San Francisco, CA
June 11-12, 2018


8:30am - 9:00am
Networking Breakfast & Badge Pick Up
Grand Ballroom

Breakfast will be served in the ballroom so make sure to stop by the sponsor tables.

9:00am - 9:05am
Welcome Remarks
Grand Ballroom


9:05am - 9:50am

Opening Keynote

Accountability and Leadership When it Matters Most
Grand Ballroom

Commander Krik Lippold, U.S. Navy  (Ret.) was the commanding officer of the USS Cole when it came under a suicide terrorist attack by al Qaeda in the port of Aden, Yemen. During his command, Commander Lippold and his crew distinguished themselves by saving the American war ship from sinking. This event is widely recognized as one of the most brazen acts of terrorism by al Qaeda prior to September 11, 2001.

Commander Lippold is a crisis management expert and proven leader, and in this opening keynote, tailored to the needs of healthcare security professionals, he shares with attendees lessons learned while leading his crew aboard the USS Cole following the attack.

These critical steps demonstrate how any organization can detect, react to contain and then control crises, assess progress in defining a new normal, and measure successes moving forward. 

These leadership and management techniques will arm attendees with a military-grade approach to prepare for and take action when cyber terrorists strike — because it’s not a matter of if, but when.

United State Navy (Ret)

10:05am - 10:45am

Leadership Panel

Healthcare Security Today and Tomorrow
Grand Ballroom

The threat landscape is changing and hackers have become much more dangerous and disruptive to healthcare. New and emerging attacks are more impactful because they interrupt services and communications. They can cripple an organization by taking down its infrastructure and internet connections, and, most alarmingly, this poses a major risk to patient care.

In this opening state-of-the-industry discussion, our panel of seasoned healthcare security veterans survey the threat landscape and explain what they are doing to counter hackers. They’ll also discuss their top initiatives for the coming year.

Information Security Officer
Marin General Hospital
Thin Air

10:45am - 11:15am
Networking Break
Grand Ballroom

Take this opportunity to mingle with your peers in a relaxed setting to build relationships and establish future partnerships. Coffee will be served in the ballroom area so make sure to stop by our sponsor tables.

11:15am - 11:35am

HIMSS Threat Intelligence

Through the Looking Glass: What's Happening Now
Grand Ballroom

HIMSS Director of Privacy & Security Lee Kim discusses what is happening now in healthcare and cross-sector cybersecurity.  Specifically, Lee will discuss the findings of the special edition of the HIMSS healthcare and cross-sector cybersecurity report.  Hear about fresh, open source intelligence on what is happening in healthcare and beyond.  Gain knowledge about threats, vulnerabilities, mitigation, research, and tools you can use to help your organization be more secure.

Director, Privacy & Security

11:50am - 12:10pm

Talking to the C-Suite

Leadership's Role in Building a Cyber-Resilient Organization
Grand Ballroom

C-suites and boards must collaborate with security leaders to prepare their organizations to withstand and combat cyberattacks. Yet, too often, security leaders, unsure of how to talk to senior leaders, fail to communicate the need for an enterprise-wide approach to managing an ever-growing threat landscape. The result: Security doesn’t get the resources it needs and remains uphill battle.  

In this session, Advisory Board security expert Allyson Vicars shares key takeaways from deep industry research on how to have a productive conversation on security and risk with the most senior leaders in your health care organization.

Key takeaways:

  • Tips for cyber security conversations.
  • Messages for IT leaders to deliver to the C-suite.
  • Tactics to active and involve C-suite in cyber efforts.
Associate Director, Health IT Research
The Advisory Board

12:10pm - 12:40pm

CIO Perspective

Managing Today’s Healthcare Information Explosion
Grand Ballroom

In the healthcare, cyberterrorism can appear in a variety of forms. It can bring down a hospital computer system or publicly reveal private medical records. Whatever shape it takes, the general effects are the same: patient care is compromised, and trust in the health system is diminished.

Evidence suggests that cyber threats are increasing and that much of the U.S. healthcare system is ill equipped to deal with them.

Securing cyberspace is not an easy proposition as the threats are constantly changing, but it’s critical to recognize that cyberterrorism should be part of a broader information technology risk management strategy.

In this session, Michael Archuleta, recently recognized as a Top Hospital and Health System CIO, reviews case studies and the tremendous negative effects a cyber-attack could have on a healthcare organization. It’s scary stuff, but Michael will also share his thoughts on the best practices healthcare organizations can adopt to protect themselves – and their patients – from such attacks.

Chief Information Security Officer, HIPAA & Information Security Officer
Mt. San Rafael Hospital

12:40pm - 1:00pm

Speaker Hub

Networking with the Morning Presenters
Grand Ballroom

One of the best ways learn is to network with your peers. This session provides an opportunity for attendees to meet with morning speakers and dive deeper into specific topics.

Here's how it works:

Speakers from the morning sessions will be stationed at different tables in the room. Attendees can circulate and speak one-on-one or in groups with individual speakers.

Network, share and learn in this interactive environment.

1:00pm - 2:00pm
Networking Lunch
Grand Ballroom

Take this opportunity to mingle with your peers in a relaxed setting to build relationships and establish future partnerships. 

2:00pm - 2:30pm

Third-Party Risk Management

Trust but Verify Must be Your Guiding Principle
Grand Ballroom

More and more breach and enforcement activities against covered entities is due to the actions or in-actions of the third parties they engage to support their operations. Poor engagement, oversight, monitoring and dis-engagement often leaves covered entities responsible for all of the risk, fees, and reputational fall out. This can affect compliance, legal agreements, patient care and even your cyber security insurance. Trust but verify needs to be the underlying foundation of your third party risk management program.

In this session, Jane Harper brings more than 18 years of risk, compliance, audit, and security experience to share with attendees best practices for managing third-party risk.

Key takeaways include:

  • When the relationship is over, you still have to protect yourself.
  • Third party risk management and your cyber security insurance: Some things you should know.
  • Some 3-, 4- & 5-letter acronyms that must be discussed before it is too late.
Director, Privacy & Security Risk Management
Henry Ford Health System

2:30pm - 3:00pm

Designing Success

User Experience Can Doom or Enhance Compliance
Grand Ballroom

Healthcare security professionals confront this question regularly: How do we safeguard data but also distribute it as widely and responsibly as possible? These two competing interests can sometimes create tension. At the Midwest Health Collaborative, a consortia of six health systems, including the Cleveland Clinic, the answer lies in a team of user-experience designers who consider workflow demands first when deploying technology and designing policies.

In this session, Michael Gold, the collaborative’s vice president of analytics and technology, describes how his team has improved adherence and HIPAA compliance by thinking user-first when implementing policies and procedures.  He’ll also share best practices that other healthcare organizations can put into practice to improve their own compliance.

As Michael will explain, and most attendees will agree, many breaches occur around human error. If improving the user experience decreases the changes of a breach, that’s a big win.

Vice President Analytics & Technology
Midwest Health Collaborative

3:30pm - 3:55pm
Networking Break
Grand Ballroom

3:55pm - 4:25pm

The CISO Handbook

A Practical Guide to Securing Your Healthcare Organization
Grand Ballroom

When it comes to building a security program from the ground up, Tom August wrote the book. Literally. Not only is Tom an experienced healthcare CISO, he co-authored The CISO Handbook: A Practical Guide to Security Your Company.

In this session, Tom discusses his successes in investing in and implementing innovative security measures that address common information security threats to healthcare organizations. Tom will explain his approach to prioritizing business and patient risks, gathering board support, evaluating new solutions, and creating vendor collaborations that can result in better patient care.

He’ll also discuss the importance of maintaining symbiotic relationships with focused security vendors, and how doing so has enabled him to aggressively push the curve with cutting-edge solutions.

Vice President and Chief Information Security Officer
John Muir Health

4:25pm - 4:55pm

The Path Forward

Risk and Responsibility in a Hyperconnected World
Grand Ballroom

McKinsey & Co. and the World Economic Forum recently undertook joint research to develop a fact-based view of cyber risks, assess their economic and strategic implications, particularly for healthcare, and lay out a path forward. Interviews with executives and data from more than 200 enterprises, technology vendors, and public agencies contributed to the report’s three main findings for enterprises:

  • Despite years of effort, and tens of billions of dollars spent annually, the global economy is still not sufficiently protected against cyberattacks—and it is getting worse.
  • Enterprise-technology executives agree on the seven practices they must put in place to improve their resilience in the face of cyberattacks; even so, most technology executives gave their institutions low scores in making the required changes.
  • Given the cross-functional, high-stakes nature of cybersecurity, it is a CEO-level issue, and progress toward cyber resiliency can only be achieved with active engagement from the senior leaders of public and private institutions.

In this end-of-the day featured presentation, Venky Anant, an associate partner and cybersecurity expert for McKinsey & Company, highlights the report’s findings, and, importantly, discusses the emerging consensus among technology executives on the seven keys to a more effective cybersecurity defense.

If you are like the nearly 80 percent of executives who said they cannot keep up with the increased sophistication of attackers, this session will provide some much needed help.

Partner, Leader, Cybersecurity Practice
McKinsey & Company

4:45pm - 4:50pm
End of Day Remarks
Grand Ballroom


4:50pm - 5:50pm
Networking Reception
Grand Ballroom

Get Updates

Sign up to get the latest information on upcoming events.