Cybersecurity and Risk Advisory Services

Cybersecurity and Risk Advisory

Today's Threats Go Beyond Operational Risk, They Disrupt Care and Safety.

Hospital leaders are well aware of the escalating threats they face, but the challenge is changing as today’s risks are no longer isolated. Cyber events and physical attacks can ripple across every dimension of hospital operations, disrupting care delivery and putting patient and community safety at serious risk.

Most hospital infrastructure is now network-dependent. Whether it affects connected medical devices or access controls and building management systems, a single disruption like a randsomware attack can impact core hospital functions in minutes. At the same time, hospitals are navigating growing physical threats like workplace violence, targeted attacks and natural disasters. These risks are not separate. They are overlapping and escalating.

The American Hospital Association's Cybersecurity and Risk Advisory Services are designed to help you meet this moment. Our team of nationally recognized experts works with hospitals and health systems to identify gaps, strengthen defenses and build cross-functional resilience that protects your people, your operations and your mission.

Strategic Cybersecurity and Risk Advisory Services

Clinical Continuity and Operational Resilience. We help hospitals develop plans to sustain critical clinical and operational capabilities for 30 days or more without reliance on key technologies through comprehensive continuity assessments and actionable recommendations.
Comprehensive Risk Assessments. Our experts evaluate emerging threats including criminal groups stealing data, nation-state espionage targeting medical research, insider risks and vulnerabilities across business associates, vendors, supply chains and cloud environments. We then deliver tailored plans to help hospitals strengthen defenses.
Emerging Technology. We provide strategic guidance on cybersecurity risks posed by emerging technologies such as artificial intelligence, along with insights to optimize your cybersecurity posture.
Additional Risk Advisory Services. We help organizations address complex challenges ranging from violence prevention and preparedness to financial crimes and fraud, physical security and terrorism risk management.

Incident Response Strategy and Advisory Services

Incident Response Planning. We collaborate with your leadership to develop and implement comprehensive incident response plans that align with your organization's strategic priorities. Remember: cyber risk is patient safety risk!
Tactical Guidance and Coordination. Our experts provide tactical guidance for mitigation, communication and coordination with law enforcement and intelligence partners, ensuring a seamless and effective response during a ransomware attack or other cyber disruption.
Integration and Recovery. By integrating cyber and risk incident response with emergency management and clinical continuity programs, we help minimize operational disruption and accelerate recovery.

Leadership Education and Awareness

Board and Executive Education. We deliver tailored education on the cyberthreat landscape and organizational readiness to boards and executive leadership.
Culture Transformation. We facilitate culture transformation initiatives that embed cybersecurity and risk awareness across the organization, from leadership to frontline staff.
Executive Exercises. To prepare leadership for cyber and risk incidents, we conduct realistic tabletop exercises and simulations.

Federal Law Enforcement and National Security Relations

Federal Law Enforcement and National Security Liaison. As your trusted liaison, we facilitate effective collaboration and threat information exchange with government agencies, including the FBI and other agencies on critical cybersecurity and risk issues.
Proactive Threat Response. We support proactive engagement and coordinated responses to cyberthreats involving national security partners, enhancing your organization's ability to navigate complex threat environments with confidence and resilience.

Additional AHA Cybersecurity and Risk Resources

AHA Cybersecurity & Risk Resource Hub. Access AHA's centralized hub for cyber and risk-related tools, updates and guidance tailored to health care organizations.
AHA Preferred Cybersecurity & Risk Provider Program. Explore a network of highly vetted cybersecurity and risk management firms selected for their proven expertise and alignment with the unique operational, regulatory and security challenges facing hospitals and health systems.
AHA Cyber & Risk Intel Blog. Gain strategic perspective from John Riggi, AHA's national advisor for cybersecurity and risk, and Scott Gee, deputy national advisor. This ongoing blog series delivers expert commentary on emerging threats, trends and response strategies.
American Society for Health Care Risk Management Resources. Access a wide range of education programs, events and publications from ASHRM, supporting health care risk management professionals in advancing organizational resilience.
Hospitals Against Violence. The Hospitals Against Violence (HAV) initiative exists to share examples and best practices with the field about workplace and community violence, including the Behavioral Threat Assessment and Management guide developed in partnership with the FBI’s Behavioral Analysis Unit-1.

Meet the AHA Cybersecurity and Risk Team

John Riggi, National Advisor for Cybersecurity and Risk, and Scott Gee, Deputy National Advisor for Cybersecurity and Risk, lead our team of advisors. They bring decades of experience from federal law enforcement and the private sector to help hospitals and health systems prepare for, respond to, and recover from complex cyber and physical threats.

Need Help or Have Questions?

Contact Us

Stay up to date on the latest cybersecurity and risk news, resources and alerts.

Cybersecurity