Advancing Health Podcast Summary

Episode: Operation Winter Shield: The FBI's Campaign Against Cyberthreats Part 2
Date: February 11, 2026
Host: American Hospital Association
Guests:

Brett Leatherman, FBI Cyber Division Assistant Director
Gretchen Burrier, FBI Office of Private Sector Assistant Director
John Rigi, National Advisor for Cybersecurity and Risk, AHA (Moderator)

Episode Overview

This episode delves into the ongoing collaboration between the FBI and the American Hospital Association to confront escalating cyber threats targeting the U.S. health care sector. The discussion highlights how nation-state actors leverage criminal groups, the evolving role of artificial intelligence in both attacks and defenses, the importance of deep public-private partnerships, and practical guidance for hospitals on engaging with the FBI before and during cyber incidents.

Key Discussion Points and Insights

1. Blended Threats: Nation-State and Criminal Collusion

Nation-State Tactics: Nation states, particularly China (PRC) and North Korea (DPRK), are increasingly leveraging criminal groups and domestic companies to launch cyber operations against U.S. targets.
PRC Examples:
- Companies like Integrity Technology Group facilitated access to U.S. networks (01:30).
- Salt Typhoon described as "the most consequential cyber espionage campaign launched against the United States" (01:56).
DPRK Activities: Regular incidents where North Korean agents work as remote IT workers in U.S. health care, posing risks of data theft and malware delivery to help fund illicit national programs (02:22).

"We continue to see this blended threat where nation states use these companies to facilitate that access, but they also work within the criminal ecosystem as well."
— Brett Leatherman (01:45)

2. Threat Hunting and Detection Best Practices

Indicators of Compromise (IOCs): Hospitals should monitor the advisories published by the FBI and partners (03:09).
Proactive Defense: Use of technical and contextual threat information enables detection and perimeter defense.

3. AI in Cybersecurity: The Double-Edged Sword

AI Weaponization: Threat actors are rapidly adopting artificial intelligence to streamline attacks, evidenced by the PRC’s use of platforms like Claude in 80-90% of their attack kill chain (04:00).
Defensive Potential: While health care organizations may not be ready for full AI deployment, starting with AI-based anomaly detection on privileged accounts and key systems is recommended.

"Behavior-based detection is kind of the wave of the future. We're doing it now, but we have to do it much more efficiently through artificial intelligence..."
— Brett Leatherman (04:54)

Caution in Adoption: Health organizations must ensure AI tools do not create privacy or security risks before implementation (05:07).

"AI is fueling the next generation of the cyber arms race. We are not just at the beginning, we are, I think, beyond that."
— John Rigi (05:25)

4. The Value of Public-Private Partnerships

Gold Standard Collaboration: The relationship between AHA and FBI is framed as a best-in-class model, built on trust, consistency, and two-way information sharing (06:18).
National Security and Patient Safety: Partnership benefits extend to real-world impact, early threat detection, and joint action against threats.

"It is built on consistency and trust...it is not transactional. We have an established cadence of engagement that allows for real dialogue...and that continuity builds confidence on both sides."
— Gretchen Burrier (06:26)

5. Connecting Hospitals to the FBI

Local Engagement: Hospitals should proactively connect with their local FBI field office and meet their private sector/corporate coordinator before a crisis occurs (08:22).
Risk-Free Outreach: Interaction with the FBI does not increase regulatory exposure; the FBI's sole aim is to aid in recovery and investigation.

6. Cyber Incident Response

Victim-Centric Approach: FBI prioritizes imposing costs on adversaries and providing robust support to victims (09:32).
Confidentiality: Information shared is protected under law enforcement rules and not shared with regulators or made public.
Global Resources: Notifying the FBI activates nationwide and international support, regardless of a hospital's size or location (12:00).

"It unlocks the resources of the entire US Federal government and allied partners...whether you're a multi-state, multi-billion dollar system...or a 10-bed critical access in a very remote area..."
— John Rigi (12:00)

7. Building Relationships and Legal Considerations

Start with Dialogue: Building networks with FBI coordinators and cyber squads can be as simple as an initial conversation—no need for immediate sensitive sharing (13:16).
Legal Counsel Role: Early engagement with internal and external legal counsel is recommended to facilitate smooth, compliant information flow in an emergency (14:39).

Notable Quotes & Memorable Moments

On the necessity of partnerships:
"What I see is the real roll up your sleeves, get to work action on challenges impacting this country's national security and most importantly…the life of patients."
— Gretchen Burrier (07:09)
On AI adoption in healthcare defense:
"There are ways that we can start surrounding key user accounts...pull the logs off...run them through approved artificial intelligence devices to try to find those anomalies in behavior."
— Brett Leatherman (04:34)
On the FBI's confidentiality and support:
"We are bound by the Victims Rights act and we treat victims like victims. That has always been a part of our DNA and will always be a part of our DNA."
— Brett Leatherman (11:11)

Timestamps for Key Segments

Nation States & Proxies in Cyber Attacks: 00:58 – 03:09
Threat Hunting & AI-Driven Attacks: 03:09 – 05:07
AI’s Role in the Cyber Arms Race: 05:07 – 06:18
Public-Private Partnership ("Gold Standard"): 06:18 – 08:22
Building Local FBI Relationships: 08:22 – 09:32
FBI’s Victim-Centric Approach & Confidentiality: 09:32 – 12:50
Legal Considerations in Information Sharing: 14:39 – 15:20

Practical Takeaways

Monitor FBI advisories and implement threat indicators promptly.
Engage with the FBI before a crisis—ahead-of-time relationships speed response and recovery.
Leverage early-stage AI tools for anomaly detection, focusing on privileged accounts and sensitive systems.
Include legal counsel in partnership and information-sharing conversations.
FBI support is confidential; regulatory fears should not deter engagement during cyber incidents.

Concluding Thought

The podcast emphasizes collective resilience: strong, ongoing relationships between health care leaders, the FBI, and trusted partners are vital to defending against and recovering from cyber threats, ensuring patient safety and national security remain uncompromised.

Advancing Health Podcast Summary

Episode: Operation Winter Shield: The FBI's Campaign Against Cyberthreats Part 2
Date: February 11, 2026
Host: American Hospital Association
Guests:

Brett Leatherman, FBI Cyber Division Assistant Director
Gretchen Burrier, FBI Office of Private Sector Assistant Director
John Rigi, National Advisor for Cybersecurity and Risk, AHA (Moderator)

Episode Overview

Key Discussion Points and Insights

1. Blended Threats: Nation-State and Criminal Collusion

Nation-State Tactics: Nation states, particularly China (PRC) and North Korea (DPRK), are increasingly leveraging criminal groups and domestic companies to launch cyber operations against U.S. targets.
PRC Examples:
- Companies like Integrity Technology Group facilitated access to U.S. networks (01:30).
- Salt Typhoon described as "the most consequential cyber espionage campaign launched against the United States" (01:56).
DPRK Activities: Regular incidents where North Korean agents work as remote IT workers in U.S. health care, posing risks of data theft and malware delivery to help fund illicit national programs (02:22).

"We continue to see this blended threat where nation states use these companies to facilitate that access, but they also work within the criminal ecosystem as well."
— Brett Leatherman (01:45)

2. Threat Hunting and Detection Best Practices

Indicators of Compromise (IOCs): Hospitals should monitor the advisories published by the FBI and partners (03:09).
Proactive Defense: Use of technical and contextual threat information enables detection and perimeter defense.

3. AI in Cybersecurity: The Double-Edged Sword

AI Weaponization: Threat actors are rapidly adopting artificial intelligence to streamline attacks, evidenced by the PRC’s use of platforms like Claude in 80-90% of their attack kill chain (04:00).
Defensive Potential: While health care organizations may not be ready for full AI deployment, starting with AI-based anomaly detection on privileged accounts and key systems is recommended.

"Behavior-based detection is kind of the wave of the future. We're doing it now, but we have to do it much more efficiently through artificial intelligence..."
— Brett Leatherman (04:54)

Caution in Adoption: Health organizations must ensure AI tools do not create privacy or security risks before implementation (05:07).

"AI is fueling the next generation of the cyber arms race. We are not just at the beginning, we are, I think, beyond that."
— John Rigi (05:25)

4. The Value of Public-Private Partnerships

Gold Standard Collaboration: The relationship between AHA and FBI is framed as a best-in-class model, built on trust, consistency, and two-way information sharing (06:18).
National Security and Patient Safety: Partnership benefits extend to real-world impact, early threat detection, and joint action against threats.

"It is built on consistency and trust...it is not transactional. We have an established cadence of engagement that allows for real dialogue...and that continuity builds confidence on both sides."
— Gretchen Burrier (06:26)

5. Connecting Hospitals to the FBI

Local Engagement: Hospitals should proactively connect with their local FBI field office and meet their private sector/corporate coordinator before a crisis occurs (08:22).
Risk-Free Outreach: Interaction with the FBI does not increase regulatory exposure; the FBI's sole aim is to aid in recovery and investigation.

6. Cyber Incident Response

Victim-Centric Approach: FBI prioritizes imposing costs on adversaries and providing robust support to victims (09:32).
Confidentiality: Information shared is protected under law enforcement rules and not shared with regulators or made public.
Global Resources: Notifying the FBI activates nationwide and international support, regardless of a hospital's size or location (12:00).

"It unlocks the resources of the entire US Federal government and allied partners...whether you're a multi-state, multi-billion dollar system...or a 10-bed critical access in a very remote area..."
— John Rigi (12:00)

7. Building Relationships and Legal Considerations

Start with Dialogue: Building networks with FBI coordinators and cyber squads can be as simple as an initial conversation—no need for immediate sensitive sharing (13:16).
Legal Counsel Role: Early engagement with internal and external legal counsel is recommended to facilitate smooth, compliant information flow in an emergency (14:39).

Notable Quotes & Memorable Moments

On the necessity of partnerships:
"What I see is the real roll up your sleeves, get to work action on challenges impacting this country's national security and most importantly…the life of patients."
— Gretchen Burrier (07:09)
On AI adoption in healthcare defense:
"There are ways that we can start surrounding key user accounts...pull the logs off...run them through approved artificial intelligence devices to try to find those anomalies in behavior."
— Brett Leatherman (04:34)
On the FBI's confidentiality and support:
"We are bound by the Victims Rights act and we treat victims like victims. That has always been a part of our DNA and will always be a part of our DNA."
— Brett Leatherman (11:11)

Timestamps for Key Segments

Nation States & Proxies in Cyber Attacks: 00:58 – 03:09
Threat Hunting & AI-Driven Attacks: 03:09 – 05:07
AI’s Role in the Cyber Arms Race: 05:07 – 06:18
Public-Private Partnership ("Gold Standard"): 06:18 – 08:22
Building Local FBI Relationships: 08:22 – 09:32
FBI’s Victim-Centric Approach & Confidentiality: 09:32 – 12:50
Legal Considerations in Information Sharing: 14:39 – 15:20

Practical Takeaways

Monitor FBI advisories and implement threat indicators promptly.
Engage with the FBI before a crisis—ahead-of-time relationships speed response and recovery.
Leverage early-stage AI tools for anomaly detection, focusing on privileged accounts and sensitive systems.
Include legal counsel in partnership and information-sharing conversations.
FBI support is confidential; regulatory fears should not deter engagement during cyber incidents.

wavePod

Operation Winter Shield: The FBI's Campaign Against Cyberthreats Part 2

Get Free Podcast Summaries in Your Inbox

Pick Your Shows

Subscribe Free

Get Instant Summaries

Summary

Advancing Health Podcast Summary

Episode Overview

Key Discussion Points and Insights

1. Blended Threats: Nation-State and Criminal Collusion

2. Threat Hunting and Detection Best Practices

3. AI in Cybersecurity: The Double-Edged Sword

4. The Value of Public-Private Partnerships

5. Connecting Hospitals to the FBI

6. Cyber Incident Response

7. Building Relationships and Legal Considerations

Notable Quotes & Memorable Moments

Timestamps for Key Segments

Practical Takeaways

Concluding Thought

Summary

Advancing Health Podcast Summary

Episode Overview

Key Discussion Points and Insights

1. Blended Threats: Nation-State and Criminal Collusion

2. Threat Hunting and Detection Best Practices

3. AI in Cybersecurity: The Double-Edged Sword

4. The Value of Public-Private Partnerships

5. Connecting Hospitals to the FBI

6. Cyber Incident Response

7. Building Relationships and Legal Considerations

Notable Quotes & Memorable Moments

Timestamps for Key Segments

Practical Takeaways

Concluding Thought