HEALTHCARE SECURITY FORUM: A HIMSS EVENT

Schedule

1:30pm - 2:10pm

Risk Management

Pro-Active Steps to Protect Your Organization
St. George A/B

As defenders we are outnumbered five to one. What are the proactive steps and defenses that a healthcare security team can take to evaluate threats, vulnerabilities and risks and to prepare and protect payer and provider institutions from attack? 

This panel session will discuss the healthcare threat landscape, vulnerabilities, pen testing and other forms of technical vulnerability assessment, compliance, risk analysis and remediation including effective patch management and the need for compensating security controls and other risk mitigation strategies where patching is not possible.

Esmond
Kane
Deputy Chief Information Security Officer
Partners Healthcare Information Security and Privacy Office
Richard
Staynings
Cybersecurity Evangelist, SVP Chief Security & Trust Officer
HIMSS Privacy & Security Committee & Clearwater
Darren
Lacey
Chief Information Security Officer
Johns Hopkins University & Johns Hopkins Medicine

2:20pm - 3:00pm

Insider Threats

Clamping Down on Your Weakest Link
St. George A/B

If you are worried about insider threats, you should be.The Ponemon Institute reported this year that insider threats now account for 87% of all cyber incidents: 64% from privileged user negligence, 23% perpetrated by malicious insiders.

In other words, education at many organizations has failed – as have perimeter defenses, rendered ineffective against increasing sophisticated attacks.

In this session, a leading healthcare attorney draws on security research to show that to reduce insider threats, rather than rely on technology, healthcare organizations must change their mindset and focus more on people and process – and view employees as threat vectors and not innocent victims of cybercrime.

Attorney Barry Herrin discuss six “Big Decisions” organizations must make to mitigate this weakest link. These include:

  • Cutting the cord to social networking and personal email accounts.
  • Treating access as a privilege, not a right.
  • Deciding when to shift from education to punishment.

Barry will then moderate a group discussion with a healthcare risk-management leader and share best practices to help attendees shore up and button down their approach to mitigating insider threats.

Jane
Harper
Director Privacy & Security Risk Management
Henry Ford Health System
Chad
Wilson
Director, IT Security
Children's National Medical Center
Barry
Herrin
Founder
Herrin Health Law

Get Updates

Sign up to get the latest information on upcoming events.

 

Subscribe