HEALTHCARE SECURITY FORUM: A HIMSS EVENT
Boston, MA - September 11 - 13, 2017
Breakfast will be served in the ballroom so make sure to stop by the sponsor tables.
Organizations of all types today face a daily and growing assault from nation states, lone actors and organized crime. The assailants target everything from trade secrets to proprietary information to reputation damage to critical infrastructure and financial systems. The effects are as far-reaching, disruptive and consequential as physical attacks, and can make or break organizations that are not sufficiently prepared.
In this presentation, one of the world’s most notable security experts, Tom Ridge, the first secretary of the U.S. Department of Homeland Security, brings the priorities of cybersecurity into perspective as only an internationally respected leader can. The evolution of cybersecurity strategy and diplomacy, what to expect from the next generation of cyber attacks and how to navigate it all mark this compelling, insightful presentation of a growing and global 21st century threat.
Breaches make the headlines every day but all too often the response to the breach is causing more damage than the breach itself. Are you ready? Do you have the skills you need? Are your incident response runbooks practiced and rehearsed to the point that they are muscle memory. Caleb Barlow, vice president of threat intelligence at IBM Security, will discuss what they are learning from the world's first at scale cyber range in the private sector. What does good look like? Where are companies struggling? How does your team best prepare for the eventual reality of a security breach?.
The threat landscape is changing and hackers have become much more dangerous and disruptive to healthcare. New and emerging attacks are more impactful because they interrupt services and communications. They can cripple an organization by taking down its infrastructure and internet connections, and, most alarmingly, this poses a major risk to patient care.
In this opening state-of-the-industry discussion, our panel of seasoned healthcare security veterans survey the threat landscape and explain what they are doing to counter hackers. They’ll also discuss their top initiatives for the coming year.
Take this opportunity to mingle with your peers in a relaxed setting to build relationships and establish future partnerships. Coffee will be served in the ballroom area so make sure to stop by our sponsor tables.
HIMSS Director of Privacy & Security Lee Kim aggregates a valuable monthly recap of information on current threats, vulnerabilities, mitigation information and other valuable resources for the healthcare industry. Rather than paralyzing them with information overload, Lee’s “Healthcare and Cross-Sector Cybersecurity Report”, tips off privacy & security professionals to current relevant threats and offers advice on how to proactively mitigate the threats.
In this session, Lee reviews a year dominated by WannaCry, Petya, NotPetya and other ransomware, distributed denial of service attacks, concerns about malicious insiders, outdated and insecure websites, and other threats and vulnerabilities.
At present and going forward, there’s no evidence that these threats will slow down. But as Lee will discuss, healthcare organizations can head off trouble by staying ahead of the threats, and perhaps more importantly, raising the cybersecurity literacy of all employees.
For patients and providers, security, privacy and user experience require an integrated view of identity, driven by context—this is the foundation for providing both the right user experience and appropriate information disclosure. However, delivering this integrated view has been challenging due to the fragmentation of identity across multiple sources (AD, SQL, APIs)—and the relationships of IDs with key applications, such as Epic and Kronos.
Dieter Schuller will explain how you can leverage identity-virtualization to integrate existing identity, without disrupting your business. Learn how large healthcare organizations have successfully adopted identity and context virtualization.
Many vulnerabilities that exist in organizations come from ingrained corporate cultures – cultures that value personal safety in the workplace (“Hold the railing when walking downstairs”), but that don’t apply the same concern to cybersecurity. Think of it this way: If you put a stronger lock on the door, but still leave the key under the mat, have you really made things more safe? In healthcare, as in other industries, when it comes to cybersecurity, we’re building stronger doors, but leaving keys all over the place.
In this session, Professor Madnick discuss the current state of cybersecurity in healthcare and other industries, and explains that to improve risk management, organizations must implement a cultural shift, emphasizing a top-down approach that addresses management, organizational behavior, and strategy.
Take this opportunity to mingle with your peers in a relaxed setting to build relationships and establish future partnerships.
The Health Care Industry Cybersecurity Task Force in its June 2017 Final Report recommended a “holistic strategy” that supports both business AND clinical objectives within the healthcare industry. The problem most healthcare enterprises face in acting holistically is that cybersecurity is kept in its own silo, using a unique framework to analyze risk that does not easily translate into return in investment for the technology spend, while the rest of the risk management decisions almost exclusively use dollars saved or financial measurements of risk avoided.
This seminar will explain how to apply the NIST Risk Management Framework to the healthcare system as a whole, utilizing people and processes (not just technology) to address both cybersecurity risk as well as other health care business and clinical risks – in effect, using the framework to apply to all risk management analyses and mitigation strategies in advance of unpublished Revision 5 to NIST SP 800-53, which purports to do exactly that.
In this session, healthcare attorney Matt Fisher will address some common privacy & security misunderstandings that could lead unsuspecting healthcare providers into a whole lot of trouble. Specifically:
If you’ve ever found yourself uttering or thinking these statements, it’s time to reconsider your position. Matt will explain why such thinking is dangerous, and what attendees can do mitigate potential harm.
Social engineering attacks targeting healthcare are on the rise. Will you know when your people are victims of social engineering? Can you tell with the traditional defenses in place? In this session, we will explore advanced social engineering tactics and share best practices with proven results in building an effective education program to empower people to recognize and respond to the everyday threat.
In this session, Healthcare IT News Editor-in-Chief Tom Sullivan sits down with Dan Bowden, CISO of Sentara Health, and discusses three key areas of importance: Pentesting, end-point security, and vendor management.
Bowden will share what he’s doing in these three key areas and what’s producing the best results.
Third parties — whether traditional vendors, business partners or inter-affiliates — deliver important services that help healthcare organizations meet their business and clinical goals. But the convenience and flexibility of outsourcing third party services comes with significant cyber risks, including regulatory penalties for vendor related incidents.
To mitigate this risk, more and more security leader are turning to 3rd-party assurance programs. A sound third-party program can give you the peace of mind that the data and systems you entrust to third parties are maintained in a secure and complaint manner.
In this session, you learn how a third-party assurance plan can strengthen your security posture, and how to evaluate assurance programs and choose the one that best meets your needs.
A successful cyber security strategy is one that is embraced and supported throughout the organization- it’s not just about technology! This session identifies the key components of a cyber security strategy including both operational and technical components as well as approaches for plan monitoring, security controls, metrics and breach practices.
No one wants a breach on their watch, but unfortunately they do happen, even to the best prepared and protected of us. Having a well-orchestrated, coordinated plan, practiced several times a year, will allow the organization to react quickly and minimize negative outcomes. We will discuss the elements of a well thought out plan, and how to execute that plan quickly when a breach occurs. We will also discuss resources available to you and when to involve other parties and governmental agencies.”
One of the largest challenges with HIPAA compliance is the need to operationalize it. There are a lot of requirements under the HIPAA Security Rule, Privacy Rule, and HITECH. However, translating these requirements into action has been difficult. This session will go over the steps you need to develop a communication plan, example work plan, and requirements for implementing HIPAA in the spirit of its original intent, which is to ensure that healthcare organizations continually assess their risk and apply reasonable and appropriate countermeasures to ensure the privacy and security of patient data.
Healthcare cybersecurity leads are on the front lines of a raging inferno which threatens to consume their organizations. They must constantly deal with new threats in the complex healthcare environment, often with insufficient resources and leadership that does not appreciate the true extent of the threat. Effectively communicating with the “C-suite” is an essential skill for today’s cybersecurity professionals. You must be able to clearly explain the cyber-threat, what is at stake, and advocate for the resources needed to prepare the organization for the imminent threat of a cyber-attack.
How do you cut through the noise that healthcare executives must deal with every day? How do you effectively communicate with your general counsel? This session will provide you with data and practical tips to improve your effectiveness.
Take this opportunity to mingle with your peers in a relaxed setting to build relationships and establish future partnerships. Coffee will be served in the exhibit area so make sure to stop by our sponsor tables.
In this session we’ll hear how Sentara Health and Old Dominion University are working to secure data by putting into practice one of the hottest (and most hyped) technologies in healthcare: Blockchain.
How does blockchain work in securing the data and enhancing collaboration? Speakers will discuss that in this session. They’ll also share key takeaways, which include:
From healthcare providers to companies that service the healthcare industry, the move to the cloud is inevitable. The right partnership can help you overcome the challenges involved including the continuous stream of technological advances; security challenges and evolving compliance mandate and interoperability as data gets increasingly shared across new and legacy systems.
In this session, you will hear how Surgical Information Systems and Edge Hosting worked together to ensure compliance and security across systems without compromising performance, determining the right configuration of the latest technologies and how to design a flexible solution that can adapt to the demands of new technology acquisitions.
Conflicting priorities can complicate the relationship between the CIO and CISO. CIOs must drive business solutions faster than ever. Security, on the other hand, is often perceived as creating obstacles or processes that make a user’s life more difficult.
In this session, the CIO and CISO of a major health system sit down and discuss what it takes to align security, innovation, and business velocity to create a successful partnership.
After a day of informative and incisive presentations, enjoy a drink and hors d'oeuvres in the ballroom with your fellow attendees, speakers and sponsors.