Boston, MA
Oct. 15-16, 2018


8:00am - 8:30am
Networking Breakfast and Badge Pick Up
American Ballroom

Breakfast will be served in the ballroom, be sure to stop by the sponsor tables.

8:30am - 8:35am
Welcome Remarks
American Ballroom

Editor in Chief

8:35am - 9:20am

Opening Keynote

From the Firing Lines to a Fireside Chat
American Ballroom

As former White House CIO, Payton knows that protecting your organization's digital assets is the duty of the information and security officers. Delving into the cybercriminal underworld and emerging trends that can lead to tomorrow’s breaches, she offers solutions for executives to energize their organization in enhancing their security posture.

Former White House CIO & Cybersecurity authority and star on CBS's "Hunted"

9:20am - 9:35am


Introductions & Live Poll
American Ballroom

At all HIMSS events, we strive to secure the best speakers and deliver the most valuable information possible, but in this short session at the start of the forum, we want to hear from you.

Take a few minutes and introduce yourself to fellow attendees at your table, and share why you are attending the forum. Then use our real-time polling app and let us know what you want to learn over the next two days.

We’ll share key themes and desired takeaways with the audience, and use the information to fine-tune as much as possible the presentations to follow.

Let no question go unasked!

9:50am - 10:30am

Leadership Panel

Healthcare Security's Second Act - From Prevention to Resilience
American Ballroom

If you think of healthcare security as a three-act play, we are now well into the second act, and orgs that have not kept up (and there are many), face more danger than they likely imagine.

In the first act, security leaders received a budget, launched a program, focused on technical and physical controls, and relied heavily on prevention.

In healthcare security’s second act:

  • Healthcare orgs shift resources from prevention to incident response. It’s not if, but when you’ll be breached. To safeguard patient safety and business continuity, organizations must respond and recover quickly.
  • Information sharing has grown in importance.
  • Security leaders recognize the need to optimize existing technology rather than buy the next shiny object.
  • Automation and manage services help offset a shrinking talent pool.
  • Awareness training sits center stage.

The list goes on.

In this session, our expert speakers will discuss these and other key features of healthcare security’s second act. Importantly, they’ll provide guidance to help organizations stuck in the first act move to the second act and create a more resilient security posture.

As for the third act, they’ll have some thoughts on that, too.

Director of Privacy and Security

10:30am - 11:00am
Networking Break
American Ballroom

Take this opportunity to mingle with your peers in a relaxed setting to build relationships and establish future partnerships. Coffee will be served in the ballroom area so make sure to stop by our sponsor tables.

11:00am - 11:30am

Dollars and Sense

The Economic Costs of Cybersecurity
American Ballroom

Cybersecurity does not generate revenue, and this makes it difficult to assess how much money to allocate to a cybersecurity budget or predict the economic impact of a major breach.

But not impossible.

In this session, Partners Healthcare CISO Jigar Kadakia draws on his 18 years of security leadership to discuss, among other things, why healthcare appeals to hackers, your odds of being breach (much greater than marrying a millionaire), and the potential costs of a breach to a healthcare organization.

Importantly, as Jigar will explain, that while not an exact science, funding your security budget, should relate directly to: 1. Your risk tolerance; and 2. Quantifying ROI – cost of solution versus potential cost of a breach.

This is foundational knowledge for every healthcare security leader - or want-to-be leader.

Learning objectives

  • Explain how much an organization should invest in cybersecurity and how to allocate the cybersecurity budget.
  • Outline the economic impact (and potential loss) associated with a successful cyber-attack.
  • Illustrate the costs associated with a major breach of protected health information and/or sensitive information.
Chief Information Security Officer
Partners HealthCare

11:45am - 12:25pm

Security Think Tank

3rd Party Risk Management & Cloud Computing Best Practices
American Ballroom

Welcome to the Think Tank!

This interactive session leverages the audiences’ collective experience to drive greater value and takeaways. It works like this: For the first 10 minutes, each table discusses individual roadblocks and challenges with 3rd party risk management and cloud computing. Then a designated attendee from each table uses our real-time texting app to shoot questions to our security experts. Or, and we encourage this, feel free to stand and ask a question from a floor microphone. The more live engagement, the better!

More and more, breach and enforcement activities against covered entities result from the actions or in-actions of third party partners. Poor engagement, oversight, monitoring and dis-engagement often leaves covered entities responsible for all of the risk, fees, and reputational fall out.

In this session, get your questions answered and learn best practices to address two of the most important challenges in healthcare security.

12:25pm - 1:30pm
Networking Lunch
American Ballroom

Take this opportunity to mingle with your peers in a relaxed setting to build relationships and establish future partnerships.


1:30pm - 2:15pm

Identify & Protect

Evolutions in People, Processes, and Technology
America Ballroom

Advisor, IT Risk Management
Chief Information Security Officer
Christina Care Health System

1:30pm - 2:15pm


Pentesting: Uncovering Gaps with Human Ingenuity
George A/B

Cybersecurity Evangelist
HIMSS Privacy & Security Committee
Chief Information Security Officer
Johns Hopkins University & Johns Hopkins Medicine CISO

1:30pm - 2:15pm

Respond & Recover

Incident Response
George C/D


2:25pm - 2:50pm

Identify & Protect

Employee & Insider Breaches: Vulnerability or Threat Vector
America Ballroom

Herrin Health Law

2:25pm - 2:50pm


Continuous Security Monitoring – The Benefits of Full Visibility
George A/B

When it comes to security, most healthcare organizations have primarily focused on prevention and adopted a “set-it-and-forget-it-mentality.”  Prevention is ideal, but it's flawed and, ultimately, will fail.  Remember: It’s not if but when you’ll be breached, and with threats evolving at lightning speed, and becoming increasingly sophisticated, what prevented them last year, likely won’t work today.

To detect, respond and contain attacks, you organization needs visibility, and that's what continuous security monitoring provides.

In this session, security expert Dom Gandolfo explains the benefits of continuous security monitoring, how it works, and its critical role in building security resiliency.


  • Lack of visibility, detection and response capabilities will continue to be a contributing factor for today's data breach.
  • Why your focus must shift from a prevention-only to a detection approach.
  • Being proactive is less costly than being reactive.
Chief Security Strategist
Cybersafe Solutions

2:25pm - 2:50pm

Respond & Recover

Tabletop Exercise: Business Continuity After a Ransomware Attack
George C/D

2:50pm - 3:20pm
Networking Break
American Ballroom

Take this opportunity to mingle with your peers in a relaxed setting to build relationships and establish future partnerships. Coffee will be served in the ballroom area so make sure to stop by our sponsor tables.

3:20pm - 4:00pm
Featured Speaker
America Ballroom

4:30pm - 5:00pm

Outside the Box

Securing Healthcare's Non-Acute Consumer Landscape
America Ballroom

Vice President & Chief Information Security Officer
Sentara Healthcare

End-of-day Remarks
American Ballroom

Editor in Chief

5:00pm - 6:00pm
Networking Reception
American Ballroom

After a day of informative and incisive presentations, enjoy a drink and hors d'oeuvres in the Grand Ballroom with your fellow attendees, speakers and sponsors.

Get Updates

Sign up to get the latest information on upcoming events.