HEALTHCARE SECURITY FORUM: A HIMSS EVENT
Boston, MA, Oct. 15-16, 2018
Breakfast will be served in the ballroom, be sure to stop by the sponsor tables.
As first woman to serve as White House chief information officer, and named #4 on IFSEC Global’s list of the world’s Top 50 cybersecurity influencers, Theresa Payton is one of America’s most respected authorities on Internet security, data breaches and fraud mitigation. With real-world strategies and solutions, she helps public and private sector organizations protect their most valuable resources.
Drawing from her experience as a veteran cybercrime fighter and entrepreneur of her successful and rapidly-growing cybersecurity firm, Fortalice, Theresa masterfully blends memorable anecdotes with cutting-edge insights to heighten awareness of the perils of our uber-connected world. As she delves into the cyber-underworld and the new kinds of threats that can lead to tomorrow’s breaches and insider risks, she offers a proven blueprint for audiences to stay ahead with practical steps for thinking like the adversary, while managing cybersecurity risk.
Theresa’s distinct approachability, combined with her visionary perspective and easy-to-implement strategies, effectively prepare audiences for success in the ongoing battle against cybercrime.
At all HIMSS events, we strive to secure the best speakers and deliver the most valuable information possible, but in this short session at the start of the forum, we want to hear from you.
Take a few minutes and introduce yourself to fellow attendees at your table, and share why you are attending the forum. This will help facilitate networking and, we hope, create a sense of community and collaboration that will continue throughout the forum. We’ll also then hear from some attendees and speakers and learn what they want to takeaway from the forum.
If you think of healthcare security as a three-act play, we are now well into the second act, and orgs that have not kept up (and there are many), face more danger than they likely imagine.
Key second act themes:
The list goes on.
In this session, our expert speakers will discuss these and other key features of healthcare security’s second act. Importantly, they’ll provide guidance to help organizations stuck in the first act move to the second act and create a more resilient security posture.
As for the third act, they’ll have some thoughts on that, too.
Take this opportunity to mingle with your peers in a relaxed setting to build relationships and establish future partnerships. Coffee will be served in the ballroom area so make sure to stop by our sponsor tables. Networking breaks sponsored by eSentire, Everbridge, Fortinet, Sayers, and Sirius Healthcare.
Incident Response is a critical component of the security practice in all organizations, as it enables them to be prepared for the unknown as well as the known and is a reliable method for identifying a security incident immediately when it occurs. Incident response allows an organization to establish a series of best practices to stop an intrusion before it causes damage. How can each industry prepare their own IRP that supports the [1] Identification of positive security incidents, [2] Containment and limiting the damage of the incident and isolating affected systems to prevent further damage, [3] Eradication of the root cause of the incident, and [4] Recovery of affected systems back into the production environment, ensuring no threat remains. This is significant for such a heavily regulated industry such as healthcare.
Imagine that hackers hit your organization with ransomware and gain full access to your system. Are you prepared to respond quickly and effectively to maintain business continuity and protect patient safety? Or will you go down like the Titanic?
In this tabletop exercise, seasoned business continuity experts set the stage, alerting the “healthcare facility” that it has been hit by ransomware. Then over the next 40 minutes they’ll take attendees on a simulated exercise, outlining the critical steps required to respond successfully to the attack and maintain or restore business continuity as fast as possible.
As the speakers will make clear: Disaster planning is the difference between having the essential tools at your fingertips or not.
Key discussion points
Healthcare institutions and technology vendors provide vital services. Unfortunately, there has been a significant increase in cybersecurity attacks on some of these organizations which has on occasion disrupted their ability to provide their critical services. In addition, millions of patients were affected by healthcare data breaches in 2017. Healthcare data breaches can have a significant lasting impact on the affected individuals. In this session, we will discuss how Google Cloud (including Chrome, G Suite, and GCP) provides a secure platform for healthcare institutions and the steps that we take to make sure we go above and beyond compliance requirements for handling healthcare data.
Take this opportunity to mingle with your peers in a relaxed setting to build relationships and establish future partnerships.
When it comes to security, most organizations still focus on prevention and take a set-it-and-forget-it mentality. Prevention is ideal, but it's inherently flawed and will fail. Remember, it’s not if but when you’ll be breached.
To respond quickly and contain attacks, you need the people, processes, and technology in place to detect and stay one-step ahead of hackers.
On solution, automated continuous security monitoring, can be a life-saver, providing real-time visibility across your organization’s network.
In this session, our expert speakers will discuss the role continuous security monitoring plays in a healthcare security strategy. They’ll also review and help attendees prioritize other threat detection capabilities necessary to identify and squelch the inevitable attacks yet to come.
As defenders we are outnumbered five to one. What are the proactive steps and defenses that a healthcare security team can take to evaluate threats, vulnerabilities and risks and to prepare and protect payer and provider institutions from attack?
This panel session will discuss the healthcare threat landscape, vulnerabilities, pen testing and other forms of technical vulnerability assessment, compliance, risk analysis and remediation including effective patch management and the need for compensating security controls and other risk mitigation strategies where patching is not possible.
Healthcare security professionals all too often explain risks in gobbledygook that senior, non-technical leaders don’t understand – and then wonder why their initiatives go under-funded!
In this presentation, Shakira Brown, an award-winning branding and communications strategist, will help healthcare security leaders avoid this communication breakdown.
Shakira will share tried-and-true communication tactics that connect your organization’s business goals to the negative impact of a potential breach and related down time.
Most importantly, participants will learn a conversational communications approach that encourages trust with senior leaders. This in turn will create a better understanding of the business case for security initiatives and help cultivate champions among senior leaders – champions critical to achieving your goals and protecting your organization.
The changing world of cyberspace can make information security management feel like navigating travel to a distant planet. It can be daunting. Fortunately, the NIST Cybersecurity Framework is a cost-effective, easy to understand guide to help healthcare organizations better manage and reduce cyber risk.
In this session, speakers use the framework to guide a discussion on how healthcare security has evolved from prevention to response. Attendees will learn how security standards like the NIST CSF can be applied to respond and recover from attacks of all shapes and sizes.
Key discussion points
If you are worried about insider threats, you should be.The Ponemon Institute reported this year that insider threats now account for 87% of all cyber incidents: 64% from privileged user negligence, 23% perpetrated by malicious insiders.
In other words, education at many organizations has failed – as have perimeter defenses, rendered ineffective against increasing sophisticated attacks.
In this session, a leading healthcare attorney draws on security research to show that to reduce insider threats, rather than rely on technology, healthcare organizations must change their mindset and focus more on people and process – and view employees as threat vectors and not innocent victims of cybercrime.
Attorney Barry Herrin discuss six “Big Decisions” organizations must make to mitigate this weakest link. These include:
Barry will then moderate a group discussion with a healthcare risk-management leader and share best practices to help attendees shore up and button down their approach to mitigating insider threats.
We build devices, systems, and applications for real people. Yet, in the world of cybersecurity, most regard humans as the weakest link in the chain. The notion of strong cybersecurity often equates to poor user experience and disregard for the humans who use the technology and data. This approach can weaken your organization’s security profile, generating workarounds or outright indifference.
To be most effective, security must be convenient and user-friendly.
In this session, attendees will learn how to apply human-centered design principles to an organization’s cybersecurity strategy. As our expert speakers will show, this approach improves the user experience and everyone’s security behavior.
Key takeaways:
Take this opportunity to mingle with your peers in a relaxed setting to build relationships and establish future partnerships. Coffee will be served in the ballroom area so make sure to stop by our sponsor tables. Networking breaks sponsored by eSentire, Everbridge, Fortinet, Sayers, and Sirius Healthcare.
Welcome to the Think Tank!
This highly interactive and fun session leverages the audiences’ collective experience to drive greater value and takeaways. It works like this: For the first 10 minutes, each table discusses individual roadblocks and challenges with 3rd party risk management. Then a designated attendee from each table takes the floor microphone and asks our panel of experts a key question from the table discussion. The goal here is to cater to specific interests of attendees to provide the most pertinent and valuable information possible.
More and more, breach and enforcement activities against covered entities result from the actions or in-actions of third party partners. Poor engagement, oversight, monitoring and dis-engagement often leaves covered entities responsible for all of the risk, fees, and reputational fall out.
In this session, get your questions answered and learn best practices to mitigate 3rd party risk.
Cybersecurity does not generate revenue, and this makes it difficult to assess how much money to allocate to a cybersecurity budget or predict the economic impact of a successful cyberattack or major breach.
But not impossible.
In this session, Partners HealthCare CISO Jigar Kadakia explains that while there is no exact science to how much money should be allocated to a security budget, it relates directly to: 1. Assessing your risk tolerance; and 2. Quantifying ROI – cost of solution versus potential cost of a breach.
Learning objectives
Phishing poses a major threat to your organization, and this interactive session will test your knowledge and provide best practices for mitigating these increasingly sophisticated attacks.
Here’s how it works: Our moderator will ask multiple-choice questions based on recently released public-private research on phishing. Attendees will answer via our real-time polling app. Finally, our panel of experts will address the questions and discuss the correct answers more in-depth.
Some sample questions:
As this session will prove, learning can be fun, and the information shared will strengthen your organization’s phishing defense.
After a day of informative and incisive presentations, enjoy a drink and hors d'oeuvres in the Grand Ballroom with your fellow attendees, speakers and sponsors. Networking reception sponsored by ClearDATA and IBM.