Event Agenda

• How are geopolitical events impacting healthcare cybersecurity?
• What would you pinpoint as the most credible threats to the sector today?
• What lessons learned can we leverage from the most prominent healthcare data breaches registered in the past year?
• With the current threat landscape in mind, what are the top 3 actions you believe healthcare and life sciences organisations should take to be better prepared?

– Moderator: David Anderson, CISO, Ensemble Health Partners
– Lynette Larkins, Director of Information Security, St. Jude Children’s Research Hospital
– Jim Covington, VP Information Security & Privacy, SomaLogic
.

• Evolution and use of deception technology in the enterprise, with emphasis on practical cybersecurity requirements
• Insight into deceptive methods and how they are used to slow and create uncertainty for malicious actors
• How deception reduces the effectiveness of a cyber attack against network and system infrastructure

In a world where the adoption of cloud tools and services keeps increasing, what does a comprehensive approach to third-party risk management look like? Join this session as we share key takeaways and hands-on advice on how to tackle the complex processes of identifying, assessing and mitigating third-party risk.
.
– Krista Arndt, CISO, United Musculoskeletal Partners
.

Without an accurate inventory, many HDOs struggle to manage day-to-day workflows and make comprehensive device life-cycle decisions. Join this session to familiarize yourself with ways of tackling this challenge, through real-world examples of organizations we have helped overcome it.
.
– Cynerio
.

• What are the most common gaps in incident response strategies? What do you think are the factors delaying incident response?
• What steps have you been taking to improve incident response processes in your organisation?
• What advice can you share with your peers, based on lessons learned from the post-incident review process?
• How can we integrate privacy into security incident management, to de-escalate the cost of incidents and constrain organisational liability?

– Moderator: Bryan Chnowski, Deputy CISO, Nuvance Health
– Jigar Kadakia, CISO, Emory Healthcare
– Monsurat Ottun, Cybersecurity Advisor Region 1 (New England), CISA
.

Identity and access management is a crucial component of any healthcare organisation’s security strategy. In this session, Lynette will first shed some light on the Identity & Access Management program she is running within St. Jude Children’s Research Hospital, touching upon their unique access needs, compliance considerations, risk levels, major pain points and how these are being tackled. She will then share some key lessons learned that can be beneficial to other healthcare organisations, both in terms of governance and risk remediation strategies.
.
– Lynette Larkins, Director of Information Security, St. Jude Children’s Research Hospital
.

• How HIPAA compliance can be driven by pentesting
• Debunking common misconceptions
• Some tales from the pen test desk to highlight actionable insights you can leverage to improve your own organization’s security

The Internet of Medical Things (IoMT) is revolutionising how we keep patients safe. But how do you ensure you can trust these devices? Join this presentation to hear the top ways of enabling total device, data and operational trust.
.
– Device Authority
.

Budget constraints are often one of the most challenging obstacles in the way of a strong cyber security posture. In this fireside chat, a few CISOs share their first-hand insights and advice on how to make the most out of limited resources, through:
.

• Process improvement
• Evaluating technology to get most effective protections at the lowest cost
• Getting the basics right: core, fundamental cyber hygiene practices

– Moderator: Jim Covington, VP Information Security & Privacy, SomaLogic
– Rick Doten,VP and Healthplan CISO, Centene Corporation
– Jigar Kadakia, CISO, Emory Healthcare
– Mike Welna, Director Information Security, oys Town
.

T1: AI in Healthcare: Use cases, Risks, Security Policies and Practices
– Ping Identity
.
T2: Cyber Insurance: Protecting the CISO During Incident Investigations
.
T3: Bolstering Defences Against Phishing and Social Engineering
.
T4: Pharma 4.0: Addressing Security Concerns Stemming From Legacy Systems in OT
.

• What do you perceive as the biggest challenges pertaining to multi compliance?
• Looking specifically at new regulations from 2022-23, how have these shifted your focus and efforts?
• What is your top advice to comply with healthcare regulatory requirements, that you can share with your peers?
• How can software assist?

– Moderator: Krista Arndt, CISO, United Musculoskeletal Partners
– Karen Habercoss, CPO, UChicago Medicine
– Aaron Weismann, CISO, Mainline Health
– Elie Abouzeid, AVP Information Security, DentaQuest
– John Moynihan, Director Information Security, Privacy and Compliance, NFP Health
.

Cybersecurity is essential to protecting patient safety. Amidst securing devices, protecting patient data and complying with changing regulatory requirements, HDOs and MDMs must work together to build a culture of shared responsibility when mitigating cyber risk. In this panel discussion, we explore key questions such as:
.

• How have MDMs incorporated and improved cybersecurity into their processes and devices?
• What questions should HDOs ask their medical device vendors to make informed decisions on what devices they let into their network?
• How can MDMs and HDOs work together to maintain security of legacy devices still in use?
• How can HDOs build accountability with their MDM partners?

– Moderator: Phil Englert, VP of Medical Device Security, H-ISAC
– Patty Ryan, CISO, QuidelOrtho
– Anahi Santiago, CISO, Christiana Care Health System
.

If you are trying to secure a diverse set of medical devices and don’t know where to start, this session is for you. We will provide actionable insights into:
.

• Gaining visibility across your medical device software supply chain
  How to monitor for new vulnerabilities impacting your SBOM, and how to prioritise them efficiently
• Garnering information about new threats and exploits and acting upon it

The role of HDOs in ensuring the security of medical devices as a part of the life cycle management is becoming more prevalent. In this talk, we illustrate a framework for a medical devices security program for HDOs modelled on the NIST Cybersecurity Framework and where patient safety is a top of mind concern and priority. We will also share some lessons learned through implementing one within our organisation.
.

– Daniel King, Chief of Cybersecurity, Region 1 (New England), CISA
.

In this session, we discuss how to enable effective network segmentation for healthcare organizations throughout their segmentation initiative, by developing an asset catalog, mapping communications, access control list export, and policy building. We will also look at a case study, to look more closely at how we helped an HDO do just that.
.
– Wiz
.

The Health Sector Coordinating Council recently published the Five-Year Health Industry Cybersecurity Strategic Plan (HIC-SP) – 2024-29, which identifies 12 cybersecurity objectives to focus efforts on. In this panel discussion, our experts discuss practical, hands-on strategies to meet the following objectives:
.

• Developing health subsector specific integrated cybersecurity profile aligned with regulatory requirements
• Developing meaningful cross-sector third party risk management strategies for evaluating, monitoring, and responding to supply chain and third party provider cybersecurity risks
• Increasing meaningful and timely information sharing of cyber related disruptions to improve sector readiness

– Moderator: Greg Garcia, Executive Director, Health Sector Coordinating Council Cybersecurity Working Group
.

In this talk, we share our experience with rolling out a vulnerability management plan. We will touch upon:
.

• The skills gaps or resource deficit related challenges specific to our organisation
• How we gained visibility into our most severe vulnerabilities and established a roadmap to remediate them
• Progress so far, lessons learned and future plans

– Mike Welna, Director Information Security, Boys Town
.

In this session, we will walk you through lessons learned from notable ransomware attacks and how to improve your organisation’s resilience. We will talk about what you should be doing to prepare, what to do during the incident, how to recover safely and who you should be working with to comply.
.
– Esmond Kane, CISO, Steward Health Care
.

In order to drive cybersecurity advancement, turning the Board into your greatest ally is vital. This, of course, requires skillful communication and a deep understanding of the business you operate in.
In this fireside chat, the CISOs from Adventist HealthCare, QuidelOrtho and Christiana Care Health System and Ensemble Health Partners share their hands-on advice on:
.

• Matching cyber needs with business needs
• How to present metrics
• Communication tactics to build support

– Moderator: Michael Prakhye, CISO, Adventist HealthCare
– Patty Ryan, CISO, QuidelOrtho
– Anahi Santiago, CISO, Christiana Care Health System
– David Anderson, CISO, Ensemble Health Partners
.

Understaffed IT and security departments are one of the biggest challenges in the healthcare world. It’s time to get creative: how can we beat the talent shortage?
.
– Rick Doten, VP and Healthplan CISO, Centene Corporation