Event Agenda

● What are the most significant AI-driven cyber threats facing U.S. healthcare organizations today, particularly those impacting patient safety, clinical continuity, and protected health information?
● How can healthcare leaders navigate gaps and inconsistencies in federal and state guidance while strengthening compliance and reducing cyber insurance risk?
● How can AI be responsibly deployed to enhance threat detection and response without compromising regulatory compliance, data privacy, or ethical standards?
● How are adversaries increasingly leveraging AI to scale attacks and what strategies and capabilities are required to stay ahead and proactively defend the healthcare ecosystem?
.
– Moderator: Nick Sturgeon, VP CISO, Community Health Network
– Ravi Thatavarthy, Group VP, CISO & Enterprise Architecture, RITE AID
– Garima Maheshwari, VP/BISO, Johnson & Johnson
– Alexandra Decknick, Vice President – IT Risk & Resilience, Bristol-Myers Squibb
– Jared Hamilton, Managing Director, Crowe
– Shasta Turney, Sr. Director of Solutions & Product GTM, Ping Identity
.

Healthcare and life sciences organizations are rapidly adopting AI, but many lack the governance maturity needed to manage emerging risks such as shadow AI, vendor-embedded AI, PHI exposure, clinical bias, model hallucinations, and AI-enabled cyber threats. In this keynote, attendees will learn practical approaches to responsible AI governance, including risk-tiering, structured use case intake, AI inventories, impact assessments, cross-functional oversight, cybersecurity integration, third-party risk management, and continuous monitoring. Participants will leave with real-life stories, actionable steps to strengthen AI oversight, improve cyber resilience, support regulatory and audit readiness, and enable faster, safer, and more trustworthy AI adoption.
.
– Jared Hamilton, Managing Director, Crowe
– Jacqueline Tomei, Consulting Manager, AI Governance, Crowe
.

Artificial intelligence is reshaping healthcare cybersecurity faster than most organizations can adapt. Attackers are using AI to automate and accelerate exploitation, collapsing the time between vulnerability discovery and real-world impact, and pushing traditional vulnerability management to a breaking point. At the same time, healthcare’s growing use of AI applications, models, and autonomous agents is introducing unfamiliar attack paths that were never part of the original security design. Adding to the complexity, AI assistants are generating large volumes of automated traffic, forcing defenders to decide who and what to trust at machine speed. This session explores how these forces converge and what must change to preserve resilience, availability, and patient care.
.
– Chip Witt, Principal Security Evangelist, Radware

This case study examines how a U.S. healthcare organization implemented an AI governance framework to safely deploy AI across clinical, operational, and cybersecurity use cases. It highlights practical approaches to risk assessment, accountability, and policy development, with security and privacy embedded from design through deployment. Attendees will learn how high-impact AI systems were identified and managed in alignment with federal expectations and industry standards, enabling responsible AI adoption while maintaining trust, compliance, and resilience.
.
– Krista Arndt, Associate CISO, St. Luke’s University Health Network

Most AI security discussions focus on defense, but reactive strategies can no longer keep pace with fast-moving adversaries. This session introduces the missing half: Proactive Offensive Security.
Drawing on real-world production experience, this session details a “one-operator-plus-orchestrator-plus-fleet” architecture built with strict engineering guardrails. Discover three concrete tasks these agent fleets execute: dynamic surface testing, matching adversary tempo, and prioritizing fixes, alongside six critical questions healthcare CISOs must ask vendors. Attendees will leave with a deployable AI offense framework and actionable insights to address.
.
– Gaurav Kulkarni, COO, Sprocket Security
.

In this fireside chat, leaders from Renown Health and Tampa General Hospital will share how modernizing digital identity has helped strengthen security, simplify access, and better support their organizations’ operational and clinical goals—while reducing costs. This conversation will focus on the real-world results they’ve achieved, the lessons they learned navigating change, and the best practices they believe matter most for peers across healthcare security and IT. Attendees will hear how identity modernization helped Renown and Tampa General:
.

• Improve patient engagement and retention
• Reduce workforce and partner access friction and burnout
• Increase visibility and control across legacy and modern systems
• Create a stronger foundation for security, compliance, and resilience

The discussion will be especially relevant for healthcare leaders looking to modernize without disrupting care delivery or overburdening already stretched teams and budgets.
.
– Moderator: Rodney Apura, VP, Customer Success, Ping Identity
– Steven Ramirez , VP & Chief Information Security & Technology Officer, Renown Health
– David Quigley , Director of Cyber Security, Identity Protection & Architecture, Tampa General Hospital
.

● How have recent high-profile healthcare breaches influenced your approach to third-party risk management and overall patient data security? What lessons have you applied?
● How is your organization managing risks as AI in healthcare promises advancements in diagnosis and treatment but introduces risks like misinterpretation, bias, and liability?
● How are you addressing PHI security within shared responsibility models and dynamic cloud environments? How are you adapting to requirements necessary across the world such as GDPR, as well as the difference state to state in the USA?
● What are the most pressing threats to patient data today, how are attackers evolving, and what strategies are you using to prevent breaches amid limited resources or technical skills?
.
– Moderator: Anahi Santiago, CISO, Christiana Care Health System
– Montez Fitzpatrick, CISO, Navvis
– Steven Ramirez, VP & Chief Information Security & Technology Officer, Renown Health

AI-powered social engineering is changing the speed and scale of cyberattacks, widening the human risk visibility gap for healthcare organizations. In environments where trust, urgency, and access are critical to patient care, traditional awareness metrics like click rates and training completion data no longer provide the visibility security teams need to understand true human risk.
Join Ashley Rose, Founder & CEO of Living Security, the leader in Human Risk Management, alongside Amy Zaborowski, Director of Cyber Strategy Management, and Margarita Rincon, Cybersecurity Awareness & Education Manager at Montefiore Health System, for a candid discussion on how security leaders are adapting to this new reality.
.
– Ashley Rose, Founder & CEO, Living Security
– Margarita Rincon, Cybersecurity Awareness & Education, Montefiore Health System
– Amy Zaborowski, Director of Cyber Strategy Management. Montefiore Health System
.

This presentation examines how a healthcare organization responded to a ransomware attack, minimizing disruption to patient care and protecting sensitive data. Attendees will explore practical approaches to incident detection, containment, and system restoration, including coordination across IT, clinical, and executive teams. The session will also include post-incident analysis, and lessons learned to improve future preparedness, demonstrating how a structured response framework can strengthen overall cyber resilience and reduce the impact of future ransomware events.
.
– Lee Cullivan, CISO, Boston Medical Center

Healthcare organizations are facing a new wave of compliance risk driven by online tracking technologies, patient-facing websites, and mobile apps. This session explores how patient data is being exposed in real time, why traditional compliance approaches are failing, and what organizations must do to shift toward continuous, AI-driven compliance validation.
.
– Ivan Tsarynny, CEO and Co-Founder, Feroot Security
.

T1: AI-Powered Ransomware Is Outpacing Your Security Stack — Here’s How to Stay Ahead
– Anson Dorsey, CTO and Co-Founder, QuellSecure
.
T2: From Symptoms to Solutions: Diagnosing Cloud Security
– Yair Ladizhensky, Co-Founder & CPO, Aryon Security
.
T3: Securing the Lifeline: Navigating IoMT and Medical Device Vulnerabilities
– Avania

● How can healthcare organizations allocate limited cybersecurity budgets to address the highest risks to patient safety, clinical operations, and protected health information?
● What approaches have proven effective in maximizing the value of existing security investments while meeting federal and industry compliance requirements?
● How should healthcare leaders prioritize spending between foundational controls, resilience and recovery capabilities, and innovation?
● Which emerging technologies and services are delivering the strongest return on investment for healthcare cybersecurity programs?
.
– Esmond Kane, CISO, Advarra
– Nick Sturgeon, VP CISO, Community Health Network
– Jeffrey Ericson, CISO/SVP Infrastructure, MedRisk
– Jesse Ku, Global Cybersecurity Manager, Bora Pharmaceuticals
– Mike Leffer, President, Cantina
.

● How has the Change Healthcare cyberattack reshaped the healthcare sector’s understanding of systemic risk, operational dependency, and the need for resilience beyond traditional perimeter defense?
● What does cyber resilience mean in practice for U.S. healthcare organizations, particularly in terms of downtime tolerance, clinical continuity, third-party risk, and recovery capabilities?
● How should healthcare leaders rebalance investment from prevention-focused controls toward incident response, business continuity, and recovery, while still meeting federal and industry compliance requirements?
● What governance, technology, and partnership models are required to build resilient healthcare ecosystems capable of withstanding and rapidly recovering from large-scale, disruptive cyber events?
.
– Moderator: Inhel Rekik, Sr. Director, Product Security,Bracco
– Monique St John, VP, CISO, Children’s Hospital of Philadelphia
– Esmond Kane, CISO, Advarra
– Joshua Gordon, Sr. Director, IS Security/Risk, Quorum Health
– Pamela Beck, Senior Solutions Engineer, BlueVoyant

.

Patient safety, care continuity, and organizational trust are increasingly at risk in today’s healthcare threat landscape. For CIOs, CISOs, and compliance leaders, regulatory alignment alone is no longer sufficient against ransomware, legacy system vulnerabilities, and the dual-use nature of AI. This keynote examines the growing gap between compliance and real-world resilience, highlighting the need to embed cyber resilience across clinical systems, cloud platforms, and operational decision-making. Attendees will gain practical insight into shifting security from a compliance obligation to a core leadership and organizational capability.
.
– Senior Expert, OLOID
.

Cyber threats continue to evolve and employees remain a primary target and a key line of defense. This session examines how well-designed security awareness programs can reduce human error and strengthen organizational cybersecurity. Using practical examples, attendees will explore strategies to combat phishing, social engineering, and other attacks through engaging, evidence-based training. Learn how cultivating a security-conscious culture turns employees into proactive defenders, creating a resilient “human firewall” that helps prevent incidents before they escalate.
.
.

This presentation examines how a healthcare organization shifted from a prevention-led security model to a resilience-focused approach following increased operational and cyber risk. It highlights practical steps taken to improve incident readiness, minimize clinical disruption, and accelerate recovery after cyber events. Attendees will gain insight into how aligning people, processes, and technology enables more effective response and continuity of care, offering clear lessons that can be applied to strengthen cyber resilience across healthcare environments.
.
– Heather Costa, Director of Technology Resilience, Mayo Clinic
.

This interactive 60-minute workshop delivers a hands-on exploration of cybersecurity vulnerabilities within distributed clinical networks. Following a brief moderator presentation, it illustrates how fragmented perimeters permit unauthorized access, highlighting critical HIPAA risks. The focus is on proactive mitigation, including Zero Trust Network Access and granular CASB policies. A cloud-native lab environment featuring telehealth portals and unmanaged medical devices is utilized for collaborative group breakout sessions. Finally, a “Living-off-the-SaaS” attack demonstrates how legitimate platforms are weaponized, concluding with a shared recap to protect modern medical landscapes.
.
– Senior Expert, Netskope
.

● How are anticipated updates to HIPAA guidelines reshaping the priorities of CISOs and where do their objectives align or diverge?
● What challenges are being faced in aligning IT security, application security, and compliance functions to meet evolving HIPAA expectations, and how can these gaps be addressed? How will emerging technologies such as quantum, alter these challenges?
● What proactive technical and administrative safeguards are needed to strengthen HIPAA compliance while supporting operational efficiency and innovation as healthcare threats continue to evolve?
● What best practices can healthcare organizations adopt to improve collaboration between security teams, compliance, legal, and executive leadership to build a unified, risk-based security strategy?
.
– Moderator: Phil Englert, VP of Medical Device Security, H-ISAC
– Anahi Santiago, CISO, Christiana Care Health System

Cyber threats continue to evolve and employees remain a primary target and a key line of defense. This session examines how well-designed security awareness programs can reduce human error and strengthen organizational cybersecurity. Using practical examples, attendees will explore strategies to combat phishing, social engineering, and other attacks through engaging, evidence-based training. Learn how cultivating a security-conscious culture turns employees into proactive defenders, creating a resilient “human firewall” that helps prevent incidents before they escalate.
.
– Senior Expert, Commvault
.

As healthcare increasingly relies on complex and interconnected software, visibility into the software supply chain is essential. Software Bills of Materials (SBOMs) provide transparency into software components, enabling faster vulnerability identification, improved incident response, and stronger regulatory alignment. This session will explain why SBOMs are so important, and how healthcare organizations can practically adopt and operationalize SBOMs to reduce supply chain risk and improve cyber resilience
.
– Phil Englert, VP of Medical Device Security, H-ISAC
.

● How is the cybersecurity skills shortage impacting healthcare organizations’ ability to safeguard patient safety, maintain clinical operations, and protect sensitive health data?
● Which cybersecurity roles and competencies are most critically lacking, and are current education, workforce, and federal initiatives adequately addressing healthcare-specific needs?
● What practical approaches can healthcare organizations take to attract, upskill, and retain cyber talent, including the use of automation, AI, and managed security services?
● How can healthcare leaders use horizon scanning to develop sustainable workforce and operating models that strengthen cyber resilience while balancing regulatory requirements, budget pressures, and evolving threats?
.
– Moderator: John Frushour, Vice President and Chief Information Security Officer (CISO), New York-Presbyterian Hospital
– Heather Costa, Director of Technology Resilience, Mayo Clinic
.

● How can security leaders clearly articulate cyber risk, priorities, and investment needs to boards and executives in non-technical terms?
● What soft skills are most critical for effective security leadership, and how can they be developed?
● How does sustained pressure affect security leaders’ judgment and performance, and what practical approaches support long-term effectiveness?
● How can peer networks, mentorship, and shared experience strengthen leadership capability and resilience?
.
– Moderator: Inhel Rekik, Sr. Director, Product Security, Bracco
.