San Francisco, CA
June 11-12, 2018


8:30am - 9:00am
Networking Breakfast & Badge Pick Up
Grand Ballroom

Breakfast will be served in the ballroom so make sure to stop by the sponsor tables.

9:00am - 9:05am
Welcome Remarks
Grand Ballroom


9:05am - 9:50am

Opening Keynote

Cybersecurity Leadership When it Matters Most
Grand Ballroom

Commander Kirk Lippold, U.S. Navy  (Ret.) was the commanding officer of the USS Cole when it came under a suicide terrorist attack by al Qaeda in the port of Aden, Yemen. During his command, Commander Lippold and his crew distinguished themselves by saving the American war ship from sinking. This event is widely recognized as one of the most brazen acts of terrorism by al Qaeda prior to September 11, 2001.

Commander Lippold is a crisis management expert and proven leader, and in this opening keynote, tailored to the needs of healthcare security professionals, he shares with attendees lessons learned while leading his crew aboard the USS Cole following the attack.

These critical steps demonstrate how any organization can detect, react to contain and then control crises, assess progress in defining a new normal, and measure successes moving forward. 

These leadership and management techniques will arm attendees with a military-grade approach to prepare for and take action when cyber terrorists strike — because it’s not a matter of if, but when.

United States Navy (Ret)

9:50am - 10:20am
You Don’t Have to Choose Between Security and Innovation
Grand Ballroom

Product Manager, Healthcare Data Governance
Google Cloud
Chief Privacy and Security Officer

10:20am - 11:05am

Roundtable Discussion

Healthcare Security Today and Tomorrow
Grand Ballroom

The threat landscape is changing and hackers have become much more dangerous and disruptive to healthcare. New and emerging attacks are more impactful because they interrupt services and communications. They can cripple an organization by taking down its infrastructure and internet connections, and, most alarmingly, this poses a major risk to patient care.

In this opening state-of-the-industry discussion, our panel of seasoned healthcare security veterans survey the threat landscape and explain what they are doing to counter hackers. They’ll also discuss their top initiatives for the coming year.

Chief Information Security Officer
University of California San Francisco Medical Center
Senior Vice President, Chief Technology Risk Officer
Kaiser Permanente
Information Security Officer
Marin General Hospital

11:05am - 11:35am
Networking Break
Grand Ballroom

Take this opportunity to mingle with your peers in a relaxed setting to build relationships and establish future partnerships. Coffee will be served in the ballroom area so make sure to stop by our sponsor tables.

11:35am - 12:00pm

HIMSS Threat Intelligence

Through the Looking Glass: What's Happening Now and in the Future
Grand Ballroom

HIMSS Director of Privacy & Security Lee Kim discusses what is happening now in healthcare and cross-sector cybersecurity.  Specifically, Lee will discuss the findings of the special edition of the HIMSS healthcare and cross-sector cybersecurity report.  Hear about fresh, open source intelligence on what is happening in healthcare and beyond.  Gain knowledge about threats, vulnerabilities, mitigation, research, and tools you can use to help your organization be more secure.

Director, Privacy & Security

12:00pm - 12:35pm

CIO Perspective

Managing Today’s Healthcare Information Explosion
Grand Ballroom

In the healthcare, cyberterrorism can appear in a variety of forms. It can bring down a hospital computer system or publicly reveal private medical records. Whatever shape it takes, the general effects are the same: patient care is compromised, and trust in the health system is diminished.

Evidence suggests that cyber threats are increasing and that much of the U.S. healthcare system is ill equipped to deal with them.

Securing cyberspace is not an easy proposition as the threats are constantly changing, but it’s critical to recognize that cyberterrorism should be part of a broader information technology risk management strategy.

In this session, Michael Archuleta, recently recognized as a Top Hospital and Health System CIO, reviews case studies and the tremendous negative effects a cyber-attack could have on a healthcare organization. It’s scary stuff, but Michael will also share his thoughts on the best practices healthcare organizations can adopt to protect themselves – and their patients – from such attacks.

Chief Information Security Officer, HIPAA & Information Security Officer
Mt. San Rafael Hospital

12:35pm - 1:00pm

Talking to the C-Suite

Building an Enterprise-Approach to Mitigating Risk
Grand Ballroom

C-suites and boards must collaborate with security leaders to build cyber resilient organizations. Yet, too often, security leaders struggle to convey clear opportunities for senior leaders to engage in the necessary enterprise-wide approach to cyber risk. The result: Security doesn’t get the resources or support it needs and security efforts remain an uphill battle.  

In this session, Advisory Board security expert Allyson Vicars shares key takeaways from deep industry research on how to have a productive conversation on security and risk with the most senior leaders in your health care organization.

Key takeaways:

  • Tips for cybersecurity conversations with C-suite executives
  • Messages for security leaders to deliver to the C-suite
  • Key areas C-suite can have an impact in security
Associate Director, Health IT Research
The Advisory Board

1:00pm - 2:00pm
Networking Lunch
Grand Ballroom

Take this opportunity to mingle with your peers in a relaxed setting to build relationships and establish future partnerships. 

2:00pm - 2:30pm

Third-Party Risk Management

Trust but Verify Must be Your Guiding Principle
Grand Ballroom

More and more breach and enforcement activities against covered entities is due to the actions or in-actions of the third parties they engage to support their operations. Poor engagement, oversight, monitoring and dis-engagement often leaves covered entities responsible for all of the risk, fees, and reputational fall out. This can affect compliance, legal agreements, patient care and even your cyber security insurance. Trust but verify needs to be the underlying foundation of your third party risk management program.

In this session, Jane Harper brings more than 18 years of risk, compliance, audit, and security experience to share with attendees best practices for managing third-party risk.

Key takeaways include:

  • When the relationship is over, you still have to protect yourself.
  • Third party risk management and your cyber security insurance: Some things you should know.
  • Some 3-, 4- & 5-letter acronyms that must be discussed before it is too late.
Director, Privacy & Security Risk Management
Henry Ford Health System

2:30pm - 3:00pm
US Healthcare and GDPR – Does it Really Matter
Grand Ballroom

WW Health Chief Information Security Officer

3:00pm - 3:30pm

How to Reduce Human Error

Think User First When Deploying Technology & Designing Policies
Grand Ballroom

Healthcare security professionals confront this question regularly: How do we safeguard data but also distribute it as widely and responsibly as possible? These two competing interests can sometimes create tension. At the Midwest Health Collaborative, a consortia of six health systems, including the Cleveland Clinic, the answer lies in a team of user-experience designers who consider workflow demands first when deploying technology and designing policies.

In this session, Michael Gold, the collaborative’s vice president of analytics and technology, describes how his team has improved adherence and HIPAA compliance by thinking user-first when implementing policies and procedures.  He’ll also share best practices that other healthcare organizations can put into practice to improve their own compliance.

As Michael will explain, and most attendees will agree, many breaches occur around human error. If improving the user experience decreases the chance of a breach, that’s a big win.

Vice President Analytics & Technology
Midwest Health Collaborative

3:30pm - 3:50pm
Networking Break
Grand Ballroom

3:50pm - 4:25pm

Focus on Resilience

Operationalzing Security: Assessing Risk and Reducing Fear
Grand Ballroom

In this session, security executives from two leading Bay Area healthcare organizations discuss the keys to creating strong resilient security programs that enable digital transformation and facilitate organizational business goals.

John Muir Health Vice President and CISO Tom August, in addition to his many years leading healthcare security teams, co-authored The CISO Handbook: a Practical Guide to Securing Your Company.  El Camino Hospital CIO Deb Muro has lead large technology implementation projects and, over the past two years, has built El Camino’s security program from the ground up.

Both Tom and Deb strongly support using risk assessments to identify, prioritize, and address vulnerabilities, and they’ll share with attendees best practices for doing just that.

Key takeaways:

  • How a risk-based approach to security eliminates the fear factor, strips away the hype, and maximizes resources and mitigation efforts.
  • Successful approaches on how to talk to senior leadership in a way that generates ongoing support.
  • Best practices for creating resilient security programs that overcome incidences quickly, protect patients and keep the business up and running.
Senior Editor
Healthcare IT News
Chief Information Officer
El Camino Hospital
Vice President and Chief Information Security Officer
John Muir Health

4:25pm - 4:55pm

The Path Forward

Risk and Responsibility in a Hyperconnected World
Grand Ballroom

McKinsey & Co. and the World Economic Forum recently undertook joint research to develop a fact-based view of cyber risks, assess their economic and strategic implications, particularly for healthcare, and lay out a path forward. Interviews with executives and data from more than 200 enterprises, technology vendors, and public agencies contributed to the report’s three main findings for enterprises:

  • Despite years of effort, and tens of billions of dollars spent annually, the global economy is still not sufficiently protected against cyberattacks—and it is getting worse.
  • Enterprise-technology executives agree on the seven practices they must put in place to improve their resilience in the face of cyberattacks; even so, most technology executives gave their institutions low scores in making the required changes.
  • Given the cross-functional, high-stakes nature of cybersecurity, it is a CEO-level issue, and progress toward cyber resiliency can only be achieved with active engagement from the senior leaders of public and private institutions.

In this end-of-the day featured presentation, Venky Anant, an associate partner and cybersecurity expert for McKinsey & Company, highlights the report’s findings, and, importantly, discusses the emerging consensus among technology executives on the seven keys to a more effective cybersecurity defense.

If you are like the nearly 80 percent of executives who said they cannot keep up with the increased sophistication of attackers, this session will provide some much needed help.

Partner, Leader, Cybersecurity Practice
McKinsey & Company

4:55pm - 5:00pm
End of Day Remarks
Grand Ballroom


5:00pm - 6:00pm
Networking Reception
Grand Ballroom

After a day of informative and incisive presentations, enjoy a drink and hors d'oeuvres in the Grand Ballroom with your fellow attendees, speakers and sponsors.

Get Updates

Sign up to get the latest information on upcoming events.