Cybersecurity and Risk Advisory Services

“Cyber threats are a major risk issue for hospitals and health systems. The AHA continues to recognize and prioritize this threat as a significant challenge for the field and has responded by creating the position of senior advisor for cybersecurity and risk. The AHA recently hired John Riggi, former FBI Cyber Executive and a nationally recognized expert for healthcare cybersecurity to fill that role and serve as a resource to advise and assist the field in mitigating the many cyber and physical risks they face.”
— AHA President and CEO Rick Pollack

At present, John Riggi, senior advisor for cybersecurity and risk, is available to provide:

Strategic Cybersecurity and Risk Advisory Services Related To:

  • Cyber threat and risk profile of the organization
  • Information security and risk mitigation strategy development and integration with enterprise risk management
  • Cybersecurity and risk mitigation strategies, resource allocation and deployment strategies
  • Implementation and effectiveness of information security and risk policies, procedures and controls
  • Risk assessments and mitigation plan
  • Business associate, vendor, supply chain and cloud risk management programs
  • Independent and objective review of cybersecurity contractors and vendors’ proposals, recommendations and work products
  • Threat and business intelligence services related to current and future cyber risk issues such as interoperability, value based payment models and patient access to EHR
  • Insight and guidance on cyber threat information sharing channels
  • HIPPA privacy and security compliance, insider threat program, and cyber insurance related issues
  • Other risk related issues including:
    • Financial crimes, healthcare related frauds, false claims investigations and the intersection of cybercrimes and financial crime
    • Hospital violence, active shooter program, fraud, espionage and counterintelligence related issues, physical security, and terrorism

Hospital Leadership Cybersecurity Education and Awareness Services

  • Provide strategic cybersecurity and risk advisory services for hospital leadership and board
  • Provide customized education and awareness presentations for Board, C-Suite and Staff
  • Review cybersecurity and risk organizational culture
  • Provide cyber and risk incident response tabletop exercises and simulations for leadership

Cyber and Risk Incident Response Strategy and Advisory Services

  • Provide strategic cyber incident/ransomware and risk incident response services including, communications strategy; government, law enforcement and intelligence community liaison services
  • Assist in development and implementation of cyber and risk incident response plans
  • Assist in development and implementation of incident containment, mitigation and remediation plan

Law Enforcement and National Security Relations

  • Review government policy, regulation and legislation, and provide analysis pertaining to cybersecurity and risk implications for the organization. Review pending criminal and national security investigations; liaise with law enforcement and the intelligence community as needed
  • Advise on government coordination and liaison services related to cybersecurity and risk issues and active incidents
  • Advise during ransomware and extortion incidents, communications and response to adversaries

John RiggiJohn Riggi, having spent nearly 30 years as a highly decorated veteran of the FBI, serves as the senior advisor for cybersecurity and risk for the American Hospital Association (AHA) and their 5000+ member hospitals. In this role, John serves as a resource nationally to assist members identify and combat cyber and other sources of risk to their organizations. Additionally, John will support the AHA’s policy efforts and Federal agency relations on cyber and other risk related issues. Previously, John led BDO Advisory’s Cybersecurity and Financial Crimes Practice. While at the FBI, John served as a representative to the White House Cyber Response Group. He also led the FBI Cyber national program to develop mission critical partnerships with the healthcare and other critical infrastructure sectors for the investigation and exchange of information related to national security and criminal-related cyber threats.

John held a national strategic role in the FBI investigation of the largest cyber-attacks targeting healthcare, energy, entertainment, technology, financial services, government and other sectors. John led BDO’s exclusive engagement with the AHA to provide cybersecurity training for member hospital CEOs and executives.

John is available after hours should your organization need urgent assistance or guidance as the result of a cyber or risk incident:

(O) 202-626-2272 | (M) 202-640-9159 |

Related Resources

Fact Sheets
It is imperative that Congress invest in America’s hospitals and health systems to ensure that the nation’s health care needs can be met today and into the…
The American Hospital Association (AHA) would like to share hospital and health system priorities that would benefit patients and communities around the…
Advancing Health Podcast
On this AHA Advancing Health podcast, John Riggi, AHA senior advisor for cybersecurity and risk, speaks with his former FBI colleague Mike Orlando, acting…
Microsoft has released out-of-band security updates to address a remote code execution (RCE) vulnerability — known as PrintNightmare (CVE-2021-34527) — in the…
Advancing Health Podcast
Hospitals and health systems have frequently been the target of high-impact ransomware attacks. In this podcast, John Riggi, AHA senior advisor for…
As a national critical infrastructure designated by the U.S. Department of Homeland Security, the healthcare sector faces an urgent need to strengthen the…