has the potential to mitigate or increase the cyber threats that we face. </p> <p> 00:13:41:05 - 00:14:08:19<br> John Riggi<br> And ultimately, again, third party risk, major, major issue. Where do I see the signs of hope? And there are signs of hope, folks. Honestly, I have never seen the sector come together to share threat information to prepare for attacks, best practices, lessons learned not only amongst the sector. We see channels of threat information sharing and best practice across with other critical and sectors, with the federal government. </p> <p> 00:14:08:21 - 00:14:45:26<br> John Riggi<br> We've had victim organizations, CEOs come out publicly. Dr. Leffler from University of Vermont, Chris Van Gorder from Scripps. We've had Eduardo Conrado from the recent attack against Ascension not only come out publicly, but testify before the UN Security Council last November about the impact of this Russian ransomware attack against Ascension. So what I see is hope. The fact we are banding together and with the government and I hope, as we did in the great fight against terror, international terrorism, we will come together in a whole of nation approach to help mitigate that risk. </p> <p> 00:14:46:01 - 00:15:09:17<br> John Riggi<br> Now, Tina, I know I've done a lot of speaking here, and if I may, and with all due respect, I'd like to ask you a question if I could. Tina, in your role, you have very unique dual role. You're CEO of a large health system, and you're also the chair of the ���������� Association board. So how do you think about cyber and physical threats for your own organization </p> <p> 00:15:09:19 - 00:15:11:20<br> John Riggi<br> but on a national level? </p> <p> 00:15:11:22 - 00:15:33:26<br> Tina Freese Decker<br> Well, I believe that cyber and physical threats must be prioritized. It's a strategic risk. We have to understand how we focus on it, and we have to significantly prioritize it and emphasize what we're doing there. Previously, maybe 5 or 10 years ago, it was just thought of as a technical issue. It's not that. It's how we operate. Because like you said, we're so connected, </p> <p> 00:15:33:26 - 00:16:01:07<br> Tina Freese Decker<br> it's critical infrastructure and we must make sure that we are coming together. So for us as an organization, we prioritize our efforts, our investments, our work on it, but also prioritize business assurance. So how do we operate and make sure that everyone understands all the key components and the lessons that you shared on this discussion today, but also when we've had conversations before, how are we making sure that we know those and our teams know those? </p> <p> 00:16:01:09 - 00:16:25:19<br> Tina Freese Decker<br> I think the importance of safeguarding sensitive patient data and ensuring the integrity of our systems cannot be overstated. And that applies for my organization, and that applies for all of our members throughout the ���������� Association. And so I think those are some critical points. As we think about this it is making sure that we are safeguarding sensitive patient data and ensuring the integrity of our systems, as we go forward. </p> <p> 00:16:25:19 - 00:16:59:14<br> Tina Freese Decker<br> That cannot be overstated. And as we do that, I think we all uphold that level of commitment to excellence that our patients and the people in our community want. So, John, thank you so much for your time today, for sharing your expertise. While we may not be able to prevent or mitigate everything, you have given us such great advice and we should make sure we take that down, but also listen to many of your podcasts that you put out or the Action Alerts that you sent through because they are helpful and direct and provide that great advice to move forward. </p> <p> 00:16:59:16 - 00:17:17:11<br> Tina Freese Decker<br> And I know that you are available to connect with all of our members if there is a specific situation, or they just want to learn more to make sure that we're better. So thank you, John, for being here. And thank you to all of those that have tuned in to this conversation. We will be back next month for another Leadership Dialogue. </p> <p> 00:17:17:13 - 00:17:25:24<br> Tom Haederle<br> Thanks for listening to Advancing Health. Please subscribe and rate us five stars on Apple Podcasts, Spotify, or wherever you get your podcasts. </p> </details> </div> Mon, 28 Apr 2025 11:46:47 -0500 Cybersecurity /advancing-health-podcast/2025-04-28-leadership-dialogue-series-cybersecurity-and-fight-safeguard-health-care <p>From ransomware attacks to data breaches, the stakes for hospitals and health systems to protect their patients have never been higher. In this Leadership Dialogue conversation, Tina Freese Decker, president and CEO of Corewell Health and 2025 AHA board chair, talks with John Riggi, national advisor for cybersecurity and risk at the ���������� Association, about how health care leaders are planning to mitigate cyberattacks, the need to build resilience to these threat-to-life crimes, and why forging partnerships with the government and the private sector is crucial for defense.</p><p>This podcast has been modified for time. To view the entire Leadership Dialogue, please visit <a href="https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fyoutu.be%2FfHgCZJFQa60&data=05%7C02%7Cdsamuels%40aha.org%7Cf8bf1343f184401f206708dd866f9398%7Cb9119340beb74e5e84b23cc18f7b36a6%7C0%7C0%7C638814536022345698%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=BRGMWCo2BCIUx3%2B25Wb4Eax0qRNgJOK%2Bzc1tpZWzLzg%3D&reserved=0">https://youtu.be/fHgCZJFQa60</a>.</p><hr><div></div><div class="raw-html-embed"><details class="transcript"> <summary> <h2 title="Click here to open/close the transcript."> <span>View Transcript</span><br> </h2> </summary> <p> 00:00:01:01 - 00:00:26:02<br> Tom Haederle<br> Welcome to Advancing Health. Cybersecurity is a risk. And because of that, a priority for all hospitals and health systems. In this Leadership Dialogue, Tina Freese Decker, chair of the ���������� Association, and John Riggi, AHA’s national advisor for Cybersecurity and Risk, discuss planning for cyber attacks, putting protections in place, navigating cyber threats, and rebuilding trust and confidence in the system </p> <p> 00:00:26:04 - 00:00:31:01<br> Tom Haederle<br> when cyber attacks do occur. </p> <p> 00:00:31:04 - 00:01:00:23<br> Tina Freese Decker<br> Hello, and thank you so much for joining us today. I'm Tina Freese Decker, president CEO of Corewell Health and the board chair for the ���������� Association. From data breaches to ransomware attacks to outages, cybersecurity affects patient safety and enterprise risk and is increasingly a strategic priority for hospitals and health systems. Planning for cyber attacks and putting the proper protections in place is key to ensuring sustainability, patient privacy and clinical outcomes. </p> <p> 00:01:00:26 - 00:01:34:22<br> Tina Freese Decker<br> So I am so pleased to have the ���������� Association's John Riggi joining me for today's conversation. John is an expert in this field, and he serves as the AHA's first national advisor for cybersecurity and risk. He joined AHA in 2018 after a long, distinguished 30-year career with the FBI. He brings with him tremendous experience in the investigation and disruption of cyber threats, as well as the unique ability to provide informed risk advisory services to hospitals and health systems. </p> <p> 00:01:34:24 - 00:01:41:26<br> Tina Freese Decker<br> So before we jump into the conversation, John, can you just tell me a bit about yourself so that our audience can get to know you a little bit better? </p> <p> 00:01:41:29 - 00:02:08:13<br> John Riggi<br> Thank you, Tina, so much for inviting me here today to discuss these topics, which unfortunately, as you said, top of mind for everyone. So when I ended my 30-year career at the FBI, I still wanted to be in a position to serve. I spent a lifetime doing that, and in my last role at the FBI, my job was to establish mission critical relationships with private sector, with critical infrastructure in the health care sector in particular. </p> <p> 00:02:08:15 - 00:02:29:22<br> John Riggi<br> That's when I had the privilege and honor to be introduced to AHA and Rick Pollack in talking about cyber threats. And that's when I really learned how critical a role that the ���������� Association served for the entire health care sector. I could send over, you know, an immediate urgent alert to the and with a single press of a button </p> <p> 00:02:29:29 - 00:02:56:16<br> John Riggi<br> 5000 plus hospitals received that alert. 50,000 executives received it. So I understood at that point we needed to engage in that continuing relationship. And when I retired, fortunately for me, Rick Pollack in the team said, John, you know, we've been listening to you and we think cyber will be an emerging threat, going forward. Unfortunately, none of us realized how significant a threat it would be. </p> <p> 00:02:56:19 - 00:03:00:12<br> John Riggi<br> And so, again, my privilege and honor to be here with you today. </p> <p> 00:03:00:14 - 00:03:22:21<br> Tina Freese Decker<br> Well, we are privileged and blessed that you are part of the ���������� Association team, and you're helping us navigate so many of these issues that come forward. Let's start with kind of one of the underlying questions that I have. We've seen all these cyber and physical threats that have targeted hospitals and health systems. How have they evolved over the last, let's say, 7 to 8 years? </p> <p> 00:03:22:24 - 00:03:58:21<br> John Riggi<br> Yeah, unfortunately they've increased pretty dramatically. So not only are they increased in frequency, but also in complexity and severity of impact. So on the cyber front, we have seen a, for instance, in hacking of patient health information. In 2020, it was about 450 hacks impacting 27 million individuals, not inconsequential. Last year, last year with the Change Healthcare attack, we had 259 million Americans had their health care records stolen or compromised by foreign bad guys, by foreign bad guys. </p> <p> 00:03:58:27 - 00:04:24:17<br> John Riggi<br> If we add up the numbers, just since 2020, over 500 million Americans have had their health care records compromised or stolen. So, John, wait a minute. There's only 330 million Americans. That's the population. Meaning that every American in this country has had their health care records compromised more than once. But what really concerns us are the dramatic increase in ransomware attacks, which are often accompanied by data theft attacks. </p> <p> 00:04:24:19 - 00:04:51:12<br> John Riggi<br> So these bad guys, primarily Russian speaking, believed to be provided safe harbor by the Russian government primarily but not exclusively Russian, have increased these attacks so that the impact really is not only disablement of technology, internal networks get shut down, data gets encrypted, organizations are forced to disconnect from the internet has a very, very dramatic impact on care delivery. </p> <p> 00:04:51:15 - 00:05:18:21<br> John Riggi<br> So this resulting disruption, delay to care delivery and ultimately posing a serious risk to patient care and safety, not only for the patients in the hospital, but for the entire communities that depend on the availability of their nearest emergency department for life saving care, radiation oncology, so forth. So we've seen that evolve again very significantly, and one of the reasons I think it's evolved so dramatically. </p> <p> 00:05:18:23 - 00:05:30:21<br> John Riggi<br> Geopolitics is part of that. But I think on a very base level, we as a sector depend more and more on network and internet connected technology and data. </p> <p> 00:05:30:24 - 00:05:56:13<br> Tina Freese Decker<br> Very true. You know, I did a podcast earlier this year about trust and rebuilding confidence and trust and having that public trust in health care systems and hospitals. And when you have a cyber attack or an act of violence that targets hospitals, health systems, it impacts patients, like you said, it impacts staff and our communities. How can we go about building that trust and regaining that confidence when we have these instances occur? </p> <p> 00:05:56:15 - 00:06:06:23<br> Tina Freese Decker<br> And do you have some examples of stories or insights organizations have used that have helped them navigate those cyber threats and build that public trust? </p> <p> 00:06:06:26 - 00:06:32:07<br> John Riggi<br> Great question, Tina. And also on the on the violence side, unfortunately, as I wanted to mention as well, that's increased pretty dramatically to set the stage there. I was shocked, as a former law enforcement officer, to find out nurses are the second most assaulted profession outside of law enforcement. And, you know, we expect it as law enforcement officers to be engaged, confrontational engagements. </p> <p> 00:06:32:07 - 00:06:37:09<br> John Riggi<br> You're making arrests, but nurses who just want to deliver care to help people? Shocking. </p> <p> 00:06:37:09 - 00:06:38:19<br> Tina Freese Decker<br> It's sad and unacceptable. </p> <p> 00:06:38:23 - 00:06:58:27<br> John Riggi<br> Agree, totally. So I think how do we how do we get that trust in the community? I think one - and I think we've done a fantastic job with your leadership and the AHA - acknowledge the risk, acknowledge the threat. Let's not hide it. Let's not pretend it's not there. But then to take real steps to prepare and help mitigate the impact of these threats. </p> <p> 00:06:59:00 - 00:07:25:01<br> John Riggi<br> So now we see, on the cyber side, hospitals are actively working to develop better downtime procedures, better backup systems to help shorten the length of the impact and help recover more quickly. And work with the federal government. Exchange threat information across the sector with our partners in other sectors. And really understand if we're attacked, this isn't a stigma. </p> <p> 00:07:25:02 - 00:07:51:18<br> John Riggi<br> This isn't something that an organization failed to do. We're all in this together. And on the physical side, we're working very closely with the FBI to help develop resources to help identify and mitigate targeted acts of violence directed toward health care organizations. But most importantly, our frontline health care heroes, our frontline health care workers. And again, working with the community, this is all partnership with the community as well. </p> <p> 00:07:51:20 - 00:08:08:05<br> Tina Freese Decker<br> So I'm sure you have a top ten list of things that we could do to prevent these attacks. But if you could share the top three things that we should do to prevent these attacks and how we can be resilient. And when I say attacks, I'm talking cyber and physical. We have limited time, we have limited resources. </p> <p> 00:08:08:05 - 00:08:10:19<br> Tina Freese Decker<br> But what is the most important things that we should be doing? </p> <p> 00:08:10:22 - 00:08:36:21<br> John Riggi<br> I think the overarching umbrella that all the others follow under is leadership. And really looking at these risks, acknowledging them and ensuring that both cyber and physical risks are treated as an enterprise risk issue. And then within that, on the cyber side, making sure on the defensive side that you're following well known, well-established, recognized cyber frameworks, making sure you start there. </p> <p> 00:08:36:24 - 00:09:03:08<br> John Riggi<br> Second, really thinking about third party risk. What we have seen is that a majority, the vast majority of cyber risk, cyber attacks we face come to us through insecure third party service providers. Insecure third party technology and insecure supply chain. Doesn't negate us from our responsibility to do what we can, but we have to understand that. And then the third thing is ultimately prepare. </p> <p> 00:09:03:10 - 00:09:24:08<br> John Riggi<br> We must prepare for the attack. There's an often, I would say, overused expression in the cyber security world. It's not a matter of if, but when. It's true. But I would also change that a little bit about it's not a matter of if you will be attacked. The question is are you prepared? So focusing on resiliency and so forth. </p> <p> 00:09:24:10 - 00:09:55:13<br> John Riggi<br> And then with on the physical side, education of staff, leadership priority, and working with the FBI and local law enforcement to potentially identify ahead of an incident acts of targeted violence directed towards the hospital. And then working together as a community help mitigate and prevent that act. The police always want to respond, can respond after the FBI. But I can tell you from personal experience, we'd rather prevent a crime, prevent an act of violence than respond after the fact. </p> <p> 00:09:55:15 - 00:10:19:15<br> Tina Freese Decker<br> Agree. And I think that developing those relationships with local FBI, with local law enforcement is critical because you to your point, it's not if, but when. But we'd like to be able to prevent all of it. Having those relationships is key. So I know that the AHA has been working very closely with the FBI and some health care systems to exchange that threat intelligence and enhance collaboration across our sector </p> <p> 00:10:19:15 - 00:10:28:21<br> Tina Freese Decker<br> and with federal agencies. Can you share more about that partnership and how it has helped us in identifying and mitigating both physical and cyber threats? </p> <p> 00:10:28:24 - 00:10:51:26<br> John Riggi<br> Great question again, Tina, and thank you for highlighting what we're doing with the FBI. So on the cyber front, we've been actively engaged in cyber threat, information threat intelligence exchange. Both on a very technical level, exchanging what - without getting too technical - threat indicators, malware signatures and so forth, but also identifying big strategic threats that we may face as a sector. </p> <p> 00:10:51:28 - 00:11:19:23<br> John Riggi<br> So, for instance, working with the FBI, we helped identify last year a threat to the blood supply before it was on the government's radar. We helped the government understand that cyber attacks on hospitals are not just data theft crimes. These are truly threat to life crimes. So the federal government actually previously raised the investigative priority level of ransomware attacks on hospitals to equal that of a terrorist attack once they understood what the impact was. </p> <p> 00:11:19:24 - 00:12:00:17<br> John Riggi<br> We are working very closely with the famed Behavioral Analysis Unit of the FBI, the profilers that many books and TV shows and movies have been written about to develop resources to help hospitals identify targeted acts of violence, threats that are pending against hospitals, and again, help intercede, intervene and help prevent those attacks. We have a whole series of resources available on the first ever joint FBI and Joint Health Care Sector webpage. We're about to issue a manual coming out here within the next month or so, based upon, joint work with the FBI in the field on best practices and lessons learned to prevent these acts of violence. </p> <p> 00:12:00:17 - 00:12:06:08<br> John Riggi<br> So we have a robust, almost daily interaction with the FBI and other federal agencies. </p> <p> 00:12:06:10 - 00:12:25:15<br> Tina Freese Decker<br> It's so helpful to know that we have those robust partnerships at the national level, and then we can create it at the local level, and to make sure that we're all in this together to, help protect our patients and the people that we care for in our community. So that's wonderful. My last question for you is just one about how we look forward. </p> <p> 00:12:25:17 - 00:12:38:26<br> Tina Freese Decker<br> Can you tell us what you think about is going to happen in the threat environment for 2025 and maybe into 2026? What are those things we should be watching, looking out for? And is there anything positive that you can see? </p> <p> 00:12:38:29 - 00:13:11:18<br> John Riggi<br> I will let you know there is some hope. Talk about the realistic environment. Then we'll talk about where I see the hope. So first of all, I do believe that the frequency of the attacks may decrease, but I think the bad guys are looking to make a greater impact. We have seen them go after systemically important organizations that serves health care. Change Healthcare, for example. Last year, attacks against the blood supply. The year before they attacked - found vulnerabilities in a commonly used technology and software known as Move It. </p> <p> 00:13:11:21 - 00:13:41:03<br> John Riggi<br> By attacking that software, it gave the bad guys, a Russian ransomware group, were able to gain access to millions and millions of patient records. I do believe geopolitics will have a very significant influence, for better or worse, on the level of cyber threat we face. Depending on how we deal in the outcomes of our negotiations, of our diplomatic efforts with Russia, China, North Korea and Iran has the potential to mitigate or increase the cyber threats that we face. </p> <p> 00:13:41:05 - 00:14:08:19<br> John Riggi<br> And ultimately, again, third party risk, major, major issue. Where do I see the signs of hope? And there are signs of hope, folks. Honestly, I have never seen the sector come together to share threat information to prepare for attacks, best practices, lessons learned not only amongst the sector. We see channels of threat information sharing and best practice across with other critical and sectors, with the federal government. </p> <p> 00:14:08:21 - 00:14:45:26<br> John Riggi<br> We've had victim organizations, CEOs come out publicly. Dr. Leffler from University of Vermont, Chris Van Gorder from Scripps. We've had Eduardo Conrado from the recent attack against Ascension not only come out publicly, but testify before the UN Security Council last November about the impact of this Russian ransomware attack against Ascension. So what I see is hope. The fact we are banding together and with the government and I hope, as we did in the great fight against terror, international terrorism, we will come together in a whole of nation approach to help mitigate that risk. </p> <p> 00:14:46:01 - 00:15:09:17<br> John Riggi<br> Now, Tina, I know I've done a lot of speaking here, and if I may, and with all due respect, I'd like to ask you a question if I could. Tina, in your role, you have very unique dual role. You're CEO of a large health system, and you're also the chair of the ���������� Association board. So how do you think about cyber and physical threats for your own organization </p> <p> 00:15:09:19 - 00:15:11:20<br> John Riggi<br> but on a national level? </p> <p> 00:15:11:22 - 00:15:33:26<br> Tina Freese Decker<br> Well, I believe that cyber and physical threats must be prioritized. It's a strategic risk. We have to understand how we focus on it, and we have to significantly prioritize it and emphasize what we're doing there. Previously, maybe 5 or 10 years ago, it was just thought of as a technical issue. It's not that. It's how we operate. Because like you said, we're so connected, </p> <p> 00:15:33:26 - 00:16:01:07<br> Tina Freese Decker<br> it's critical infrastructure and we must make sure that we are coming together. So for us as an organization, we prioritize our efforts, our investments, our work on it, but also prioritize business assurance. So how do we operate and make sure that everyone understands all the key components and the lessons that you shared on this discussion today, but also when we've had conversations before, how are we making sure that we know those and our teams know those? </p> <p> 00:16:01:09 - 00:16:25:19<br> Tina Freese Decker<br> I think the importance of safeguarding sensitive patient data and ensuring the integrity of our systems cannot be overstated. And that applies for my organization, and that applies for all of our members throughout the ���������� Association. And so I think those are some critical points. As we think about this it is making sure that we are safeguarding sensitive patient data and ensuring the integrity of our systems, as we go forward. </p> <p> 00:16:25:19 - 00:16:59:14<br> Tina Freese Decker<br> That cannot be overstated. And as we do that, I think we all uphold that level of commitment to excellence that our patients and the people in our community want. So, John, thank you so much for your time today, for sharing your expertise. While we may not be able to prevent or mitigate everything, you have given us such great advice and we should make sure we take that down, but also listen to many of your podcasts that you put out or the Action Alerts that you sent through because they are helpful and direct and provide that great advice to move forward. </p> <p> 00:16:59:16 - 00:17:17:11<br> Tina Freese Decker<br> And I know that you are available to connect with all of our members if there is a specific situation, or they just want to learn more to make sure that we're better. So thank you, John, for being here. And thank you to all of those that have tuned in to this conversation. We will be back next month for another Leadership Dialogue. </p> <p> 00:17:17:13 - 00:17:25:24<br> Tom Haederle<br> Thanks for listening to Advancing Health. Please subscribe and rate us five stars on Apple Podcasts, Spotify, or wherever you get your podcasts. </p> </details></div> Mon, 28 Apr 2025 11:08:26 -0500 Cybersecurity /leadership-dialogue <div class="container"><div class="row"><div class="col-md-8"><img src="/sites/default/files/inline-images/leadership-dialogue-freese-decker-riggi-900x400.jpg" data-entity-uuid="40fb79e5-2979-4656-8fc4-eff5ace41045" data-entity-type="file" alt="Leadership Dialogue. A conversation with AHA Chair Tina Freese Decker and John Riggi, AHA National Advisory for Cybersecurity and Risk." width="900" height="400"><p>In this episode, Tina Freese Decker, 2025 chair of the AHA Board of Trustees, talks with John Riggi, AHA’s National Advisor for Cybersecurity and Risk. Riggi spent nearly 30 years with the FBI before joining the AHA in 2018.</p><p>Freese Decker and Riggi discuss cybersecurity and physical threats, which are significant enterprise risks for health care, regardless of size or location. Every hospital, physician group and medical center is at risk — and this risk puts the people served at risk, which is why organizations must take these threats seriously.</p><p>Riggi shared three major themes the health care field must lean into regarding cyber and physical threats. The first is leadership. Leaders and teams must recognize that cyber and physical threats are an enterprise risk issue and put the necessary resources in place to be proactive and prevent these threats from occurring. Second, third parties pose a major risk. It is important to evaluate third-party risk and put plans in place to minimize the risk as much as possible. Third, prepare, prepare, prepare! Part of preparation is educating leaders and staff and creating partnerships within the organization and in the community to be able to respond and act if and when something happens.</p><hr><p></p><hr><div></div><div class="raw-html-embed"> <details class="transcript"> <summary> <h2 title="Click here to open/close the transcript."> <span>View Transcript</span><br> </h2> </summary> <p> 00:00:01:01 - 00:00:26:02<br> Tom Haederle<br> Welcome to Advancing Health. Cybersecurity is a risk. And because of that, a priority for all hospitals and health systems. In this Leadership Dialogue, Tina Freese Decker, chair of the ���������� Association, and John Riggi, AHA’s national advisor for Cybersecurity and Risk, discuss planning for cyber attacks, putting protections in place, navigating cyber threats, and rebuilding trust and confidence in the system </p> <p> 00:00:26:04 - 00:00:31:01<br> Tom Haederle<br> when cyber attacks do occur. </p> <p> 00:00:31:04 - 00:01:00:23<br> Tina Freese Decker<br> Hello, and thank you so much for joining us today. I'm Tina Freese Decker, president CEO of Corewell Health and the board chair for the ���������� Association. From data breaches to ransomware attacks to outages, cybersecurity affects patient safety and enterprise risk and is increasingly a strategic priority for hospitals and health systems. Planning for cyber attacks and putting the proper protections in place is key to ensuring sustainability, patient privacy and clinical outcomes. </p> <p> 00:01:00:26 - 00:01:34:22<br> Tina Freese Decker<br> So I am so pleased to have the ���������� Association's John Riggi joining me for today's conversation. John is an expert in this field, and he serves as the AHA's first national advisor for cybersecurity and risk. He joined AHA in 2018 after a long, distinguished 30-year career with the FBI. He brings with him tremendous experience in the investigation and disruption of cyber threats, as well as the unique ability to provide informed risk advisory services to hospitals and health systems. </p> <p> 00:01:34:24 - 00:01:41:26<br> Tina Freese Decker<br> So before we jump into the conversation, John, can you just tell me a bit about yourself so that our audience can get to know you a little bit better? </p> <p> 00:01:41:29 - 00:02:08:13<br> John Riggi<br> Thank you, Tina, so much for inviting me here today to discuss these topics, which unfortunately, as you said, top of mind for everyone. So when I ended my 30-year career at the FBI, I still wanted to be in a position to serve. I spent a lifetime doing that, and in my last role at the FBI, my job was to establish mission critical relationships with private sector, with critical infrastructure in the health care sector in particular. </p> <p> 00:02:08:15 - 00:02:29:22<br> John Riggi<br> That's when I had the privilege and honor to be introduced to AHA and Rick Pollack in talking about cyber threats. And that's when I really learned how critical a role that the ���������� Association served for the entire health care sector. I could send over, you know, an immediate urgent alert to the and with a single press of a button </p> <p> 00:02:29:29 - 00:02:56:16<br> John Riggi<br> 5000 plus hospitals received that alert. 50,000 executives received it. So I understood at that point we needed to engage in that continuing relationship. And when I retired, fortunately for me, Rick Pollack in the team said, John, you know, we've been listening to you and we think cyber will be an emerging threat, going forward. Unfortunately, none of us realized how significant a threat it would be. </p> <p> 00:02:56:19 - 00:03:00:12<br> John Riggi<br> And so, again, my privilege and honor to be here with you today. </p> <p> 00:03:00:14 - 00:03:22:21<br> Tina Freese Decker<br> Well, we are privileged and blessed that you are part of the ���������� Association team, and you're helping us navigate so many of these issues that come forward. Let's start with kind of one of the underlying questions that I have. We've seen all these cyber and physical threats that have targeted hospitals and health systems. How have they evolved over the last, let's say, 7 to 8 years? </p> <p> 00:03:22:24 - 00:03:58:21<br> John Riggi<br> Yeah, unfortunately they've increased pretty dramatically. So not only are they increased in frequency, but also in complexity and severity of impact. So on the cyber front, we have seen a, for instance, in hacking of patient health information. In 2020, it was about 450 hacks impacting 27 million individuals, not inconsequential. Last year, last year with the Change Healthcare attack, we had 259 million Americans had their health care records stolen or compromised by foreign bad guys, by foreign bad guys. </p> <p> 00:03:58:27 - 00:04:24:17<br> John Riggi<br> If we add up the numbers, just since 2020, over 500 million Americans have had their health care records compromised or stolen. So, John, wait a minute. There's only 330 million Americans. That's the population. Meaning that every American in this country has had their health care records compromised more than once. But what really concerns us are the dramatic increase in ransomware attacks, which are often accompanied by data theft attacks. </p> <p> 00:04:24:19 - 00:04:51:12<br> John Riggi<br> So these bad guys, primarily Russian speaking, believed to be provided safe harbor by the Russian government primarily but not exclusively Russian, have increased these attacks so that the impact really is not only disablement of technology, internal networks get shut down, data gets encrypted, organizations are forced to disconnect from the internet has a very, very dramatic impact on care delivery. </p> <p> 00:04:51:15 - 00:05:18:21<br> John Riggi<br> So this resulting disruption, delay to care delivery and ultimately posing a serious risk to patient care and safety, not only for the patients in the hospital, but for the entire communities that depend on the availability of their nearest emergency department for life saving care, radiation oncology, so forth. So we've seen that evolve again very significantly, and one of the reasons I think it's evolved so dramatically. </p> <p> 00:05:18:23 - 00:05:30:21<br> John Riggi<br> Geopolitics is part of that. But I think on a very base level, we as a sector depend more and more on network and internet connected technology and data. </p> <p> 00:05:30:24 - 00:05:56:13<br> Tina Freese Decker<br> Very true. You know, I did a podcast earlier this year about trust and rebuilding confidence and trust and having that public trust in health care systems and hospitals. And when you have a cyber attack or an act of violence that targets hospitals, health systems, it impacts patients, like you said, it impacts staff and our communities. How can we go about building that trust and regaining that confidence when we have these instances occur? </p> <p> 00:05:56:15 - 00:06:06:23<br> Tina Freese Decker<br> And do you have some examples of stories or insights organizations have used that have helped them navigate those cyber threats and build that public trust? </p> <p> 00:06:06:26 - 00:06:32:07<br> John Riggi<br> Great question, Tina. And also on the on the violence side, unfortunately, as I wanted to mention as well, that's increased pretty dramatically to set the stage there. I was shocked, as a former law enforcement officer, to find out nurses are the second most assaulted profession outside of law enforcement. And, you know, we expect it as law enforcement officers to be engaged, confrontational engagements. </p> <p> 00:06:32:07 - 00:06:37:09<br> John Riggi<br> You're making arrests, but nurses who just want to deliver care to help people? Shocking. </p> <p> 00:06:37:09 - 00:06:38:19<br> Tina Freese Decker<br> It's sad and unacceptable. </p> <p> 00:06:38:23 - 00:06:58:27<br> John Riggi<br> Agree, totally. So I think how do we how do we get that trust in the community? I think one - and I think we've done a fantastic job with your leadership and the AHA - acknowledge the risk, acknowledge the threat. Let's not hide it. Let's not pretend it's not there. But then to take real steps to prepare and help mitigate the impact of these threats. </p> <p> 00:06:59:00 - 00:07:25:01<br> John Riggi<br> So now we see, on the cyber side, hospitals are actively working to develop better downtime procedures, better backup systems to help shorten the length of the impact and help recover more quickly. And work with the federal government. Exchange threat information across the sector with our partners in other sectors. And really understand if we're attacked, this isn't a stigma. </p> <p> 00:07:25:02 - 00:07:51:18<br> John Riggi<br> This isn't something that an organization failed to do. We're all in this together. And on the physical side, we're working very closely with the FBI to help develop resources to help identify and mitigate targeted acts of violence directed toward health care organizations. But most importantly, our frontline health care heroes, our frontline health care workers. And again, working with the community, this is all partnership with the community as well. </p> <p> 00:07:51:20 - 00:08:08:05<br> Tina Freese Decker<br> So I'm sure you have a top ten list of things that we could do to prevent these attacks. But if you could share the top three things that we should do to prevent these attacks and how we can be resilient. And when I say attacks, I'm talking cyber and physical. We have limited time, we have limited resources. </p> <p> 00:08:08:05 - 00:08:10:19<br> Tina Freese Decker<br> But what is the most important things that we should be doing? </p> <p> 00:08:10:22 - 00:08:36:21<br> John Riggi<br> I think the overarching umbrella that all the others follow under is leadership. And really looking at these risks, acknowledging them and ensuring that both cyber and physical risks are treated as an enterprise risk issue. And then within that, on the cyber side, making sure on the defensive side that you're following well known, well-established, recognized cyber frameworks, making sure you start there. </p> <p> 00:08:36:24 - 00:09:03:08<br> John Riggi<br> Second, really thinking about third party risk. What we have seen is that a majority, the vast majority of cyber risk, cyber attacks we face come to us through insecure third party service providers. Insecure third party technology and insecure supply chain. Doesn't negate us from our responsibility to do what we can, but we have to understand that. And then the third thing is ultimately prepare. </p> <p> 00:09:03:10 - 00:09:24:08<br> John Riggi<br> We must prepare for the attack. There's an often, I would say, overused expression in the cyber security world. It's not a matter of if, but when. It's true. But I would also change that a little bit about it's not a matter of if you will be attacked. The question is are you prepared? So focusing on resiliency and so forth. </p> <p> 00:09:24:10 - 00:09:55:13<br> John Riggi<br> And then with on the physical side, education of staff, leadership priority, and working with the FBI and local law enforcement to potentially identify ahead of an incident acts of targeted violence directed towards the hospital. And then working together as a community help mitigate and prevent that act. The police always want to respond, can respond after the FBI. But I can tell you from personal experience, we'd rather prevent a crime, prevent an act of violence than respond after the fact. </p> <p> 00:09:55:15 - 00:10:19:15<br> Tina Freese Decker<br> Agree. And I think that developing those relationships with local FBI, with local law enforcement is critical because you to your point, it's not if, but when. But we'd like to be able to prevent all of it. Having those relationships is key. So I know that the AHA has been working very closely with the FBI and some health care systems to exchange that threat intelligence and enhance collaboration across our sector </p> <p> 00:10:19:15 - 00:10:28:21<br> Tina Freese Decker<br> and with federal agencies. Can you share more about that partnership and how it has helped us in identifying and mitigating both physical and cyber threats? </p> <p> 00:10:28:24 - 00:10:51:26<br> John Riggi<br> Great question again, Tina, and thank you for highlighting what we're doing with the FBI. So on the cyber front, we've been actively engaged in cyber threat, information threat intelligence exchange. Both on a very technical level, exchanging what - without getting too technical - threat indicators, malware signatures and so forth, but also identifying big strategic threats that we may face as a sector. </p> <p> 00:10:51:28 - 00:11:19:23<br> John Riggi<br> So, for instance, working with the FBI, we helped identify last year a threat to the blood supply before it was on the government's radar. We helped the government understand that cyber attacks on hospitals are not just data theft crimes. These are truly threat to life crimes. So the federal government actually previously raised the investigative priority level of ransomware attacks on hospitals to equal that of a terrorist attack once they understood what the impact was. </p> <p> 00:11:19:24 - 00:12:00:17<br> John Riggi<br> We are working very closely with the famed Behavioral Analysis Unit of the FBI, the profilers that many books and TV shows and movies have been written about to develop resources to help hospitals identify targeted acts of violence, threats that are pending against hospitals, and again, help intercede, intervene and help prevent those attacks. We have a whole series of resources available on the first ever joint FBI and Joint Health Care Sector webpage. We're about to issue a manual coming out here within the next month or so, based upon, joint work with the FBI in the field on best practices and lessons learned to prevent these acts of violence. </p> <p> 00:12:00:17 - 00:12:06:08<br> John Riggi<br> So we have a robust, almost daily interaction with the FBI and other federal agencies. </p> <p> 00:12:06:10 - 00:12:25:15<br> Tina Freese Decker<br> It's so helpful to know that we have those robust partnerships at the national level, and then we can create it at the local level, and to make sure that we're all in this together to, help protect our patients and the people that we care for in our community. So that's wonderful. My last question for you is just one about how we look forward. </p> <p> 00:12:25:17 - 00:12:38:26<br> Tina Freese Decker<br> Can you tell us what you think about is going to happen in the threat environment for 2025 and maybe into 2026? What are those things we should be watching, looking out for? And is there anything positive that you can see? </p> <p> 00:12:38:29 - 00:13:11:18<br> John Riggi<br> I will let you know there is some hope. Talk about the realistic environment. Then we'll talk about where I see the hope. So first of all, I do believe that the frequency of the attacks may decrease, but I think the bad guys are looking to make a greater impact. We have seen them go after systemically important organizations that serves health care. Change Healthcare, for example. Last year, attacks against the blood supply. The year before they attacked - found vulnerabilities in a commonly used technology and software known as Move It. </p> <p> 00:13:11:21 - 00:13:41:03<br> John Riggi<br> By attacking that software, it gave the bad guys, a Russian ransomware group, were able to gain access to millions and millions of patient records. I do believe geopolitics will have a very significant influence, for better or worse, on the level of cyber threat we face. Depending on how we deal in the outcomes of our negotiations, of our diplomatic efforts with Russia, China, North Korea and Iran has the potential to mitigate or increase the cyber threats that we face. </p> <p> 00:13:41:05 - 00:14:08:19<br> John Riggi<br> And ultimately, again, third party risk, major, major issue. Where do I see the signs of hope? And there are signs of hope, folks. Honestly, I have never seen the sector come together to share threat information to prepare for attacks, best practices, lessons learned not only amongst the sector. We see channels of threat information sharing and best practice across with other critical and sectors, with the federal government. </p> <p> 00:14:08:21 - 00:14:45:26<br> John Riggi<br> We've had victim organizations, CEOs come out publicly. Dr. Leffler from University of Vermont, Chris Van Gorder from Scripps. We've had Eduardo Conrado from the recent attack against Ascension not only come out publicly, but testify before the UN Security Council last November about the impact of this Russian ransomware attack against Ascension. So what I see is hope. The fact we are banding together and with the government and I hope, as we did in the great fight against terror, international terrorism, we will come together in a whole of nation approach to help mitigate that risk. </p> <p> 00:14:46:01 - 00:15:09:17<br> John Riggi<br> Now, Tina, I know I've done a lot of speaking here, and if I may, and with all due respect, I'd like to ask you a question if I could. Tina, in your role, you have very unique dual role. You're CEO of a large health system, and you're also the chair of the ���������� Association board. So how do you think about cyber and physical threats for your own organization </p> <p> 00:15:09:19 - 00:15:11:20<br> John Riggi<br> but on a national level? </p> <p> 00:15:11:22 - 00:15:33:26<br> Tina Freese Decker<br> Well, I believe that cyber and physical threats must be prioritized. It's a strategic risk. We have to understand how we focus on it, and we have to significantly prioritize it and emphasize what we're doing there. Previously, maybe 5 or 10 years ago, it was just thought of as a technical issue. It's not that. It's how we operate. Because like you said, we're so connected, </p> <p> 00:15:33:26 - 00:16:01:07<br> Tina Freese Decker<br> it's critical infrastructure and we must make sure that we are coming together. So for us as an organization, we prioritize our efforts, our investments, our work on it, but also prioritize business assurance. So how do we operate and make sure that everyone understands all the key components and the lessons that you shared on this discussion today, but also when we've had conversations before, how are we making sure that we know those and our teams know those? </p> <p> 00:16:01:09 - 00:16:25:19<br> Tina Freese Decker<br> I think the importance of safeguarding sensitive patient data and ensuring the integrity of our systems cannot be overstated. And that applies for my organization, and that applies for all of our members throughout the ���������� Association. And so I think those are some critical points. As we think about this it is making sure that we are safeguarding sensitive patient data and ensuring the integrity of our systems, as we go forward. </p> <p> 00:16:25:19 - 00:16:59:14<br> Tina Freese Decker<br> That cannot be overstated. And as we do that, I think we all uphold that level of commitment to excellence that our patients and the people in our community want. So, John, thank you so much for your time today, for sharing your expertise. While we may not be able to prevent or mitigate everything, you have given us such great advice and we should make sure we take that down, but also listen to many of your podcasts that you put out or the Action Alerts that you sent through because they are helpful and direct and provide that great advice to move forward. </p> <p> 00:16:59:16 - 00:17:17:11<br> Tina Freese Decker<br> And I know that you are available to connect with all of our members if there is a specific situation, or they just want to learn more to make sure that we're better. So thank you, John, for being here. And thank you to all of those that have tuned in to this conversation. We will be back next month for another Leadership Dialogue. </p> <p> 00:17:17:13 - 00:17:25:24<br> Tom Haederle<br> Thanks for listening to Advancing Health. Please subscribe and rate us five stars on Apple Podcasts, Spotify, or wherever you get your podcasts. </p> </details> </div></div><div class="col-md-4"><div class="views-element-container"> <section class="top-level-view js-view-dom-id-f5a9ae4e09bcedc990d5cbba26b5860e19344d89e7e7f141c82be9d5cc8fe6fe resource-block"> <h2>Previous Leadership Dialogues and Rounds</h2> <div class="resource-wrapper"> <div class="resource-view"> <div class="article views-row"> <div class="views-field views-field-title"> <span class="field-content"><a href="/news/chairpersons-file/2025-03-31-chair-file-leadership-dialogue-importance-advocacy-and-storytelling-rural-health-lori" hreflang="en">Chair File: Leadership Dialogue — Importance of Advocacy and Storytelling in Rural Health with Lori Wightman, R.N., CEO of Bothwell Regional Health Center</a></span> </div><div class="views-field views-field-created"> <span class="field-content"><time datetime="2025-03-31T10:49:30-05:00">Mar 31, 2025</time> </span> </div></div> <div class="article views-row"> <div class="views-field views-field-title"> <span class="field-content"><a href="/news/chairpersons-file/2025-02-24-chair-file-leadership-dialogue-advancing-health-and-building-trust-lynn-hanessian-and-robert" hreflang="en">Chair File: Leadership Dialogue — Advancing Health and Building Trust with Lynn Hanessian and Robert Trestman, M.D.</a></span> </div><div class="views-field views-field-created"> <span class="field-content"><time datetime="2025-02-24T08:21:34-06:00">Feb 24, 2025</time> </span> </div></div> <div class="article views-row"> <div class="views-field views-field-title"> <span class="field-content"><a href="/news/chairpersons-file/2025-01-27-chair-file-leadership-dialogue-tackling-todays-health-care-challenges-aha-leaders-stacey" hreflang="en">Chair File: Leadership Dialogue — Tackling Today’s Health Care Challenges with AHA Leaders Stacey Hughes and Ashley Thompson</a></span> </div><div class="views-field views-field-created"> <span class="field-content"><time datetime="2025-01-27T09:40:27-06:00">Jan 27, 2025</time> </span> </div></div> <div class="article views-row"> <div class="views-field views-field-title"> <span class="field-content"><a href="/news/chairpersons-file/2024-12-16-leadership-dialogue-assessing-health-care-challenges-and-successes-tina-freese-decker" hreflang="en">Leadership Dialogue — Assessing Health Care Challenges and Successes With Tina Freese Decker, President and CEO of Corewell Health</a></span> </div><div class="views-field views-field-created"> <span class="field-content"><time datetime="2024-12-16T08:16:44-06:00">Dec 16, 2024</time> </span> </div></div> <div class="article views-row"> <div class="views-field views-field-title"> <span class="field-content"><a href="/news/chairpersons-file/2024-11-18-leadership-dialogue-advancing-health-care-innovation-amy-perry-president-and-ceo-banner" hreflang="en">Leadership Dialogue — Advancing Health Care Innovation with Amy Perry, President and CEO of Banner Health</a></span> </div><div class="views-field views-field-created"> <span class="field-content"><time datetime="2024-11-18T10:04:06-06:00">Nov 18, 2024</time> </span> </div></div> </div> </div> <div class="more-link"><a href="/topics/leadership-dialogue">Watch More Leadership Dialogues and Rounds Videos</a></div> </section> </div> </div></div></div> Mon, 28 Apr 2025 10:30:00 -0500 Cybersecurity <div class="container row"><div class="row"><div class="col-md-8"><p><strong>Today’s Headlines:</strong></p><p><strong>Leading Story </strong></p><ul><li>Critical Commvault Command Center Flaw Enables Attackers to Execute Code Remotely</li></ul><p><strong>Data Breaches & Data Leaks  </strong></p><ul><li>Cyberattacks Hit Health Sector Firms, Exposing Data of Over 236,000 People</li></ul><p><strong>Cyber Crimes & Incidents </strong></p><ul><li>Threat Actors Leverage TAG-124 Infrastructure to Deliver Malicious Payloads</li></ul><p><strong>Vulnerabilities & Exploits  </strong></p><ul><li>NVIDIA NeMo Vulnerability Enables Remote Exploits</li></ul><p><strong>Trends & Reports </strong></p><ul><li>AI-Powered Polymorphic Phishing Is Changing The Threat Landscape</li></ul><p><strong>Privacy, Legal & Regulatory </strong></p><ul><li>Georgia, New York Residents Sue Over Cleveland, Tennessee, Debt Collections Agency Data Breach</li></ul><p><strong>Upcoming Health-ISAC Events </strong></p><ul><li>Global Monthly Threat Brief  <br>o    Americas – April 29, 2025, 12:00-01:00 PM ET<br>o    European – April 30, 2025, 03:00-04:00 PM CET<br> </li></ul></div><div class="col-md-4"><div><p><strong>For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:</strong></p><h3><a href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf">John Riggi</a></h3><h4>National Advisor for Cybersecurity and Risk, AHA</h4><h4><a href="mailto:jriggi@aha.org?subject=Cybersecurity and Risk Advisory Services Query">jriggi@aha.org</a></h4><h4>(O) <a href="tel:1-202-626-2272">+1 202 626 2272</a></h4><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf" target="_blank">More on John Riggi</a></div><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/guidesreports/2018-06-15-cybersecurity-and-risk-advisory-services" target="_blank">Learn more about AHA's Cybersecurity and Risk Advisory Services</a></div></div></div></div></div> Fri, 25 Apr 2025 10:35:29 -0500 Cybersecurity <div class="container row"><div class="row"><div class="col-md-8"><p>The information provided in the report is pulled from threat actor data leak sites ‘as is,’ meaning, it is shared as it has been posted by the threat group. They have been known to make mistakes, have typos, mis-name victims, or use other language aside from the victim name. The report shares the information ‘as is’ and neither the source of the report, nor our team, goes to the individual sites to verify the information, though it can be (and we sometimes do) cross-referenced with other reporting sources. Neither the originator of the report, nor our team, is in direct discussion w/ the threat actors. There are cyber threat intelligence firms that do engage in cybercrime forums and can provide additional perspectives of victims and ongoing discussions occurring in those forums.</p></div><div class="col-md-4"><div><p><strong>For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:</strong></p><h3><a href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf">John Riggi</a></h3><h4>National Advisor for Cybersecurity and Risk, AHA</h4><h4><a href="mailto:jriggi@aha.org?subject=Cybersecurity and Risk Advisory Services Query">jriggi@aha.org</a></h4><h4>(O) <a href="tel:1-202-626-2272">+1 202 626 2272</a></h4><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf" target="_blank">More on John Riggi</a></div><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/guidesreports/2018-06-15-cybersecurity-and-risk-advisory-services" target="_blank">Learn more about AHA's Cybersecurity and Risk Advisory Services</a></div></div></div></div></div> Fri, 25 Apr 2025 09:57:54 -0500 Cybersecurity