HEALTHCARE SECURITY FORUM: A HIMSS EVENT

Boston, MA
Sheraton Boston Hotel
Sep. 11-13, 2017

Schedule

8:30am - 9:00am
Breakfast and Badge Pick-up
Grand Ballroom

Breakfast will be served in the ballroom so make sure to stop by the sponsor tables. 

9:00am - 9:05am
Opening Remarks
Grand Ballroom

John
Whelan
Executive Vice President
HIMSS Media

9:05am - 10:00am

Opening Keynote

From Risk to Resilence - The Global Mission to Secure Cyber Security
Grand Ballroom

Organizations of all types today face a daily and growing assault from nation states, lone actors and organized crime. The assailants target everything from trade secrets to proprietary information to reputation damage to critical infrastructure and financial systems. The effects are as far-reaching, disruptive and consequential as physical attacks, and can make or break organizations that are not sufficiently prepared.

  • How can an organization embed cybersecurity into its suite of core business functions?
  • How can we better protect our globally interdependent systems?
  • What are the rules of engagement for world leaders, and what are the consequences for their foes?

In this presentation, one of the world’s most notable security experts, Tom Ridge, the first secretary of the U.S. Department of Homeland Security, brings the priorities of cybersecurity into perspective as only an internationally respected leader can. The evolution of cybersecurity strategy and diplomacy, what to expect from the next generation of cyber attacks and how to navigate it all mark this compelling, insightful presentation of a growing and global 21st century threat.

Tom
Ridge
First Secretary of U.S. Department of Homeland Security, Former Governor of Pennsylvania, and Chairman, Ridge Global
Ridge Global, LLC

10:00am - 10:15am

Muscle Memory

Training Like You Fight with Cyber Security
Grand Ballroom

Breaches make the headlines every day but all too often the response to the breach is causing more damage than the breach itself. Are you ready? Do you have the skills you need? Are your incident response runbooks practiced and rehearsed to the point that they are muscle memory. Caleb Barlow, vice president of threat intelligence at IBM Security, will discuss what they are learning from the world's first at scale cyber range in the private sector. What does good look like? Where are companies struggling? How does your team best prepare for the eventual reality of a security breach?.

Caleb
Barlow
Vice President at IBM Security
IBM

10:15am - 11:00am

Leadership Panel

The State of Healthcare Cybersecurity 2017 and Beyond
Grand Ballroom

The threat landscape is changing and hackers have become much more dangerous and disruptive to healthcare. New and emerging attacks are more impactful because they interrupt services and communications. They can cripple an organization by taking down its infrastructure and internet connections, and, most alarmingly, this poses a major risk to patient care.

In this opening state-of-the-industry discussion, our panel of seasoned healthcare security veterans survey the threat landscape and explain what they are doing to counter hackers. They’ll also discuss their top initiatives for the coming year.

Dan
Costantino
Chief Information Security Officer
Penn Medicine
Stephen
Boyer
Co-founder and Chief Technical Officer
BitSight Technologies
Shirley
Golen
Global Healthcare Industry Market Leader
Splunk
Anahi
Santiago
Chief Information Security Officer
Christiana Care Health System
Tom
Sullivan
Editor-in-Chief
Healthcare IT News

11:00am - 11:30am
Networking Break
Grand Ballroom

Take this opportunity to mingle with your peers in a relaxed setting to build relationships and establish future partnerships. Coffee will be served in the ballroom area so make sure to stop by our sponsor tables.

11:30am - 12:00pm

2017 and Beyond

WannaCry, Petya, NotPetya. What’s Next in Cybercrime?
Grand Ballroom

HIMSS Director of Privacy & Security Lee Kim aggregates a valuable monthly recap of information on current threats, vulnerabilities, mitigation information and other valuable resources for the healthcare industry. Rather than paralyzing them with information overload, Lee’s “Healthcare and Cross-Sector Cybersecurity Report”, tips off privacy & security professionals to current relevant threats and offers advice on how to proactively mitigate the threats.

In this session, Lee reviews a year dominated by WannaCry, Petya, NotPetya and other ransomware, distributed denial of service attacks, concerns about malicious insiders, outdated and insecure websites, and other threats and vulnerabilities.

At present and going forward, there’s no evidence that these threats will slow down. But as Lee will discuss, healthcare organizations can head off trouble by staying ahead of the threats, and perhaps more importantly, raising the cybersecurity literacy of all employees.

Lee
Kim
Director, Privacy and Security
HIMSS North America

12:00pm - 12:15pm

Identification Coordination

Integrated Identity Profile and Context-Virtualization for Security, Privacy, and User Experience
Grand Ballroom

For patients and providers, security, privacy and user experience require an integrated view of identity, driven by context—this is the foundation for providing both the right user experience and appropriate information disclosure. However, delivering this integrated view has been challenging due to the fragmentation of identity across multiple sources (AD, SQL, APIs)—and the relationships of IDs with key applications, such as Epic and Kronos. 
​Dieter Schuller will explain how you can leverage identity-virtualization to integrate existing identity, without disrupting your business. Learn how large healthcare organizations have successfully adopted identity and context virtualization.

Dieter
Schuller
Vice President of Sales and Business Development
Radiant Logic

12:15pm - 12:45pm

Guest Keynote

The Door’s Locked but the Key’s Under the Mat – Or, What Executives Get Wrong About Cybersecurity
Grand Ballroom

Many vulnerabilities that exist in organizations come from ingrained corporate cultures – cultures that value personal safety in the workplace (“Hold the railing when walking downstairs”), but that don’t apply the same concern to cybersecurity. Think of it this way: If you put a stronger lock on the door, but still leave the key under the mat, have you really made things more safe? In healthcare, as in other industries, when it comes to cybersecurity, we’re building stronger doors, but leaving keys all over the place.

In this session, Professor Madnick discuss the current state of cybersecurity in healthcare and other industries, and explains that to improve risk management, organizations must implement  a cultural shift, emphasizing a top-down approach that addresses management, organizational behavior, and strategy.

 

 

Stuart
Madnick
John Norris Maguire Professor of Information Technology
Massachusetts Institute of Technology (MIT)

12:45pm - 1:30pm
Networking Lunch
Grand Ballroom

Take this opportunity to mingle with your peers in a relaxed setting to build relationships and establish future partnerships.

1:30pm

1:30pm - 2:00pm

Cybersecurity

"Holistic" Security Framework Supports Business and Clincal Goals
Grand Ballroom

The Health Care Industry Cybersecurity Task Force in its June 2017 Final Report recommended a “holistic strategy” that supports both business AND clinical objectives within the healthcare industry. The problem most healthcare enterprises face in acting holistically is that cybersecurity is kept in its own silo, using a unique framework to analyze risk that does not easily translate into return in investment for the technology spend, while the rest of the risk management decisions almost exclusively use dollars saved or financial measurements of risk avoided.

This seminar will explain how to apply the NIST Risk Management Framework to the healthcare system as a whole, utilizing people and processes (not just technology) to address both cybersecurity risk as well as other health care business and clinical risks – in effect, using the framework to apply to all risk management analyses and mitigation strategies in advance of unpublished Revision 5 to NIST SP 800-53, which purports to do exactly that.

 

Barry
Herrin
Principal
Herrin Health Law

1:30pm - 2:00pm

HIPAA & Compliance

From the Healthcare Attorney's Desk - Avoid These Landmines
Constitution A

In this session, healthcare attorney Matt Fisher will address some common privacy & security misunderstandings that could lead unsuspecting healthcare providers into a whole lot of trouble. Specifically:

  • As long as I have cybersecurity/general liability/professional liability insurance, I’ll be fully covered in the event of a breach. 
  • Our team can handle our risk analysis internally. We don’t need outside help.
  • Social media and mobile communications aren’t a big concern for us. 
  • Business Associate Agreements are just a form agreement. Our lawyers don’t need to review them and we should always sign one.
  • As long as I’m HIPAA compliant and my vendor is HIPAA “certified”, I’m golden. 

If you’ve ever found yourself uttering or thinking these statements, it’s time to reconsider your position. Matt will explain why such thinking is dangerous, and what attendees can do mitigate potential harm.

Matthew
Fisher
Partner
Mirick, O'Connell, DeMallie & Lougee

1:30pm - 2:00pm

Education & Awareness

Empower Employees to Protect the Organization Against Ransomware and Other Threats
Constitution B

Social engineering attacks targeting healthcare are on the rise. Will you know when your people are victims of social engineering? Can you tell with the traditional defenses in place? In this session, we will explore advanced social engineering tactics and share best practices with proven results in building an effective education program to empower people to recognize and respond to the everyday threat.

Key takeaways:

  • Recognize how employees learn.
  • Measure the effectiveness of education.
  • Identify rapid incident response techniques.
  • Empower staff through education and communication.
Chad
Wilson
Director of Information Security
Children’s National Health System
2:05pm

2:05pm - 2:35pm

Cybersecurity

Endpoint Protection: Clamp Down on Remote Threats
Grand Ballroom

In this session, Healthcare IT News Editor-in-Chief Tom Sullivan sits down with Darren Lacey, CISO of Johns Hopkins University and Johns Hopkins Medicine, and discusses Lacey’s top 3 priorities for the coming year, which are: Pentesting, end-point security, and vendor management.

Lacey will share what he’s doing in these three key areas and what’s producing the best results.

Darren
Lacey
Chief Information Security Officer
Johns Hopkins
Tom
Sullivan
Editor-in-Chief
Healthcare IT News

2:05pm - 2:35pm

HIPAA & Compliance - Presented by HITRUST

3rd Party Assurance: The Path to Trust and Transparency with Your Vendors
Constitution A

Third parties — whether traditional vendors, business partners or inter-affiliates — deliver important services that help healthcare organizations meet their business and clinical goals. But the convenience and flexibility of outsourcing third party services comes with significant cyber risks, including regulatory penalties for vendor related incidents.

To mitigate this risk, more and more security leader are turning to 3rd-party assurance programs. A sound third-party program can give you the peace of mind that the data and systems you entrust to third parties are maintained in a secure and complaint manner.

In this session, you learn how a third-party assurance plan can strengthen your security posture, and how to evaluate assurance programs and choose the one that best meets your needs.

Michael
Parisi
Vice President of Assurance Strategy and Community Development
HITRUST

2:05pm - 2:35pm

Education & Awareness - Presented by CHIME

Creating an Effective Organizational Wide Cyber Security Strategy
Constitution B

A successful cyber security strategy is one that is embraced and supported throughout the organization- it’s not just about technology! This session identifies the key components of a cyber security strategy including both operational and technical components as well as approaches for plan monitoring, security controls, metrics and breach practices. 

Key Takeaways:

  • Discover the key components of a robust cyber security strategy, tactical plan and corresponding metrics.
  • Discuss an organization’s role and responsibilities to ensure success of the plan and the intersection of policies and procedures with cyber security.
  • Identify best practices for deployment and management of cyber security plans and ways to anticipate new and emerging threats. 
Cletis
Earle
Vice President & CIO
Kaleida Health / CHIME Board Member
2:40pm

2:40pm - 3:10pm

Cybersecurity

After the Breach: Response and Recovery
Grand Ballroom

No one wants a breach on their watch, but unfortunately they do happen, even to the best prepared and protected of us. Having a well-orchestrated, coordinated plan, practiced several times a year, will allow the organization to react quickly and minimize negative outcomes. We will discuss the elements of a well thought out plan, and how to execute that plan quickly when a breach occurs. We will also discuss resources available to you and when to involve other parties and governmental agencies.”

Darin
Prill
Senior Director, IS Technology
Children’s Mercy Kansas City

2:40pm - 3:10pm

HIPAA & Compliance

The Security Genome: Baking HIPAA Compliance into Your Organization's DNA
Constitution A

One of the largest challenges with HIPAA compliance is the need to operationalize it. There are a lot of requirements under the HIPAA Security Rule, Privacy Rule, and HITECH.  However, translating these requirements into action has been difficult.  This session will go over the steps you need to develop a communication plan, example work plan, and requirements for implementing HIPAA in the spirit of its original intent, which is to ensure that healthcare organizations continually assess their risk and apply reasonable and appropriate countermeasures to ensure the privacy and security of patient data.

Mitch
Parker
Executive director of Information Security and Compliance
Indiana University Health

2:40pm - 3:10pm

Education & Awareness

Education of the C-Suite: The Key to Navigating a Changing Risk Environment
Constitution B

Healthcare cybersecurity leads are on the front lines of a raging inferno which threatens to consume their organizations.  They must constantly deal with new threats in the complex healthcare environment, often with insufficient resources and leadership that does not appreciate the true extent of the threat.  Effectively communicating with the “C-suite” is an essential skill for today’s cybersecurity professionals.  You must be able to clearly explain the cyber-threat, what is at stake, and advocate for the resources needed to prepare the organization for the imminent threat of a cyber-attack. 

How do you cut through the noise that healthcare executives must deal with every day? How do you effectively communicate with your general counsel?  This session will provide you with data and practical tips to improve your effectiveness.  

Steven
Gravely
Partner
Troutman Sanders

3:10pm - 3:40pm
Networking Break
Grand Ballroom

Take this opportunity to mingle with your peers in a relaxed setting to build relationships and establish future partnerships. Coffee will be served in the exhibit area so make sure to stop by our sponsor tables.

3:40pm - 4:15pm

Featured Presenation

Case Study: Blockchain in Healthcare - A Marriage of Hype and Promise
Grand Ballroom

In this session we’ll hear how Sentara Health and Old Dominion University are working to secure data by putting into practice one of the hottest (and most hyped) technologies in healthcare: Blockchain.

How does blockchain work in securing the data and enhancing collaboration? Speakers will discuss that in this session. They’ll also share key takeaways, which include:

  • Blockchain is at the top of the “hype cycle” and needs more real-world use cases to prove its effectiveness.
  • It’s not a silver bullet, but has promise for certain key areas, and that has Sentara excited.
  • It’s got big potential for effective identity management, for instance, but scalability remains an open question.
Sachin
Shetty
Associate Professor, Center for Cybersecurity Education and Research
Old Dominion University
Dan
Bowden
Vice President and CISO
Sentara Healthcare

4:15pm - 4:30pm

Case Study

Accelerating Your Move to the Cloud
Grand Ballroom

Coming soon.

Vlad
Friedman
Chief Executive Officer
Edge Hosting
Doug
Rempfer
Chief Operating Officer
Surgical Information Systems

4:30pm - 5:10pm

Spotlight

CISOs and CIOs: Stronger Together than Apart
Grand Ballroom

Conflicting priorities can complicate the relationship between the CIO and CISO. CIOs must drive business solutions faster than ever. Security, on the other hand, is often perceived as creating obstacles or processes that make a user’s life more difficult.

In this session, the CIO and CISO of a major health system sit down and discuss what it takes to align security, innovation, and business velocity to create a successful partnership.

Gus
Venditto
VP, Content & Product Development, HIMSS Media
HIMSS Media
Randy
Gaboriault
CIO & SVP of Innovation & Strategic Development
Christiana Care Health System
Anahi
Santiago
Chief Information Security Officer
Christiana Care Health System

5:10pm
End of Day Remarks
Grand Ballroom

Tom
Sullivan
Editor-in-Chief
Healthcare IT News

5:10pm - 6:10pm
Networking Reception
Grand Ballroom

After a day of informative and incisive presentations, enjoy a drink and hors d'oeuvres in the ballroom with your fellow attendees, speakers and sponsors. 

Get Updates

Sign up to get the latest information on upcoming events.

 

Subscribe