Cybersecurity and Risk Advisory Services

“Cyber threats are a major risk issue for hospitals and health systems. The AHA continues to recognize and prioritize this threat as a significant challenge for the field and has responded by creating the position of senior advisor for cybersecurity and risk. The AHA recently hired John Riggi, former FBI Cyber Executive and a nationally recognized expert for healthcare cybersecurity to fill that role and serve as a resource to advise and assist the field in mitigating the many cyber and physical risks they face.”
— AHA President and CEO Rick Pollack

At present, John Riggi, senior advisor for cybersecurity and risk, is available to provide:

Strategic Cybersecurity and Risk Advisory Services Related To:

  • Cyber threat and risk profile of the organization
  • Information security and risk mitigation strategy development and integration with enterprise risk management
  • Cybersecurity and risk mitigation strategies, resource allocation and deployment strategies
  • Implementation and effectiveness of information security and risk policies, procedures and controls
  • Risk assessments and mitigation plan
  • Business associate, vendor, supply chain and cloud risk management programs
  • Independent and objective review of cybersecurity contractors and vendors’ proposals, recommendations and work products
  • Threat and business intelligence services related to current and future cyber risk issues such as interoperability, value based payment models and patient access to EHR
  • Insight and guidance on cyber threat information sharing channels
  • HIPPA privacy and security compliance, insider threat program, and cyber insurance related issues
  • Other risk related issues including:
    • Financial crimes, healthcare related frauds, false claims investigations and the intersection of cybercrimes and financial crime
    • Hospital violence, active shooter program, fraud, espionage and counterintelligence related issues, physical security, and terrorism

Hospital Leadership Cybersecurity Education and Awareness Services

  • Provide strategic cybersecurity and risk advisory services for hospital leadership and board
  • Provide customized education and awareness presentations for Board, C-Suite and Staff
  • Review cybersecurity and risk organizational culture
  • Provide cyber and risk incident response tabletop exercises and simulations for leadership

Cyber and Risk Incident Response Strategy and Advisory Services

  • Provide strategic cyber incident/ransomware and risk incident response services including, communications strategy; government, law enforcement and intelligence community liaison services
  • Assist in development and implementation of cyber and risk incident response plans
  • Assist in development and implementation of incident containment, mitigation and remediation plan

Law Enforcement and National Security Relations

  • Review government policy, regulation and legislation, and provide analysis pertaining to cybersecurity and risk implications for the organization. Review pending criminal and national security investigations; liaise with law enforcement and the intelligence community as needed
  • Advise on government coordination and liaison services related to cybersecurity and risk issues and active incidents
  • Advise during ransomware and extortion incidents, communications and response to adversaries

John RiggiJohn Riggi, having spent nearly 30 years as a highly decorated veteran of the FBI, serves as the senior advisor for cybersecurity and risk for the American Hospital Association (AHA) and their 5000+ member hospitals. In this role, John serves as a resource nationally to assist members identify and combat cyber and other sources of risk to their organizations. Additionally, John will support the AHA’s policy efforts and Federal agency relations on cyber and other risk related issues. Previously, John led BDO Advisory’s Cybersecurity and Financial Crimes Practice. While at the FBI, John served as a representative to the White House Cyber Response Group. He also led the FBI Cyber national program to develop mission critical partnerships with the healthcare and other critical infrastructure sectors for the investigation and exchange of information related to national security and criminal-related cyber threats.

John held a national strategic role in the FBI investigation of the largest cyber-attacks targeting healthcare, energy, entertainment, technology, financial services, government and other sectors. John led BDO’s exclusive engagement with the AHA to provide cybersecurity training for member hospital CEOs and executives.

John is available after hours should your organization need urgent assistance or guidance as the result of a cyber or risk incident:

(O) 202-626-2272 | (M) 202-640-9159 |

Related Resources

Between 7 April and 7 May 2019, three US cities were victims of RobbinHood Ransomware attacks.
The AHA today submitted comments to the Senate Health, Education, Labor and Pensions Committee on their bipartisan discussion draft legislation, the Lower…
AHA Center for Health Innovation Market Scan
Concern is growing among the FBI, Congress and some health care leaders about the theft of U.S. medical research intellectual property by foreign governments…
White Papers
In this members-only white paper by the AHA Center for Health Innovation, John Riggi, senior adviser for cybersecurity and risk at the AHA, and Edward You,…
Throughout 2018 and 2019, malicious cyber actors used desktop sharing software to facilitate a range of network intrusion activities, using both authorized and…
The FBI continues to observe U.S. businesses’ reporting significant losses caused by cyber insider threat actors.