Advancing Health Podcast Episode Summary

Episode: Operation Winter Shield: The FBI's Campaign Against Cyberthreats Part 1
Date: February 9, 2026
Host: John Riege, American Hospital Association
Guests:

• Brett Leatherman, Assistant Director, FBI Cyber Division
• Gretchen Burrier, Assistant Director, FBI Office of Private Sector

Episode Overview

This episode introduces "Operation Winter Shield," the FBI’s new 60-day nationwide effort to bolster protection against cybercrime, with a particular focus on the healthcare sector. Host John Riege engages FBI leaders Brett Leatherman and Gretchen Burrier in a wide-ranging conversation about contemporary cyber threats, actionable defenses, and the power of public-private partnership to increase national resilience. The discussion explores operational tactics, nation-state threats, ransomware trends, and how hospitals and health systems can work directly with the FBI.

Key Discussion Points and Insights

1. Launch and Purpose of Operation Winter Shield

[02:22]

• Operation Winter Shield launched February 1st.
• A 60-day campaign aimed at mobilizing the whole of society—government agencies, critical infrastructure sectors, including healthcare, and even small businesses—to implement cybersecurity best practices.
• Uniqueness: Not just a federal government operation, but a call for collective action involving the entire nation and specifically targeting critical infrastructure resilience.

“Operation Winter Shield is different in that it requires all of us, everybody listening to this podcast to come together and work together to reduce risk to critical infrastructure, to healthcare and to the homeland from both state and criminal cyber actors.”
— Brett Leatherman [02:01]

2. The “Top Controls” for Defending Healthcare

[04:10]

• The FBI distilled its advice into the top ten controls; the top five highlighted include:
  • Phish-resistant authentication
  • Risk-based vulnerability management
  • Scheduled retirement of end-of-life edge devices
  • Maintaining offline and immutable backups (especially vital in healthcare to recover from breaches)
  • Analyzing and mitigating third-party risk

"Health care continues to be...the number one targeted entity within critical infrastructure...there is a low tolerance for downtime because there is patient and life safety implications."
— Brett Leatherman [04:04]

• 95% of breaches exploit one or more of these controls.

3. The Nation-State Threat Landscape

[06:10]

• China's “Typhoon” Campaigns:
  • PRC-sponsored “Volt Typhoon” and “Flax Typhoon” operations (2024–2025) target end-of-life devices located inside the U.S., leveraging their position on trusted networks to pivot into sensitive organizations.
• Russia, Iran, North Korea:
  • All continue to focus on critical infrastructure (healthcare, financial, electric grid) to pre-place capabilities and exploit weakest links (lack of MFA, out-of-date technology).
  • They “follow the model of that path of least resistance” rather than deploying the most advanced cyber weapons.

"They’re not using highly sophisticated zero days to attack us. That's why these basic controls are so important to help mitigate the threat."
— John Riege [07:10]

4. Ransomware: The Ongoing Menace

[09:53]

• Major Russian ransomware groups are highly active and are evolving to attack not just individual hospitals but ecosystems and supply chains (example: Change Healthcare attack).
• FBI's advice:
  • Deeply analyze third-party/vendor risk
  • Balance prevention with better detection, as many actors persist in systems for extended periods (“dwell time” over 270 days on average in healthcare).
  • Ransomware actors (e.g., “Scattered Spider”) increasingly use social engineering to gain access.

“We've also got to detect the adversary when they get in. We can't stop them 100% of the time.”
— Brett Leatherman [10:37]

5. The Value and Mechanics of FBI–Private Sector Partnerships

[12:00]

• Increasingly, front lines of national security run through the private sector (including hospitals).
• The Office of Private Sector serves as a bridge between FBI operational divisions and private entities—any company unsure of FBI contacts can reach out for support.
• Every FBI field office has a private sector coordinator, facilitating real, two-way engagement.
• Information sharing is vital: Early reports help the FBI “connect the dots” and alert others.
• The Office offers programs such as the Domestic Security Alliance Council (DSAC) and InfraGard for deeper collaboration.

"The reality today is that the front lines of national security, they're increasingly running through the private sector... The mission and focus of my team... is to make sure these companies don't face those threats alone."
— Gretchen Burrier [12:03]

• Hospitals are encouraged to reach out and make use of these partnerships; experience shows that FBI engagement at exercises and real events is impactful and collaborative in nature.

Notable Quotes & Memorable Moments

• On collective defense:
  "This is meant to pull all of us together in support of that national defense and national security mission."
  — Brett Leatherman [03:29]

• On the challenge for healthcare:
  “Financial constraints that we are faced with as well. We know what to do. This reinforcement from the FBI really gives validation to that.”
  — John Riege [05:22]

• On supply chain risk:
  “These supply chain breaches are incredibly important. And that goes back to one of our Winter Shield advisory statements which is to analyze third party risk.”
  — Brett Leatherman [10:05]

• On reality of partnership:
  “It is real world, side by side and the reality is a lot of the expertise and experience and evidence in intel lies with the private sector on our network.”
  — John Riege [14:58]

Timestamps for Key Segments

• [01:22] — Introduction and context for Operation Winter Shield
• [02:45] — Purpose and collective approach of the campaign
• [04:10] — Top five cybersecurity controls and emphasis on healthcare
• [06:10] — Discussion of China’s campaigns and end-of-life device exploitation
• [07:31] — Risks posed by Russia, Iran, North Korea
• [09:53] — Ransomware threat landscape and supply chain vulnerabilities
• [12:00] — FBI’s Office of Private Sector’s mission and information sharing mechanics
• [14:32] — Real-world partnership benefits and closing remarks

Tone and Style

The conversation is candid, collaborative, and mission-driven, with a balance of urgency (given relentless threats) and optimism about the power of partnership. John Riege and the FBI leaders convey a clear message: practical, collective action is the best defense, and information sharing is both a responsibility and a force multiplier.

Takeaways for Healthcare Leaders

• Implement the FBI’s top “controls”—they work, even against advanced threats.
• Engage with the FBI proactively through local field offices, the Office of Private Sector, and established programs like InfraGard and DSAC.
• Share incidents and indicators with federal partners to help safeguard not only your institution but the wider ecosystem.
• Don’t overlook third-party and supply chain vulnerabilities—attacks increasingly target these pathways.
• Balance prevention with detection and rapid response—the faster threats are detected, the less damage done.

Stay tuned for Part 2, where the conversation promises deeper dives and more actionable insights.