HEALTHCARE SECURITY FORUM: A HIMSS EVENT

Schedule

8:00am - 8:30am
Networking Breakfast
America Ballroom

Breakfast will be served in the ballroom, be sure to stop by the sponsor tables.

8:30am - 8:35am
Morning Remarks
America Ballroom

Tom
Sullivan
Editor-in-Chief of Healthcare IT News and Director of Content Development
HIMSS Media

8:35am - 9:15am

Morning Keynote

Cybersecurity Leadership When it Matters Most
America Ballroom

Commander Kirk Lippold, U.S. Navy (Ret.) was the commanding officer on the USS Cole when it came under a suicide terrorist attack by al Qaeda in the port of Aden, Yemen in 2000. During his command, Commander Lippold and his crew distinguished themselves by saving the American warship from sinking. This attack is widely recognized as one of the most brazen acts of terrorism by al Qaeda prior to September 11, 2001.

Commander Lippold is a compelling storyteller, and in this session he draws upon his five pillars of leadership, sharing strategies he used to instill integrity into his team and mitigate crises throughout his naval career. Importantly, he'll provide takeaways to help healthcare security leaders prepare for whatever the cyber future may hold, build strong teams, and make a difference when it matters most.

Kirk
Lippold
Commander
United States Navy (RET)

9:15am - 10:00am

Security War Room - Incident Response

The Healthcare Playbook for a Large Scale Breach
America Ballroom

Your organization has just been hit with a large-scale breach. As security leader what do you do first?

This CISO panel session will discuss prioritization and the sequence of activities that you should follow when dealing with a major breach including executive and other internal communication, external breach notification including affected individuals, OCR, and state regulatory bodies. With a 72-hour breach notification window fast becoming the norm, you don’t have long to think about things making sure that it’s done right!

Doug
Close
Senior Vice President, Cybersecurity
Sayers Technology
Mark
Sangster
Vice President and Industry Security Strategist
eSentire
Tyler
Mullican
Associate Chief Information Security Officer
Adventist Health System
Dan
Costantino
Chief Information Security Officer
Penn Medicine
Richard
Staynings
Cybersecurity Evangelist, SVP Chief Security & Trust Officer
HIMSS Privacy & Security Committee & Clearwater
Karl
West
AVP, Chief Information Security Officer
Intermountain Healthcare

10:00am - 10:30am
Networking Break
America Ballroom

Take this opportunity to mingle with your peers in a relaxed setting to build relationships and establish future partnerships. Coffee will be served in the ballroom area so make sure to stop by our sponsor tables. Networking breaks sponsored by eSentire, Everbridge, Fortinet, Sayers, and Sirius Healthcare.

10:30am - 11:00am

Hacking Healthcare Live - Part 1

The Anatomy of a Medical Device Attack
America Ballroom

Gone are the days when loss of PHI was the industry’s biggest worry: We now face a looming patient-safety crisis.Vulnerable medical devices are being recalled and equally vulnerable devices continue to be produced.

In this session, two clinicians-security researchers simulate a medical device breach, demonstrating the peril and possibilities healthcare now confronts in a world of connected, technology-dependent medicine.

Key takeaways:

  • Healthcare cybersecurity threats are now patient safety threats - with real world implications on morbidity and mortality.
  • Collaborations between clinicians and information security professionals can produce secure solutions that lead to delivery of higher quality care.
  • Healthcare delivery organizations and information security firms need to move beyond a data protection, regulatory compliance mindset and tackle this challenge from a clinical outcomes perspective.
Ramnik
Dhaliwal
Co-Founder, Inoculum
Emergency Room Physician, Colorado Permanente Medical Group
Christian
Dameff
Emergency Medicine Physician
University of California, San Diego

11:00am - 11:30am

Hacking Healthcare Live - Part 2

FDA Weighs in on Medical Device Security
America Ballroom

Following the medical device hack simulation, the speakers, joined by the FDA's Suzanne Schwartz, will share medical-device security best practices and participate in an audience Q&A.

Ramnik
Dhaliwal
Co-Founder, Inoculum
Emergency Room Physician, Colorado Permanente Medical Group
Suzanne
Schwartz
Associate Director For Science And Strategic Partnerships
Food And Drug Administration (FDA)
Christian
Dameff
Emergency Medicine Physician
University of California, San Diego

11:30am - 12:00pm
Nine Common Security and Compliance Risks and What You Can Do to Overcome Them
America Ballroom

According to the 2017 Identity Theft Resource Center (ITRC) Data Breach Report, healthcare was the second most significant contributing industry to overall data breaches with 334 breaches reported. Data breaches are crippling to any business, but are extra hard on healthcare organizations, considering the vast amount of sensitive information patients trust them with, the irreparable damage to reputation that can follow a breach, and the massive fines that can be levied by regulatory agencies.

In this session, Chris Bowen will discuss the top nine security and compliance risks that he sees time and again in his role as ClearDATA’s Chief Privacy & Security Officer and Founder, CISSP, CCSP, CIPP/US, CIPT. Leverage his experience working with hundreds of healthcare organizations to help you understand what you can do to identify and overcome them at your own organization.

Chris
Bowen
Chief Privacy & Security Officer, Founder
ClearDATA

12:00pm - 12:30pm

Office for Civil Rights

Update on HIPAA Privacy, Security, and Breach Notification Rules
America Ballroom

In this session, the OCR’s Anne-Sophie Whitaker gives a timely update on HIPAA breach violations – and shares best practices to help attendees help keep their organizations off the department’s Wall of Shame.

She’ll share trends in how and where information is being breached (email, film, laptops, etc.), review settlements, and discuss where covered entities frequently fall short in protecting PHI.

Anne-Sophie
Whitaker
Supervisory Equal Opportunity Specialist
Department of Health and Human Services, Office for Civil Rights

12:30pm - 1:20pm
Networking Lunch
America Ballroom

Take this opportunity to mingle with your peers in a relaxed setting to build relationships and establish future partnerships. Lunch sponsored by Connection.

1:20pm - 2:00pm

An Afternoon with Senior Leadership

Frictionless Security: Embracing the Era of Consumerism and Convenience
America Ballroom

In this last session of the forum, Intermountain Healthcare CISO Karl West describes the tremendous overhaul his security program has undergone over the past few years.

  • With the cloud dissolving the perimeter, he relies more on artificial intelligence than technical and physical controls to enforce policy.
  • In healthcare, security is often a hated word. West and his team are out to make security “frictionless” – painless and seamless to consumers (AKA patients) and staff, especially clinicians. This means moving to no passwords. No geolocation. No two-factor authentication.
  • His first option in mitigating risk? Use existing capabilities, not acquire more software or hardware.
  • His team’s first commandment: Understand the business and strategy and enable it.

The forum has covered a lot of ground over two days. In this final session, attendees hear how one organization has begun to put it all together and move security into the new area of consumerism and convenience.

Karl
West
AVP, Chief Information Security Officer
Intermountain Healthcare

2:00pm - 2:30pm

The HIMSS Code Red interview

Osler Health CEO Talks Security and How to Communicate with Leadership
America Ballroom

In the HIMSS Code Red podcasts, HIMSS’ Rod Piechowski interviews healthcare leaders on current issues in healthcare security. In this “live” version of the podcast, Rod interviews James Doulgeris, CEO of Osler Health, an accountable care organization with 125 primary care physicians in 27 practices at 63 locations.

The topic of conversation: How to talk security to the c-suite and other senior, non-technical leaders.

Security touches almost every piece of a healthcare organization, and Rod and James will cover such important topics as:

  • How to talk to leadership in language they understand. What works? What doesn’t?
  • What information does leadership need to make informed investments in security?
  • What can leadership do to create a culture of security?
  • What skills does the c-suite and board value most a CISO?

Rod and James will cover these topics and more, and leave plenty of time for audience questions

 

James
Doulgeris
CEO
Osler Health
Rod
Piechowski
Senior Manager, HIS
HIMSS North America

2:30pm - 3:00pm

Emergency Preparedness

Treat Security Like the Business Issue It is
America Ballroom

A group of 20 healthcare experts in the United States created the hospital incident command system (HICS) in the 1980s to help hospitals prepare for and respond to disasters. The command center provides a robust framework for handling emergencies, but it was not intended to address healthcare security issues.

Until recently.

In this session, attendees will learn how Indiana University Health modified the HICS and implemented it to better conform with the NIST Cybersecurity Framework – and how you can do the same and strengthen your security profile.

Importantly, as speaker Mitch Parker will explain, a key benefit is that this gives security teams a framework to handle cyber issues at an organizational level, rather than just information security, and better coordinate resources.

Key discussion points

  • Better understanding of HICS.
  • A review of non-technical roles that InfoSec has to work with.
  • How to leverage the HICS framework to address cyber issues.
Mitch
Parker
Executive Director, Information Security and Compliance
IU Health, Indianapolis

3:00pm - 3:40pm

Future State

Securing Sentara’s Digital Future in the Cloud
America Ballroom

The healthcare market is in transition, becoming more consumer-driven, with greater focus on wellness and precision medicine. The age of Digital Health is here. The convergence of new digital health technologies provided by non-health sector competitors is disrupting and threatening to intercept the traditional relationship between health systems and their patients.

Sentara Healthcare, which operates more than 100 sites including 12 acute care hospitals, is aggressively working to compete by becoming “A Digital Sentara”. Considered one of the most progressive and integrated healthcare organizations in the United States, Sentara is building new native mobile apps, a website and enterprise data platform. Connecting its system and patients, members and providers to new digital front-end solutions—all built in the cloud.

So you’re wondering, how do they protect all that? In this session, VP and CISO Dan Bowden will explain just that.

Dan
Bowden
Vice President & Chief Information Security Officer
Sentara Healthcare

3:40pm - 3:45pm
Closing Comments
America Ballroom

Tom
Sullivan
Editor-in-Chief of Healthcare IT News and Director of Content Development
HIMSS Media

Get Updates

Sign up to get the latest information on upcoming events.

 

Subscribe