Boston, 2018 x2, MA
Sheraton Boston Hotel
Sep. 11-13, 2017


8:30am - 9:00am
Breakfast and Badge Pick-up
Grand Ballroom

Breakfast will be served in the ballroom so make sure to stop by the sponsor tables. 

9:00am - 9:05am
Opening Remarks
Grand Ballroom

Executive Vice President

9:05am - 10:00am

Opening Keynote

From Risk to Resilience - The Global Mission to Secure Cyber Security
Grand Ballroom

Organizations of all types today face a daily and growing assault from nation states, lone actors and organized crime. The assailants target everything from trade secrets to proprietary information to reputation damage to critical infrastructure and financial systems. The effects are as far-reaching, disruptive and consequential as physical attacks, and can make or break organizations that are not sufficiently prepared.

  • How can an organization embed cybersecurity into its suite of core business functions?
  • How can we better protect our globally interdependent systems?
  • What are the rules of engagement for world leaders, and what are the consequences for their foes?

In this presentation, one of the world’s most notable security experts, Tom Ridge, the first secretary of the U.S. Department of Homeland Security, brings the priorities of cybersecurity into perspective as only an internationally respected leader can. The evolution of cybersecurity strategy and diplomacy, what to expect from the next generation of cyber attacks and how to navigate it all mark this compelling, insightful presentation of a growing and global 21st century threat.

First Secretary of U.S. Department of Homeland Security, Former Governor of Pennsylvania, and Chairman, Ridge Global
Ridge Global, LLC

10:00am - 10:15am

Muscle Memory

Train for Cybersecurity Like You Would a Fight
Grand Ballroom

Breaches make the headlines every day but all too often the response to the breach is causing more damage than the breach itself. Are you ready? Do you have the skills you need? Are your incident response runbooks practiced and rehearsed to the point that they are muscle memory. Caleb Barlow, vice president of threat intelligence at IBM Security, will discuss what they are learning from the world's first at scale cyber range in the private sector. What does good look like? Where are companies struggling? How does your team best prepare for the eventual reality of a security breach?.

Vice President at IBM Security

10:15am - 11:00am

Leadership Panel

The State of Healthcare Cybersecurity 2017 and Beyond
Grand Ballroom

The threat landscape is changing and hackers have become much more dangerous and disruptive to healthcare. New and emerging attacks are more impactful because they interrupt services and communications. They can cripple an organization by taking down its infrastructure and internet connections, and, most alarmingly, this poses a major risk to patient care.

In this opening state-of-the-industry discussion, our panel of seasoned healthcare security veterans survey the threat landscape and explain what they are doing to counter hackers. They’ll also discuss their top initiatives for the coming year.

Chief Information Security Officer
Penn Medicine
Co-founder and Chief Technical Officer
BitSight Technologies
Senior Healthcare Strategist
Global Healthcare Industry Market Leader
Healthcare IT News

11:00am - 11:30am
Networking Break
Grand Ballroom

Take this opportunity to mingle with your peers in a relaxed setting to build relationships and establish future partnerships. Coffee will be served in the ballroom area so make sure to stop by our sponsor tables.

11:30am - 12:00pm

2017 and Beyond

WannaCry, Petya, NotPetya. What’s Next in Cybercrime?
Grand Ballroom

HIMSS Director of Privacy & Security Lee Kim aggregates a valuable monthly recap of information on current threats, vulnerabilities, mitigation information and other valuable resources for the healthcare industry. Rather than paralyzing them with information overload, Lee’s “Healthcare and Cross-Sector Cybersecurity Report”, tips off privacy & security professionals to current relevant threats and offers advice on how to proactively mitigate the threats.

In this session, Lee reviews a year dominated by WannaCry, Petya, NotPetya and other ransomware, distributed denial of service attacks, concerns about malicious insiders, outdated and insecure websites, and other threats and vulnerabilities.

At present and going forward, there’s no evidence that these threats will slow down. But as Lee will discuss, healthcare organizations can head off trouble by staying ahead of the threats, and perhaps more importantly, raising the cybersecurity literacy of all employees.

Director, Privacy and Security
HIMSS North America

12:00pm - 12:15pm

Identification Coordination

Integrated Identity Profile and Context-Virtualization for Security, Privacy, and User Experience
Grand Ballroom

For patients and providers, security, privacy and user experience require an integrated view of identity, driven by context—this is the foundation for providing both the right user experience and appropriate information disclosure. However, delivering this integrated view has been challenging due to the fragmentation of identity across multiple sources (AD, SQL, APIs)—and the relationships of IDs with key applications, such as Epic and Kronos. 
​Dieter Schuller will explain how you can leverage identity-virtualization to integrate existing identity, without disrupting your business. Learn how large healthcare organizations have successfully adopted identity and context virtualization.

Vice President of Sales and Business Development
Radiant Logic

12:15pm - 12:45pm


The Door’s Locked but the Key’s Under the Mat – Or, What Executives Get Wrong About Cybersecurity
Grand Ballroom

Many vulnerabilities that exist in organizations come from ingrained corporate cultures – cultures that value personal safety in the workplace (“Hold the railing when walking downstairs”), but that don’t apply the same concern to cybersecurity. Think of it this way: If you put a stronger lock on the door, but still leave the key under the mat, have you really made things more safe? In healthcare, as in other industries, when it comes to cybersecurity, we’re building stronger doors, but leaving keys all over the place.

In this session, Professor Madnick discuss the current state of cybersecurity in healthcare and other industries, and explains that to improve risk management, organizations must implement  a cultural shift, emphasizing a top-down approach that addresses management, organizational behavior, and strategy.



John Norris Maguire Professor of Information Technology
Massachusetts Institute of Technology (MIT)

12:45pm - 1:30pm
Networking Lunch
Grand Ballroom

Take this opportunity to mingle with your peers in a relaxed setting to build relationships and establish future partnerships.

1:30pm - 2:00pm


"Holistic" Security Framework Supports Business and Clincal Goals
Grand Ballroom

The Health Care Industry Cybersecurity Task Force in its June 2017 Final Report recommended a “holistic strategy” that supports both business AND clinical objectives within the healthcare industry. The problem most healthcare enterprises face in acting holistically is that cybersecurity is kept in its own silo, using a unique framework to analyze risk that does not easily translate into return in investment for the technology spend, while the rest of the risk management decisions almost exclusively use dollars saved or financial measurements of risk avoided.

This seminar will explain how to apply the NIST Risk Management Framework to the healthcare system as a whole, utilizing people and processes (not just technology) to address both cybersecurity risk as well as other health care business and clinical risks – in effect, using the framework to apply to all risk management analyses and mitigation strategies in advance of unpublished Revision 5 to NIST SP 800-53, which purports to do exactly that.


Herrin Health Law

1:30pm - 2:00pm

HIPAA & Compliance

From the Healthcare Attorney's Desk - Avoid These Landmines
Constitution A

In this session, healthcare attorney Matt Fisher will address some common privacy & security misunderstandings that could lead unsuspecting healthcare providers into a whole lot of trouble. Specifically:

  • As long as I have cybersecurity/general liability/professional liability insurance, I’ll be fully covered in the event of a breach. 
  • Our team can handle our risk analysis internally. We don’t need outside help.
  • Social media and mobile communications aren’t a big concern for us. 
  • Business Associate Agreements are just a form agreement. Our lawyers don’t need to review them and we should always sign one.
  • As long as I’m HIPAA compliant and my vendor is HIPAA “certified”, I’m golden. 

If you’ve ever found yourself uttering or thinking these statements, it’s time to reconsider your position. Matt will explain why such thinking is dangerous, and what attendees can do mitigate potential harm.

Mirick, O'Connell, DeMallie & Lougee

1:30pm - 2:00pm

Education & Awareness

Empower Employees to Protect the Organization Against Ransomware and Other Threats
Constitution B

Social engineering attacks targeting healthcare are on the rise. Will you know when your people are victims of social engineering? Can you tell with the traditional defenses in place? In this session, we will explore advanced social engineering tactics and share best practices with proven results in building an effective education program to empower people to recognize and respond to the everyday threat.

Key takeaways:

  • Recognize how employees learn.
  • Measure the effectiveness of education.
  • Identify rapid incident response techniques.
  • Empower staff through education and communication.
Director of Information Security
Children’s National Health System

2:05pm - 2:35pm


Endpoint Protection: Clamp Down on Remote Threats
Grand Ballroom

In this session, Healthcare IT News Editor-in-Chief Tom Sullivan sits down with Dan Bowden, CISO of Sentara Health, and discusses three key areas of importance: Pentesting, end-point security, and vendor management.

Bowden will share what he’s doing in these three key areas and what’s producing the best results.

Vice President and CISO
Sentara Healthcare
Healthcare IT News

2:05pm - 2:35pm

HIPAA & Compliance - Presented by HITRUST

3rd Party Assurance: The Path to Trust and Transparency with Your Vendors
Constitution A

Third parties — whether traditional vendors, business partners or inter-affiliates — deliver important services that help healthcare organizations meet their business and clinical goals. But the convenience and flexibility of outsourcing third party services comes with significant cyber risks, including regulatory penalties for vendor related incidents.

To mitigate this risk, more and more security leader are turning to 3rd-party assurance programs. A sound third-party program can give you the peace of mind that the data and systems you entrust to third parties are maintained in a secure and complaint manner.

In this session, you learn how a third-party assurance plan can strengthen your security posture, and how to evaluate assurance programs and choose the one that best meets your needs.

Vice President of Assurance Strategy and Community Development

2:05pm - 2:35pm

Education & Awareness - Presented by CHIME

Creating an Effective Organizational Wide Cyber Security Strategy
Constitution B

A successful cyber security strategy is one that is embraced and supported throughout the organization- it’s not just about technology! This session identifies the key components of a cyber security strategy including both operational and technical components as well as approaches for plan monitoring, security controls, metrics and breach practices. 

Key Takeaways:

  • Discover the key components of a robust cyber security strategy, tactical plan and corresponding metrics.
  • Discuss an organization’s role and responsibilities to ensure success of the plan and the intersection of policies and procedures with cyber security.
  • Identify best practices for deployment and management of cyber security plans and ways to anticipate new and emerging threats. 
Vice President & CIO
Kaleida Health / CHIME Board Member

2:40pm - 3:10pm


After the Breach: Response and Recovery
Grand Ballroom

No one wants a breach on their watch, but unfortunately they do happen, even to the best prepared and protected of us. Having a well-orchestrated, coordinated plan, practiced several times a year, will allow the organization to react quickly and minimize negative outcomes. We will discuss the elements of a well thought out plan, and how to execute that plan quickly when a breach occurs. We will also discuss resources available to you and when to involve other parties and governmental agencies.”

Senior Director, IS Technology
Children’s Mercy Kansas City

2:40pm - 3:10pm

HIPAA & Compliance

The Security Genome: Baking HIPAA Compliance into Your Organization's DNA
Constitution A

One of the largest challenges with HIPAA compliance is the need to operationalize it. There are a lot of requirements under the HIPAA Security Rule, Privacy Rule, and HITECH.  However, translating these requirements into action has been difficult.  This session will go over the steps you need to develop a communication plan, example work plan, and requirements for implementing HIPAA in the spirit of its original intent, which is to ensure that healthcare organizations continually assess their risk and apply reasonable and appropriate countermeasures to ensure the privacy and security of patient data.

Executive director of Information Security and Compliance
Indiana University Health

2:40pm - 3:10pm

Education & Awareness

Education of the C-Suite: The Key to Navigating a Changing Risk Environment
Constitution B

Healthcare cybersecurity leads are on the front lines of a raging inferno which threatens to consume their organizations.  They must constantly deal with new threats in the complex healthcare environment, often with insufficient resources and leadership that does not appreciate the true extent of the threat.  Effectively communicating with the “C-suite” is an essential skill for today’s cybersecurity professionals.  You must be able to clearly explain the cyber-threat, what is at stake, and advocate for the resources needed to prepare the organization for the imminent threat of a cyber-attack. 

How do you cut through the noise that healthcare executives must deal with every day? How do you effectively communicate with your general counsel?  This session will provide you with data and practical tips to improve your effectiveness.  

Troutman Sanders

3:10pm - 3:40pm
Networking Break
Grand Ballroom

Take this opportunity to mingle with your peers in a relaxed setting to build relationships and establish future partnerships. Coffee will be served in the exhibit area so make sure to stop by our sponsor tables.

3:40pm - 4:15pm

Featured Presenation

Case Study: Blockchain in Healthcare - A Marriage of Hype and Promise
Grand Ballroom

In this session we’ll hear how Sentara Health and Old Dominion University are working to secure data by putting into practice one of the hottest (and most hyped) technologies in healthcare: Blockchain.

How does blockchain work in securing the data and enhancing collaboration? Speakers will discuss that in this session. They’ll also share key takeaways, which include:

  • Blockchain is at the top of the “hype cycle” and needs more real-world use cases to prove its effectiveness.
  • It’s not a silver bullet, but has promise for certain key areas, and that has Sentara excited.
  • It’s got big potential for effective identity management, for instance, but scalability remains an open question.
Associate Professor, Center for Cybersecurity Education and Research
Old Dominion University
Vice President and CISO
Sentara Healthcare

4:15pm - 4:30pm

Case Study

Accelerating Your Move to the Cloud
Grand Ballroom

From healthcare providers to companies that service the healthcare industry, the move to the cloud is inevitable. The right partnership can help you overcome the challenges involved including the continuous stream of technological advances; security challenges and evolving compliance mandate and interoperability as data gets increasingly shared across new and legacy systems.

In this session, you will hear how Surgical Information Systems and Edge Hosting worked together to ensure compliance and security across systems without compromising performance, determining the right configuration of the latest technologies and how to design a flexible solution that can adapt to the demands of new technology acquisitions.


Chief Executive Officer
Edge Hosting
Chief Operating Officer
Surgical Information Systems

4:30pm - 5:10pm


CISOs and CIOs: Stronger Together than Apart
Grand Ballroom

Conflicting priorities can complicate the relationship between the CIO and CISO. CIOs must drive business solutions faster than ever. Security, on the other hand, is often perceived as creating obstacles or processes that make a user’s life more difficult.

In this session, the CIO and CISO of a major health system sit down and discuss what it takes to align security, innovation, and business velocity to create a successful partnership.

VP, Content & Product Development, HIMSS Media
CIO & SVP of Innovation & Strategic Development
Christiana Care Health System

End of Day Remarks
Grand Ballroom

Healthcare IT News

5:10pm - 6:10pm
Networking Reception
Grand Ballroom

After a day of informative and incisive presentations, enjoy a drink and hors d'oeuvres in the ballroom with your fellow attendees, speakers and sponsors. 

Get Updates

Sign up to get the latest information on upcoming events.