HEALTHCARE SECURITY FORUM: A HIMSS EVENT
San Francisco, CA - June 11 - 12, 2018
Breakfast will be served in the ballroom so make sure to stop by the sponsor tables.
Commander Krik Lippold, U.S. Navy (Ret.) was the commanding officer of the USS Cole when it came under a suicide terrorist attack by al Qaeda in the port of Aden, Yemen. During his command, Commander Lippold and his crew distinguished themselves by saving the American war ship from sinking. This event is widely recognized as one of the most brazen acts of terrorism by al Qaeda prior to September 11, 2001.
Commander Lippold is a crisis management expert and proven leader, and in this opening keynote, tailored to the needs of healthcare security professionals, he shares with attendees lessons learned while leading his crew aboard the USS Cole following the attack.
These critical steps demonstrate how any organization can detect, react to contain and then control crises, assess progress in defining a new normal, and measure successes moving forward.
These leadership and management techniques will arm attendees with a military-grade approach to prepare for and take action when cyber terrorists strike — because it’s not a matter of if, but when.
The threat landscape is changing and hackers have become much more dangerous and disruptive to healthcare. New and emerging attacks are more impactful because they interrupt services and communications. They can cripple an organization by taking down its infrastructure and internet connections, and, most alarmingly, this poses a major risk to patient care.
In this opening state-of-the-industry discussion, our panel of seasoned healthcare security veterans survey the threat landscape and explain what they are doing to counter hackers. They’ll also discuss their top initiatives for the coming year.
Take this opportunity to mingle with your peers in a relaxed setting to build relationships and establish future partnerships. Coffee will be served in the ballroom area so make sure to stop by our sponsor tables.
HIMSS Director of Privacy & Security Lee Kim discusses what is happening now in healthcare and cross-sector cybersecurity. Specifically, Lee will discuss the findings of the special edition of the HIMSS healthcare and cross-sector cybersecurity report. Hear about fresh, open source intelligence on what is happening in healthcare and beyond. Gain knowledge about threats, vulnerabilities, mitigation, research, and tools you can use to help your organization be more secure.
C-suites and boards must collaborate with security leaders to prepare their organizations to withstand and combat cyberattacks. Yet, too often, security leaders, unsure of how to talk to senior leaders, fail to communicate the need for an enterprise-wide approach to managing an ever-growing threat landscape. The result: Security doesn’t get the resources it needs and remains uphill battle.
In this session, Advisory Board security expert Allyson Vicars shares key takeaways from deep industry research on how to have a productive conversation on security and risk with the most senior leaders in your health care organization.
In the healthcare, cyberterrorism can appear in a variety of forms. It can bring down a hospital computer system or publicly reveal private medical records. Whatever shape it takes, the general effects are the same: patient care is compromised, and trust in the health system is diminished.
Evidence suggests that cyber threats are increasing and that much of the U.S. healthcare system is ill equipped to deal with them.
Securing cyberspace is not an easy proposition as the threats are constantly changing, but it’s critical to recognize that cyberterrorism should be part of a broader information technology risk management strategy.
In this session, Michael Archuleta, recently recognized as a Top Hospital and Health System CIO, reviews case studies and the tremendous negative effects a cyber-attack could have on a healthcare organization. It’s scary stuff, but Michael will also share his thoughts on the best practices healthcare organizations can adopt to protect themselves – and their patients – from such attacks.
One of the best ways learn is to network with your peers. This session provides an opportunity for attendees to meet with morning speakers and dive deeper into specific topics.
Here's how it works:
Speakers from the morning sessions will be stationed at different tables in the room. Attendees can circulate and speak one-on-one or in groups with individual speakers.
Network, share and learn in this interactive environment.
Take this opportunity to mingle with your peers in a relaxed setting to build relationships and establish future partnerships.
More and more breach and enforcement activities against covered entities is due to the actions or in-actions of the third parties they engage to support their operations. Poor engagement, oversight, monitoring and dis-engagement often leaves covered entities responsible for all of the risk, fees, and reputational fall out. This can affect compliance, legal agreements, patient care and even your cyber security insurance. Trust but verify needs to be the underlying foundation of your third party risk management program.
In this session, Jane Harper brings more than 18 years of risk, compliance, audit, and security experience to share with attendees best practices for managing third-party risk.
Key takeaways include:
Healthcare security professionals confront this question regularly: How do we safeguard data but also distribute it as widely and responsibly as possible? These two competing interests can sometimes create tension. At the Midwest Health Collaborative, a consortia of six health systems, including the Cleveland Clinic, the answer lies in a team of user-experience designers who consider workflow demands first when deploying technology and designing policies.
In this session, Michael Gold, the collaborative’s vice president of analytics and technology, describes how his team has improved adherence and HIPAA compliance by thinking user-first when implementing policies and procedures. He’ll also share best practices that other healthcare organizations can put into practice to improve their own compliance.
As Michael will explain, and most attendees will agree, many breaches occur around human error. If improving the user experience decreases the changes of a breach, that’s a big win.
When it comes to building a security program from the ground up, Tom August wrote the book. Literally. Not only is Tom an experienced healthcare CISO, he co-authored The CISO Handbook: A Practical Guide to Security Your Company.
In this session, Tom discusses his successes in investing in and implementing innovative security measures that address common information security threats to healthcare organizations. Tom will explain his approach to prioritizing business and patient risks, gathering board support, evaluating new solutions, and creating vendor collaborations that can result in better patient care.
He’ll also discuss the importance of maintaining symbiotic relationships with focused security vendors, and how doing so has enabled him to aggressively push the curve with cutting-edge solutions.
McKinsey & Co. and the World Economic Forum recently undertook joint research to develop a fact-based view of cyber risks, assess their economic and strategic implications, particularly for healthcare, and lay out a path forward. Interviews with executives and data from more than 200 enterprises, technology vendors, and public agencies contributed to the report’s three main findings for enterprises:
In this end-of-the day featured presentation, Venky Anant, an associate partner and cybersecurity expert for McKinsey & Company, highlights the report’s findings, and, importantly, discusses the emerging consensus among technology executives on the seven keys to a more effective cybersecurity defense.
If you are like the nearly 80 percent of executives who said they cannot keep up with the increased sophistication of attackers, this session will provide some much needed help.