/ en Fri, 02 May 2025 11:01:04 -0500 Tue, 29 Apr 25 08:43:21 -0500 /news/headline/2025-04-29-nsa-report-includes-recommendations-ot-device-security <p>The National Security Agency April 23 released a <a href="https://media.defense.gov/2025/Apr/22/2003695617/-1/-1/0/CTR-OTAP-SMART-CONTROLLER-SECURITY-IN-NSS.PDF" target="_blank">report </a>on operational technology systems that includes recommendations for security policies and technical requirements for devices installed in national security systems. The report said that although it is tailored to NSS OT cybersecurity, those in the public and private sector can also use their OT devices to meet the outlined requirements to improve their cybersecurity infrastructure.  </p><p>鈥淣etwork and internet-connected OT devices are ubiquitous in health care too 鈥� everything from building automation systems to badge readers on doors and life-safety systems,鈥� said Scott Gee, AHA deputy national advisor for cybersecurity and risk. 鈥淲e 鈥� as a sector 鈥� need to pay close attention to OT security as well.鈥�  </p><p>For more information on this or other cyber and risk issues, contact Gee at鈥�<a href="mailto:sgee@aha.org" target="_blank">sgee@aha.org</a>. For the latest cyber and risk resources and threat intelligence, visit鈥�<a href="/cybersecurity" target="_blank">aha.org/cybersecurity</a>. </p> Tue, 29 Apr 2025 08:43:21 -0500 Risk Management /leadership-dialogue <div class="container"><div class="row"><div class="col-md-8"><img src="/sites/default/files/inline-images/leadership-dialogue-freese-decker-riggi-900x400.jpg" data-entity-uuid="40fb79e5-2979-4656-8fc4-eff5ace41045" data-entity-type="file" alt="Leadership Dialogue. A conversation with AHA Chair Tina Freese Decker and John Riggi, AHA National Advisory for Cybersecurity and Risk." width="900" height="400"><p>In this episode, Tina Freese Decker, 2025 chair of the AHA Board of Trustees, talks with John Riggi, AHA鈥檚 National Advisor for Cybersecurity and Risk. Riggi spent nearly 30 years with the FBI before joining the AHA in 2018.</p><p>Freese Decker and Riggi discuss cybersecurity and physical threats, which are significant enterprise risks for health care, regardless of size or location. Every hospital, physician group and medical center is at risk 鈥� and this risk puts the people served at risk, which is why organizations must take these threats seriously.</p><p>Riggi shared three major themes the health care field must lean into regarding cyber and physical threats. The first is leadership. Leaders and teams must recognize that cyber and physical threats are an enterprise risk issue and put the necessary resources in place to be proactive and prevent these threats from occurring. Second, third parties pose a major risk. It is important to evaluate third-party risk and put plans in place to minimize the risk as much as possible. Third, prepare, prepare, prepare! Part of preparation is educating leaders and staff and creating partnerships within the organization and in the community to be able to respond and act if and when something happens.</p><hr><p></p><hr><div></div><div class="raw-html-embed"> <details class="transcript"> <summary> <h2 title="Click here to open/close the transcript."> <span>View Transcript</span><br> </h2> </summary> <p> 00:00:01:01 - 00:00:26:02<br> Tom Haederle<br> Welcome to Advancing Health. Cybersecurity is a risk. And because of that, a priority for all hospitals and health systems. In this Leadership Dialogue, Tina Freese Decker, chair of the 黑料正能量 Association, and John Riggi, AHA鈥檚 national advisor for Cybersecurity and Risk, discuss planning for cyber attacks, putting protections in place, navigating cyber threats, and rebuilding trust and confidence in the system </p> <p> 00:00:26:04 - 00:00:31:01<br> Tom Haederle<br> when cyber attacks do occur. </p> <p> 00:00:31:04 - 00:01:00:23<br> Tina Freese Decker<br> Hello, and thank you so much for joining us today. I'm Tina Freese Decker, president CEO of Corewell Health and the board chair for the 黑料正能量 Association. From data breaches to ransomware attacks to outages, cybersecurity affects patient safety and enterprise risk and is increasingly a strategic priority for hospitals and health systems. Planning for cyber attacks and putting the proper protections in place is key to ensuring sustainability, patient privacy and clinical outcomes. </p> <p> 00:01:00:26 - 00:01:34:22<br> Tina Freese Decker<br> So I am so pleased to have the 黑料正能量 Association's John Riggi joining me for today's conversation. John is an expert in this field, and he serves as the AHA's first national advisor for cybersecurity and risk. He joined AHA in 2018 after a long, distinguished 30-year career with the FBI. He brings with him tremendous experience in the investigation and disruption of cyber threats, as well as the unique ability to provide informed risk advisory services to hospitals and health systems. </p> <p> 00:01:34:24 - 00:01:41:26<br> Tina Freese Decker<br> So before we jump into the conversation, John, can you just tell me a bit about yourself so that our audience can get to know you a little bit better? </p> <p> 00:01:41:29 - 00:02:08:13<br> John Riggi<br> Thank you, Tina, so much for inviting me here today to discuss these topics, which unfortunately, as you said, top of mind for everyone. So when I ended my 30-year career at the FBI, I still wanted to be in a position to serve. I spent a lifetime doing that, and in my last role at the FBI, my job was to establish mission critical relationships with private sector, with critical infrastructure in the health care sector in particular. </p> <p> 00:02:08:15 - 00:02:29:22<br> John Riggi<br> That's when I had the privilege and honor to be introduced to AHA and Rick Pollack in talking about cyber threats. And that's when I really learned how critical a role that the 黑料正能量 Association served for the entire health care sector. I could send over, you know, an immediate urgent alert to the and with a single press of a button </p> <p> 00:02:29:29 - 00:02:56:16<br> John Riggi<br> 5000 plus hospitals received that alert. 50,000 executives received it. So I understood at that point we needed to engage in that continuing relationship. And when I retired, fortunately for me, Rick Pollack in the team said, John, you know, we've been listening to you and we think cyber will be an emerging threat, going forward. Unfortunately, none of us realized how significant a threat it would be. </p> <p> 00:02:56:19 - 00:03:00:12<br> John Riggi<br> And so, again, my privilege and honor to be here with you today. </p> <p> 00:03:00:14 - 00:03:22:21<br> Tina Freese Decker<br> Well, we are privileged and blessed that you are part of the 黑料正能量 Association team, and you're helping us navigate so many of these issues that come forward. Let's start with kind of one of the underlying questions that I have. We've seen all these cyber and physical threats that have targeted hospitals and health systems. How have they evolved over the last, let's say, 7 to 8 years? </p> <p> 00:03:22:24 - 00:03:58:21<br> John Riggi<br> Yeah, unfortunately they've increased pretty dramatically. So not only are they increased in frequency, but also in complexity and severity of impact. So on the cyber front, we have seen a, for instance, in hacking of patient health information. In 2020, it was about 450 hacks impacting 27 million individuals, not inconsequential. Last year, last year with the Change Healthcare attack, we had 259 million Americans had their health care records stolen or compromised by foreign bad guys, by foreign bad guys. </p> <p> 00:03:58:27 - 00:04:24:17<br> John Riggi<br> If we add up the numbers, just since 2020, over 500 million Americans have had their health care records compromised or stolen. So, John, wait a minute. There's only 330 million Americans. That's the population. Meaning that every American in this country has had their health care records compromised more than once. But what really concerns us are the dramatic increase in ransomware attacks, which are often accompanied by data theft attacks. </p> <p> 00:04:24:19 - 00:04:51:12<br> John Riggi<br> So these bad guys, primarily Russian speaking, believed to be provided safe harbor by the Russian government primarily but not exclusively Russian, have increased these attacks so that the impact really is not only disablement of technology, internal networks get shut down, data gets encrypted, organizations are forced to disconnect from the internet has a very, very dramatic impact on care delivery. </p> <p> 00:04:51:15 - 00:05:18:21<br> John Riggi<br> So this resulting disruption, delay to care delivery and ultimately posing a serious risk to patient care and safety, not only for the patients in the hospital, but for the entire communities that depend on the availability of their nearest emergency department for life saving care, radiation oncology, so forth. So we've seen that evolve again very significantly, and one of the reasons I think it's evolved so dramatically. </p> <p> 00:05:18:23 - 00:05:30:21<br> John Riggi<br> Geopolitics is part of that. But I think on a very base level, we as a sector depend more and more on network and internet connected technology and data. </p> <p> 00:05:30:24 - 00:05:56:13<br> Tina Freese Decker<br> Very true. You know, I did a podcast earlier this year about trust and rebuilding confidence and trust and having that public trust in health care systems and hospitals. And when you have a cyber attack or an act of violence that targets hospitals, health systems, it impacts patients, like you said, it impacts staff and our communities. How can we go about building that trust and regaining that confidence when we have these instances occur? </p> <p> 00:05:56:15 - 00:06:06:23<br> Tina Freese Decker<br> And do you have some examples of stories or insights organizations have used that have helped them navigate those cyber threats and build that public trust? </p> <p> 00:06:06:26 - 00:06:32:07<br> John Riggi<br> Great question, Tina. And also on the on the violence side, unfortunately, as I wanted to mention as well, that's increased pretty dramatically to set the stage there. I was shocked, as a former law enforcement officer, to find out nurses are the second most assaulted profession outside of law enforcement. And, you know, we expect it as law enforcement officers to be engaged, confrontational engagements. </p> <p> 00:06:32:07 - 00:06:37:09<br> John Riggi<br> You're making arrests, but nurses who just want to deliver care to help people? Shocking. </p> <p> 00:06:37:09 - 00:06:38:19<br> Tina Freese Decker<br> It's sad and unacceptable. </p> <p> 00:06:38:23 - 00:06:58:27<br> John Riggi<br> Agree, totally. So I think how do we how do we get that trust in the community? I think one - and I think we've done a fantastic job with your leadership and the AHA - acknowledge the risk, acknowledge the threat. Let's not hide it. Let's not pretend it's not there. But then to take real steps to prepare and help mitigate the impact of these threats. </p> <p> 00:06:59:00 - 00:07:25:01<br> John Riggi<br> So now we see, on the cyber side, hospitals are actively working to develop better downtime procedures, better backup systems to help shorten the length of the impact and help recover more quickly. And work with the federal government. Exchange threat information across the sector with our partners in other sectors. And really understand if we're attacked, this isn't a stigma. </p> <p> 00:07:25:02 - 00:07:51:18<br> John Riggi<br> This isn't something that an organization failed to do. We're all in this together. And on the physical side, we're working very closely with the FBI to help develop resources to help identify and mitigate targeted acts of violence directed toward health care organizations. But most importantly, our frontline health care heroes, our frontline health care workers. And again, working with the community, this is all partnership with the community as well. </p> <p> 00:07:51:20 - 00:08:08:05<br> Tina Freese Decker<br> So I'm sure you have a top ten list of things that we could do to prevent these attacks. But if you could share the top three things that we should do to prevent these attacks and how we can be resilient. And when I say attacks, I'm talking cyber and physical. We have limited time, we have limited resources. </p> <p> 00:08:08:05 - 00:08:10:19<br> Tina Freese Decker<br> But what is the most important things that we should be doing? </p> <p> 00:08:10:22 - 00:08:36:21<br> John Riggi<br> I think the overarching umbrella that all the others follow under is leadership. And really looking at these risks, acknowledging them and ensuring that both cyber and physical risks are treated as an enterprise risk issue. And then within that, on the cyber side, making sure on the defensive side that you're following well known, well-established, recognized cyber frameworks, making sure you start there. </p> <p> 00:08:36:24 - 00:09:03:08<br> John Riggi<br> Second, really thinking about third party risk. What we have seen is that a majority, the vast majority of cyber risk, cyber attacks we face come to us through insecure third party service providers. Insecure third party technology and insecure supply chain. Doesn't negate us from our responsibility to do what we can, but we have to understand that. And then the third thing is ultimately prepare. </p> <p> 00:09:03:10 - 00:09:24:08<br> John Riggi<br> We must prepare for the attack. There's an often, I would say, overused expression in the cyber security world. It's not a matter of if, but when. It's true. But I would also change that a little bit about it's not a matter of if you will be attacked. The question is are you prepared? So focusing on resiliency and so forth. </p> <p> 00:09:24:10 - 00:09:55:13<br> John Riggi<br> And then with on the physical side, education of staff, leadership priority, and working with the FBI and local law enforcement to potentially identify ahead of an incident acts of targeted violence directed towards the hospital. And then working together as a community help mitigate and prevent that act. The police always want to respond, can respond after the FBI. But I can tell you from personal experience, we'd rather prevent a crime, prevent an act of violence than respond after the fact. </p> <p> 00:09:55:15 - 00:10:19:15<br> Tina Freese Decker<br> Agree. And I think that developing those relationships with local FBI, with local law enforcement is critical because you to your point, it's not if, but when. But we'd like to be able to prevent all of it. Having those relationships is key. So I know that the AHA has been working very closely with the FBI and some health care systems to exchange that threat intelligence and enhance collaboration across our sector </p> <p> 00:10:19:15 - 00:10:28:21<br> Tina Freese Decker<br> and with federal agencies. Can you share more about that partnership and how it has helped us in identifying and mitigating both physical and cyber threats? </p> <p> 00:10:28:24 - 00:10:51:26<br> John Riggi<br> Great question again, Tina, and thank you for highlighting what we're doing with the FBI. So on the cyber front, we've been actively engaged in cyber threat, information threat intelligence exchange. Both on a very technical level, exchanging what - without getting too technical - threat indicators, malware signatures and so forth, but also identifying big strategic threats that we may face as a sector. </p> <p> 00:10:51:28 - 00:11:19:23<br> John Riggi<br> So, for instance, working with the FBI, we helped identify last year a threat to the blood supply before it was on the government's radar. We helped the government understand that cyber attacks on hospitals are not just data theft crimes. These are truly threat to life crimes. So the federal government actually previously raised the investigative priority level of ransomware attacks on hospitals to equal that of a terrorist attack once they understood what the impact was. </p> <p> 00:11:19:24 - 00:12:00:17<br> John Riggi<br> We are working very closely with the famed Behavioral Analysis Unit of the FBI, the profilers that many books and TV shows and movies have been written about to develop resources to help hospitals identify targeted acts of violence, threats that are pending against hospitals, and again, help intercede, intervene and help prevent those attacks. We have a whole series of resources available on the first ever joint FBI and Joint Health Care Sector webpage. We're about to issue a manual coming out here within the next month or so, based upon, joint work with the FBI in the field on best practices and lessons learned to prevent these acts of violence. </p> <p> 00:12:00:17 - 00:12:06:08<br> John Riggi<br> So we have a robust, almost daily interaction with the FBI and other federal agencies. </p> <p> 00:12:06:10 - 00:12:25:15<br> Tina Freese Decker<br> It's so helpful to know that we have those robust partnerships at the national level, and then we can create it at the local level, and to make sure that we're all in this together to, help protect our patients and the people that we care for in our community. So that's wonderful. My last question for you is just one about how we look forward. </p> <p> 00:12:25:17 - 00:12:38:26<br> Tina Freese Decker<br> Can you tell us what you think about is going to happen in the threat environment for 2025 and maybe into 2026? What are those things we should be watching, looking out for? And is there anything positive that you can see? </p> <p> 00:12:38:29 - 00:13:11:18<br> John Riggi<br> I will let you know there is some hope. Talk about the realistic environment. Then we'll talk about where I see the hope. So first of all, I do believe that the frequency of the attacks may decrease, but I think the bad guys are looking to make a greater impact. We have seen them go after systemically important organizations that serves health care. Change Healthcare, for example. Last year, attacks against the blood supply. The year before they attacked - found vulnerabilities in a commonly used technology and software known as Move It. </p> <p> 00:13:11:21 - 00:13:41:03<br> John Riggi<br> By attacking that software, it gave the bad guys, a Russian ransomware group, were able to gain access to millions and millions of patient records. I do believe geopolitics will have a very significant influence, for better or worse, on the level of cyber threat we face. Depending on how we deal in the outcomes of our negotiations, of our diplomatic efforts with Russia, China, North Korea and Iran has the potential to mitigate or increase the cyber threats that we face. </p> <p> 00:13:41:05 - 00:14:08:19<br> John Riggi<br> And ultimately, again, third party risk, major, major issue. Where do I see the signs of hope? And there are signs of hope, folks. Honestly, I have never seen the sector come together to share threat information to prepare for attacks, best practices, lessons learned not only amongst the sector. We see channels of threat information sharing and best practice across with other critical and sectors, with the federal government. </p> <p> 00:14:08:21 - 00:14:45:26<br> John Riggi<br> We've had victim organizations, CEOs come out publicly. Dr. Leffler from University of Vermont, Chris Van Gorder from Scripps. We've had Eduardo Conrado from the recent attack against Ascension not only come out publicly, but testify before the UN Security Council last November about the impact of this Russian ransomware attack against Ascension. So what I see is hope. The fact we are banding together and with the government and I hope, as we did in the great fight against terror, international terrorism, we will come together in a whole of nation approach to help mitigate that risk. </p> <p> 00:14:46:01 - 00:15:09:17<br> John Riggi<br> Now, Tina, I know I've done a lot of speaking here, and if I may, and with all due respect, I'd like to ask you a question if I could. Tina, in your role, you have very unique dual role. You're CEO of a large health system, and you're also the chair of the 黑料正能量 Association board. So how do you think about cyber and physical threats for your own organization </p> <p> 00:15:09:19 - 00:15:11:20<br> John Riggi<br> but on a national level? </p> <p> 00:15:11:22 - 00:15:33:26<br> Tina Freese Decker<br> Well, I believe that cyber and physical threats must be prioritized. It's a strategic risk. We have to understand how we focus on it, and we have to significantly prioritize it and emphasize what we're doing there. Previously, maybe 5 or 10 years ago, it was just thought of as a technical issue. It's not that. It's how we operate. Because like you said, we're so connected, </p> <p> 00:15:33:26 - 00:16:01:07<br> Tina Freese Decker<br> it's critical infrastructure and we must make sure that we are coming together. So for us as an organization, we prioritize our efforts, our investments, our work on it, but also prioritize business assurance. So how do we operate and make sure that everyone understands all the key components and the lessons that you shared on this discussion today, but also when we've had conversations before, how are we making sure that we know those and our teams know those? </p> <p> 00:16:01:09 - 00:16:25:19<br> Tina Freese Decker<br> I think the importance of safeguarding sensitive patient data and ensuring the integrity of our systems cannot be overstated. And that applies for my organization, and that applies for all of our members throughout the 黑料正能量 Association. And so I think those are some critical points. As we think about this it is making sure that we are safeguarding sensitive patient data and ensuring the integrity of our systems, as we go forward. </p> <p> 00:16:25:19 - 00:16:59:14<br> Tina Freese Decker<br> That cannot be overstated. And as we do that, I think we all uphold that level of commitment to excellence that our patients and the people in our community want. So, John, thank you so much for your time today, for sharing your expertise. While we may not be able to prevent or mitigate everything, you have given us such great advice and we should make sure we take that down, but also listen to many of your podcasts that you put out or the Action Alerts that you sent through because they are helpful and direct and provide that great advice to move forward. </p> <p> 00:16:59:16 - 00:17:17:11<br> Tina Freese Decker<br> And I know that you are available to connect with all of our members if there is a specific situation, or they just want to learn more to make sure that we're better. So thank you, John, for being here. And thank you to all of those that have tuned in to this conversation. We will be back next month for another Leadership Dialogue. </p> <p> 00:17:17:13 - 00:17:25:24<br> Tom Haederle<br> Thanks for listening to Advancing Health. Please subscribe and rate us five stars on Apple Podcasts, Spotify, or wherever you get your podcasts. </p> </details> </div></div><div class="col-md-4"><div class="views-element-container"> <section class="top-level-view js-view-dom-id-53870511b7339967d72857de1d660b44ea0bef1581a018fbde7ca143fcd9dcf3 resource-block"> <h2>Previous Leadership Dialogues and Rounds</h2> <div class="resource-wrapper"> <div class="resource-view"> <div class="article views-row"> <div class="views-field views-field-title"> <span class="field-content"><a href="/news/chairpersons-file/2025-03-31-chair-file-leadership-dialogue-importance-advocacy-and-storytelling-rural-health-lori" hreflang="en">Chair File: Leadership Dialogue 鈥� Importance of Advocacy and Storytelling in Rural Health with Lori Wightman, R.N., CEO of Bothwell Regional Health Center</a></span> </div><div class="views-field views-field-created"> <span class="field-content"><time datetime="2025-03-31T10:49:30-05:00">Mar 31, 2025</time> </span> </div></div> <div class="article views-row"> <div class="views-field views-field-title"> <span class="field-content"><a href="/news/chairpersons-file/2025-02-24-chair-file-leadership-dialogue-advancing-health-and-building-trust-lynn-hanessian-and-robert" hreflang="en">Chair File: Leadership Dialogue 鈥� Advancing Health and Building Trust with Lynn Hanessian and Robert Trestman, M.D.</a></span> </div><div class="views-field views-field-created"> <span class="field-content"><time datetime="2025-02-24T08:21:34-06:00">Feb 24, 2025</time> </span> </div></div> <div class="article views-row"> <div class="views-field views-field-title"> <span class="field-content"><a href="/news/chairpersons-file/2025-01-27-chair-file-leadership-dialogue-tackling-todays-health-care-challenges-aha-leaders-stacey" hreflang="en">Chair File: Leadership Dialogue 鈥� Tackling Today鈥檚 Health Care Challenges with AHA Leaders Stacey Hughes and Ashley Thompson</a></span> </div><div class="views-field views-field-created"> <span class="field-content"><time datetime="2025-01-27T09:40:27-06:00">Jan 27, 2025</time> </span> </div></div> <div class="article views-row"> <div class="views-field views-field-title"> <span class="field-content"><a href="/news/chairpersons-file/2024-12-16-leadership-dialogue-assessing-health-care-challenges-and-successes-tina-freese-decker" hreflang="en">Leadership Dialogue 鈥� Assessing Health Care Challenges and Successes With Tina Freese Decker, President and CEO of Corewell Health</a></span> </div><div class="views-field views-field-created"> <span class="field-content"><time datetime="2024-12-16T08:16:44-06:00">Dec 16, 2024</time> </span> </div></div> <div class="article views-row"> <div class="views-field views-field-title"> <span class="field-content"><a href="/news/chairpersons-file/2024-11-18-leadership-dialogue-advancing-health-care-innovation-amy-perry-president-and-ceo-banner" hreflang="en">Leadership Dialogue 鈥� Advancing Health Care Innovation with Amy Perry, President and CEO of Banner Health</a></span> </div><div class="views-field views-field-created"> <span class="field-content"><time datetime="2024-11-18T10:04:06-06:00">Nov 18, 2024</time> </span> </div></div> </div> </div> <div class="more-link"><a href="/topics/leadership-dialogue">Watch More Leadership Dialogues and Rounds Videos</a></div> </section> </div> </div></div></div> Mon, 28 Apr 2025 10:30:00 -0500 Risk Management /news/headline/2025-03-26-nih-study-finds-light-levels-daily-activity-can-reduce-cancer-risk <p>A <a href="https://www.nih.gov/news-events/news-releases/daily-physical-activity-even-light-intensities-linked-lower-cancer-risk" target="_blank">study</a> published March 26 by the National Institutes of Health and the University of Oxford found that individuals who engaged in light and moderate-to-vigorous daily physical activity had a lower cancer risk than those with more a sedentary lifestyle. The study found that higher daily step counts, but not pace, was also associated with a lower cancer risk. In comparison to cancer risk for individuals taking 5,000 steps per day, risk was 11% lower for those taking 7,000 steps per day and 16% lower for those taking 9,000 steps per day. Risk reduction plateaued beyond 9,000 steps. </p> Wed, 26 Mar 2025 15:31:38 -0500 Risk Management /news/headline/2025-02-19-one-year-after-change-healthcare-cyberattack-aha-report-discusses-lessons-learned-and-continued-need <p>Nearly one year after the cyberattack on Change Healthcare, the AHA released a <a href="/change-healthcare-cyberattack-underscores-urgent-need-strengthen-cyber-preparedness-individual-health-care-organizations-and" title="Change report">report</a> highlighting the continued need for health care organizations to strengthen cybersecurity efforts and mitigate risk.  </p><p>鈥淭he cyberattack on Change Healthcare in February 2024 disrupted health care operations on an unprecedented national scale, endangering patients' access to care, disrupting critical clinical and eligibility operations, and threatening the solvency of the nation's provider network,鈥� the report said.  </p><p>Among other areas, the report highlights lessons learned, including how third-party cyber risk is the most significant and disruptive cyber threat to health care; actions health care organizations can take to mitigate cyber risk; and resources from the AHA and federal government that can assist organizations with strengthening cybersecurity efforts.<br> </p> Wed, 19 Feb 2025 15:05:26 -0600 Risk Management /cybersecurity/preferred-cybersecurity/preferred-risk Fri, 24 Jan 2025 15:35:44 -0600 Risk Management .entity-moderation-form {display: none;} <h2 class="text-align-center"><span>Testimonials</span></h2> Fri, 27 Dec 2024 13:12:41 -0600 Risk Management /education-events/navigating-health-care-cybersecurity-storm-strategies-resilience-and-risk-reduction <p><em><strong>AHA Leadership Scan: A Series of Virtual Panel Discussions</strong></em></p><p><strong>Navigating the Health Care Cybersecurity Storm: Strategies for Resilience and Risk Reduction </strong><br><em>Tech leaders share impactful strategies to reduce risk</em></p><p><strong>Thursday, September 26, 2024 </strong><br><em>1 - 2 p.m. Eastern; noon - 1 p.m.鈥疌entral;鈥�10 - 11 a.m. Pacific  </em> <br> </p><div class="webreplay"> .webreplay{ border: solid 2px #777; padding: 15px 5px; margin: 0 0 10px 15px; } @media (min-width:360px){ .webreplay{ min-width: 290px; float: right; } } <h2 class="text-align-center"><small>On-demand Webinar</small></h2> MktoForms2.loadForm("//sponsors.aha.org", "710-ZLL-651", 4043);</div><p><br>The health care sector is being broadsided by cyberattacks on all fronts, impacting everything from patient care to critical supplies, finances, patient data and more. Today鈥檚 complex and rapidly evolving cyberthreat landscape demands that health care leaders and executives adopt impactful cybersecurity strategies to reduce risk across all operational areas.  </p><p> </p><p>Join us for a deep-dive discussion among top health care field leaders and executives on these issues and how to maintain continuity of care during the critical first 30 days after a cybersecurity breach. Our panel will address:</p><p><strong>Current cybercrime threats and challenges.</strong> Learn what data give cybercriminals the strongest leverage for financial and political gain and why they increasingly are targeting the supply chain. Explore how adversaries are using artificial intelligence in credential-based attacks and why hospital staffs are vulnerable to unintentional insider threats.</p><p><strong>Prioritizing and funding cybersecurity initiatives.</strong> Examine the long-term repercussions of underinvestment in cybersecurity and how to prioritize investments to eliminate technical debt and address vulnerabilities. Learn key considerations for balancing investments in new technologies versus existing systems.</p><p><strong>Risk-assessment considerations in mergers and acquisitions (M&A).</strong> Identify key cybersecurity considerations during the due-diligence phase of health care M&As. Explore how to ensure seamless and secure systems integration during M&A transitions.</p><p><strong>Cyber resilience and recovery.</strong> Assess your organization鈥檚 cyber resilience level and ability to recover from an attack. Learn best practices to ensure quick recovery with minimal disruption after a cyberattack.</p><h3><small class="sm">Learning objectives:</small></h3><ul><li>To identify cybersecurity threats to hospitals and health systems and develop comprehensive response strategies.</li><li>To develop priorities and ensure proper funding for cybersecurity initiatives.</li><li>To proactively address cybersecurity risk considerations before, during and after a merger or acquisition.</li><li>To benefit from the collective insights of front-line technology leaders who have successfully responded to cyberthreats.</li><li>To build greater organizational resiliency to minimize disruption from a cyberattack and speed recovery.</li></ul><h3><small class="sm">Session Panelists:  </small></h3><div><div><p paraid="1674947820" paraeid="{7b3feff9-f7cb-4f01-a9fc-9e13a0c72bf6}{206}">Less Stoltenberg, CPA, CISSP  <br><em>Vice President and Chief Cybersecurity Officer/CISO </em><br><strong>The University of Texas MD Anderson Cancer Center </strong></p><p paraid="1262521846" paraeid="{7b3feff9-f7cb-4f01-a9fc-9e13a0c72bf6}{216}">Sunil Dadlani <br><em>EVP, Chief Information & Digital Transformation Officer </em><br><strong>Atlantic Health System </strong></p></div><p paraid="696272232" paraeid="{bf886abc-0e94-481c-87bd-9f0b42ca031a}{109}">Adam Zoller <br><em>Chief Information Security Officer </em><br><strong>Providence  </strong> </p></div><div><p paraid="1693205562" paraeid="{bf886abc-0e94-481c-87bd-9f0b42ca031a}{133}">Kelly Summers <br><em>Consultant 鈥� Interim SVP and Chief Information Officer </em><br><strong>Valleywise Health</strong></p></div><p>Amit Gaur <br><em>Managing Director and Health Security Lead </em><br><strong>Accenture</strong></p><h3><small class="sm">AHA Moderator:  </small></h3><p>John Riggi   <br><em>National Advisor for Cybersecurity and Risk</em>   <br><strong>The 黑料正能量 Association</strong></p><p>By attending the AHA Leadership virtual panel discussion "Navigating the Health Care Cybersecurity Storm: Strategies for Resilience and Risk Reduction" offered by the AHA, participants may earn up to <strong>1 ACHE Qualified Education Hour </strong>toward initial certification or recertification of the Fellow of the American College of Healthcare Executives (FACHE) designation. <br> </p> Fri, 16 Aug 2024 13:50:12 -0500 Risk Management /news/headline/2024-04-23-boardroom-brief-encouraging-risk-aware-culture-drive-value <p>A new <a href="https://trustees.aha.org/boardroom-brief-encouraging-risk-aware-culture-drive-value">Boardroom Brief</a> from AHA Trustee Services and the American Society for Health Care Risk Management offers guidance and resources to help boards drive value through enterprise risk management. 鈥淏oards that understand the ERM framework and its key concepts will be better able to manage uncertainty, act as effective stewards and fiduciaries and focus on the issues critical to creating greater value for their organizations and stakeholders,鈥� the brief notes.</p> Tue, 23 Apr 2024 15:20:10 -0500 Risk Management /career-resources/certification-center/cphrm <div> /* Banner_Title_Overlay_Bar */ .Banner_Title_Overlay_Bar { position: relative; display: block; overflow: hidden; max-width: 1170px; margin: 0px auto 25px auto; } .Banner_Title_Overlay_Bar h1 { position: absolute; bottom: 40px; color: #003087; background-color: rgba(255, 255, 255, .8); width: 100%; padding: 20px 40px; font-size: 3em; box-shadow: 0 3px 8px -5px rgba(0, 0, 0, .6); } @media (max-width:991px) { .Banner_Title_Overlay_Bar h1 { bottom: 0px; margin: 0px; font-size: 2.5em; } } @media (max-width:767px) { .Banner_Title_Overlay_Bar h1 { font-size: 2em; text-align: center; text-indent: 0px; padding: 10px 20px; } } @media (max-width:530px) { .Banner_Title_Overlay_Bar h1 { position: relative; background-color: #63666A22; } } <header class="Banner_Title_Overlay_Bar"><img src="/sites/default/files/2024-04/aha-cc-cphrm-banner-image-1170x250.png" alt="Banner Image"><div><h1>Certified Professional in Health Care Risk Management (CPHRM)</h1></div></header></div><div class="row"> p.center_Lead { color: #63666A; font-weight: 300; line-height: 1.4; font-size: 21px; margin-bottom:25px; } <div class="col-md-9"><p class="center_Lead">Take your career in health care risk management to the next level. Obtaining the Certified Professional in Health Care Risk Management (CPHRM) certification is the next step to demonstrate your experience and expertise in the health care risk field.</p><p class="center_Lead">The CPHRM is a prerequisite for many of the best jobs in the field. Earn your CPHRM and continue to build an exciting career.</p><p class="center_Lead">Learn about how to get certified or how to renew your <a href="#Certifications" title="Jump to Health Care Certifications For Professional Development">certification below</a> or visit <a href="https://www.ashrm.org/education/cphrm" target="_blank" title="Visit American Society for Health Care Risk Management | CPHRM Certification">American Society for Health Care Risk Management </a>(ASHRM).</p></div><div class="col-md-3"><div><h4 class="text-align-center"><a href="/career-resources/certification-center" title="黑料正能量 Association Certification Center (AHA-CC)">黑料正能量 Association Certification Center (AHA-CC)</a></h4><img src="/sites/default/files/2023-08/CPHRM_logo_250x250.png" alt="Certified Professional in Health Care Risk Management (CPHRM) Logo"><ul><li><a href="#Resources" title="Here you will find links to forms, documents, and other relevant content"><strong>Program Resources</strong></a></li><li>P: <a href="(312) 422-3702" title="Call the Certification team">(312) 422-3702</a></li><li>E: <a href="mailto:certification@aha.org?subject=Info%20about%20the%20AHA%20Certification%20Center:%20CPHRM" title="Email the Certification team">certification@aha.org</a></li></ul></div></div></div><div class="row" id="Certifications"> /* PFLmenu */ .PFLmenu { margin: 20px auto; padding-bottom: 5px; color: #afb1b1; letter-spacing: 1.5px; font-weight: 400; font-size: .9em; width: 100%; } .PFLmenu .PFLMenuBar { border: 1px solid #5fa1d0; padding: 5px 10px; overflow: auto; width: fit-content; margin: auto; } .PFLmenu .PFLMenuBar .PFLmenuGroup a:after { content: "|"; padding: 0 3px 0 6px; color: #9d2235; font-weight: 700; } .PFLmenu .PFLMenuBar .PFLmenuGroup a:last-child:after { content: ""; } .PFLmenu a.PFLmenuHome { text-transform: uppercase; color: #63666A; font-weight: 700; } .PFLmenu a.PFLmenuHome:hover { color: #9d2235; } .PFLmenu .PFLmenuGroup { float: right; } .PFLmenu .PFLmenuHome, .PFLmenu .PFLmenuParent { text-transform: ; color: #63666A; opacity: .9; } .PFLmenu .PFLmenuParent { float: ; font-weight: 700; } .PFLmenu .PFLmenuChild {} .PFLmenu .PFLmenuCurrent { opacity: .7; } .PFLmenu .PFLmenuHome:hover, .PFLmenu .PFLmenuParent:hover { text-transform: ; color: #9d2235; } .PFLmenu .PFLmenuActive { font-weight: 500; color: #9d2235; } /* PFLmenu // */ <div class="PFLmenu"><div class="PFLMenuBar"><div class="PFLmenuGroup"><a class="PFLmenuParent" href="#Qualify" title="Jump to: Do I Qualify for Certification">Do I Qualify for Certification</a> <a class="PFLmenuParent" href="#Logistics" title="Jump to: Testing Logistics">Testing Logistics</a> <a class="PFLmenuParent" href="#Process" title="Jump to: Recertification Process">Recertification Process</a> <a class="PFLmenuParent" href="#Study" title="Jump to: Study Resources">Study Resources</a></div></div></div></div> .SessionWrapper { border: solid 1px #aaa; margin-bottom: 20px; } h2.SessionTitle { font-weight: 700; background-color: #003087; color: #fff; padding: 15px; margin-top: 0px; margin-bottom: 25px; font-size: 33px; } .SessionEvents { margin-bottom: 30px; } .SessionEvents br { margin-bottom: 10px; } .SessionEvents h3 { font-size: 30px; } .SessionEvents h4 { */color: #9d2235;*/ } .SessionEvents ul { list-style: none; /* Remove default bullets */ padding-left: 25px; margin-bottom: 25px; } .SessionEvents ul li { margin-bottom: 7px; line-height: 1.5em; font-size: 16px; } .SessionEvents ul li::before { content: " "; font-size: 1em; margin-right: 10px; display: inline-block; height: 12px; background-color: #9d2235; width: 12px; position: relative; top: 0px; } .SessionEvents ul li { padding-left: 23px; text-indent: -23px; } <div class="row SessionWrapper" id="Qualify"><h2 class="SessionTitle">Do I Qualify for Certification?</h2><div class="SessionEvents"><div class="col-md-1"> </div><div class="col-md-10"><h3 id="Researchers">Eligibility for the examination requires <span>ONE</span> of the following <span>AND</span> meeting the requirement for risk management experience:</h3><h4>Education/Health Care Experience</h4><ul><li>Baccalaureate degree or higher from an accredited college or university plus five (5) years of experience in a health care setting or with a provider of services to the health care industry.</li><li>Associate degree or equivalent from an accredited college plus seven (7) years of experience in a health care setting or with a provider of services to the health care industry.</li><li>High school diploma or equivalent plus nine (9) years of experience in a health care setting or with a provider of services to the health care industry.</li></ul><h4>Risk Management Experience</h4><p>3,000 hours or 50 percent of full-time job duties within the last three years dedicated to health care risk management in a health care setting or with a provider of services (e.g. consultant, broker, or attorney) to the health care industry.</p></div><div class="col-md-1"> </div></div></div><div class="row SessionWrapper" id="Logistics"><h2 class="SessionTitle">Testing Logistics</h2><div class="SessionEvents"><div class="col-md-1"> </div><div class="col-md-10"> <img alt="medical staff with hand to head" src="/sites/default/files/2022-09/spg_job_stressor_400.png"> </div>--><p>The 黑料正能量 Association Certification Center contracts with PSI to administer its certification exams.</p><p>Eligible candidates <a href="http://ams.aha.org/eweb/DynamicPage.aspx?webcode=AHACertApply&ct1_credential=CPHRM&ct2_process=CPHRM_APP" title="Apply">must apply</a> to take the exam with the 黑料正能量 Association Certification Center. Once the candidate purchases their exam, they can schedule their exam with PSI through the <a href="https://ams.aha.org/eweb/dynamicpage.aspx?webkey=c2d2b8a9-0b78-4ff4-88c2-1fd4ebbd2302" title="AHA Certification Portal">AHA Certification Portal</a>. Candidates can schedule their exam with PSI at an approved <a href="https://home.psiexams.com/#/test-center?p=NGH9CHWN" title="Find an Exam Center">testing center</a> or they can schedule a <a href="https://www.psiexams.com/wp-content/uploads/2023/07/PM-Online-Proctoring-Full-Guide.pdf" target="_blank" title="PSI | Testing Excellence: Online Proctoring Guide">live-remote proctored</a> exam with PSI.</p><p>If you need to reschedule an exam, log in to the <a href="http://ams.aha.org/eweb/DynamicPage.aspx?webcode=AHACertApply&ct1_credential=CPHRM&ct2_process=CPHRM_APP" target="_blank" title="Online Certification Management Portal">Online Certification Management Portal</a>.</p><h3>Exam cost:</h3><ul><li>$275 for ASHRM members</li><li>$425 for non-members</li><li>Eligible veterans can have the cost of their <a href="https://www.va.gov/education/about-gi-bill-benefits/how-to-use-benefits/test-fees/" target="_blank" title="U.S. Department of Veterans Affairs| Get paid back for test fees">exam reimbursed</a></li></ul><p>Candidates that pass their exam can expect to receive their official certification from the 黑料正能量 Association Certification Center two to four weeks after their testing date. Please contact the <a href="mailto:certification@aha.org?subject=Info%20about%20the%20AHA%20Certification%20Center:%20CPHRM" title="Email the Certification team">黑料正能量 Association Certification Center</a> if you have questions about a certification or need the receipt for the exam for your records.</p></div><div class="col-md-1"> </div></div></div><div class="row SessionWrapper" id="Process"><h2 class="SessionTitle">Recertification Process</h2><div class="SessionEvents"><div class="col-md-1"> </div><div class="col-md-10"><h3>Certificants can renew their certification in <span>two</span> ways:</h3><ul><li><strong>Option 1:</strong> Track and renew your CE credits by logging into your <a href="https://ams.aha.org/eweb/dynamicpage.aspx?webkey=c2d2b8a9-0b78-4ff4-88c2-1fd4ebbd2302" target="_blank" title="Certification Portal">Certification Portal</a> and <a href="/system/files/media/file/2019/05/AHA_CC-CPHRM-QualifyingActivities.pdf" target="_blank" title="AHA CC CPHRM Qualifying Activities">documenting 45 qualifying contact hours</a> over your three-year certification period.</li><li><strong>Option 2:</strong> Successfully pass the CPHRM exam.</li></ul><p>Certificants may submit their renewal <span><strong>one year</strong></span> before the current expiration date. However, if you submit your application early, that will not change the expiration date or extend the next renewal cycle. Your 45 contact hours must fall within the three-year certification dates.</p><h3>Renewal fees:</h3><ul><li>$135 for ASHRM members</li><li>$225 for non-members</li></ul><p><em><small>Additional $50 if renewing in the 30 days after your expiration date.</small></em></p><p><em><small>You can submit your certification renewal up to 30 days after your expiration date with a $50 late fee. However, you cannot submit CECs you earned during this 30-day extended grace period. If you do not submit your renewal by the end of the 30-days, you will have to retake and successfully pass the exam to reinstate your credential.</small></em></p><p><em><small>The 黑料正能量 Association Certification Center may grant an extension of time to a certificant to complete the number of Continuing Education Credits (CECs) required for a recertification cycle. An extension of time shall not relieve the applicant of the responsibility for completion of the recertification requirements for the cycle in which the extension period falls. A certificant with a credential in Revoked status is NOT eligible to request an extension.</small></em></p></div><div class="col-md-1"> </div></div></div><div class="row SessionWrapper" id="Study"><h2 class="SessionTitle">Study Resources</h2><div class="SessionEvents"><div class="col-md-1"> </div><div class="col-md-10"><ul><li>Review the <a href="https://www.ashrm.org/education/cphrm" target="_blank" title="ASHRM | CPHRM Certification">ASHRM resource page</a> to see a list of materials and classes offered for CPHRM exam preparation.</li><li>Take the <a href="https://www.psionlinestore.com/aha/" target="_blank" title="psi Testing Excellence | AHA (黑料正能量 Association Certification Center)">SAE-Self Assessment Exam</a>, an online test that parallels the actual certification exam.</li></ul></div><div class="col-md-1"> </div></div></div> .y-hr3 div:nth-child(2){ border-top: solid 2px lightgrey; margin: 25px 0px } <div class="row y-hr3"><div class="col-md-3"> </div><div class="col-md-6"> </div><div class="col-md-3"> </div></div><div class="row"><div class="col-md-12" id="Resources"><div class="col-md-12"><h2>Program Resources</h2></div><div class="col-md-4 col-sm-6"><h3>Quick Links</h3><ul><li><a href="http://www.ashrm.org/" target="_blank">ASHRM</a></li><li><a href="/system/files/media/file/2019/05/AHA_CC-CPHRM-Handbook.pdf" target="_blank" title="AHA CC CPHRM Handbook">Candidate Handbook</a></li><li><a href="https://ams.aha.org/eweb/DynamicPage.aspx?site=aha&WebCode=runreports&RedirectUrl=https%3A%2F%2Fams.aha.org%2Feweb%2FReports%2FReportStart.aspx%3FReportKey%3Dc61e4e61-dc4e-4cc3-a20c-790963bebfd3%26cpg_code%3Dcphrm%26new_certs%3Dno&_ga=2.75725717.1619578656.1508702991-352981974.1508351712" target="_blank" title="Credential Verification">Credential Verification</a></li><li><a href="https://ams.aha.org/eweb/dynamicpage.aspx?webkey=c2d2b8a9-0b78-4ff4-88c2-1fd4ebbd2302" target="_blank" title="Certification Portal">Certification Portal</a></li></ul></div><div class="col-md-4 col-sm-6"><h3>Forms</h3><ul><li><a href="/system/files/media/file/2023/11/AHA-CC-W9.pdf" target="_blank" title="View the W9">W9</a></li><li><a href="/system/files/media/file/2023/02/AHA_CC-Pin-Cert-form.pdf" target="_blank" title="View the Certificate/Pin Order Form">Certificate/Pin Order Form</a></li><li><a href="/system/files/media/file/2024/05/AHA_CC-Logo-form.pdf" target="_blank" title="View the Logo Order Form">Logo Order Form</a></li></ul></div><div class="col-md-4 col-sm-12"><h3>Health Care Certifications</h3><ul><li><a href="/career-resources/certification-center#PatientSafety" title="Patient Safety Professionals">Patient Safety Professionals</a></li><li><a href="/career-resources/certification-center#EnvironmentalServices" title="Environmental Services Professionals">Environmental Services Professionals</a></li><li><a href="/career-resources/certification-center#Facilities" title="Facilities Professionals">Facilities Professionals</a></li><li><a href="/career-resources/certification-center#Construction" title="Construction">Construction</a></li><li><a href="/career-resources/certification-center#SupplyChain" title="Supply Chain">Supply Chain</a></li></ul></div></div></div> Thu, 11 Apr 2024 12:05:46 -0500 Risk Management /news/headline/2022-06-21-health-care-risk-management-week-celebrates-risk-management-professionals <p>The AHA鈥檚 American Society for Health Care Risk Management is celebrating Health Care Risk Management Week, which honors health care risk management professionals by highlighting the issues and solutions they encounter every day. Learn how you can participate <a href="https://www.ashrm.org/resources/hrm-week">here</a>. </p> Tue, 21 Jun 2022 15:52:15 -0500 Risk Management