ISMG Events
  • Summits
  • Roundtables
  • Faculty
  • About ISMG Events
  • Contact us

Healthcare Security Summit: New York

June 25, 2019

Register Now

WELCOME / Summit Overview

ISMG’s Global Summit Series will take place across four continents focusing on global security topics such as fraud and breach prevention and on many key industry verticals such as finance, government, retail, energy and healthcare.

All content will be driven by our global editorial team including executive editors from publications like DataBreachtoday, BankInfoSecurity, GovInfoSecurity and HealthcareInfoSecurity. These events will provide the opportunity to learn from industry influencers, earn CPE credits, meet with leading technology providers and be a part of the ISMG community of over 700,000 subscribers.

Details

Convene Conference Center
One Liberty Plaza
New York, NY

June 25th, 2019

$595

Register Now

Registering For a Group?
Call + 1 (609)-356-1499

  • Event Gallery

Thien La

CISO, Wellmark Blue Cross Blue Shield

Dr. Suzanne Schwartz

Director, Office of Strategic Partnerships & Technology Innovation (Acting), FDA Center for Devices and Radiological Health

Jennings Aske

CISO, New York Presbyterian

Cris Ewell

CISO, UW Medicine

Marianne McGee

Managing Editor, Healthcareinfosecurity.com, ISMG

Tom Field

SVP - Editorial, ISMG

Sonia Arista

National Healthcare Practice Director, Fortinet

Mitch Parker

CISO, Indiana University Health System

SPEAKERS / Featured Speakers

Suzanne Schwartz, MD

Director, Office of Strategic Partnerships & Technology Innovation (Acting), FDA Center for Devices and Radiological Health

Thien La

CISO, Wellmark Blue Cross Blue Shield

Michael McNeil

Global Security Officer, Philips

Jennings Aske

CISO, New York-Presbyterian

Cris Ewell

CISO, UW Medicine

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity

Mitch Parker

CISO, Indiana University Health System

Tom Field

Senior Vice President, Editorial, ISMG

Chris Frenz

CISO, Interfaith Medical Center

Jigar Kadakia

CISO & CPO, Partners HealthCare

Nicholas Heesters

Senior Advisor for Cybersecurity, HHS OCR

Prashanth Mekala

Supervisory Special Agent, FBI

Howard Anderson

News Editor, ISMG

Syra Arif

Senior Advisory Security Solutions Architect, ServiceNow

Sonia Arista

National Healthcare Practice Director, Fortinet

Mark Bower

General Manager and CRO, Egress Technologies

Mike Dodson

Sr. Director Global Solution Engineering, Venafi

Jeff Livingstone

VP & Global Head, Life Sciences & Healthcare, Unisys

Amanda Rogerson

Lead Healthcare Product Manager, Duo Security

Christopher Bontempo

VP Security Marketing, IBM Security

Preston Duren

Director, Cybersecurity Operations, Fortified Health Security

Jeff Gilhool

Solutions Engineer, Lookout

Brandon Barber

Healthcare Leader, SailPoint

Asif Syed

Director of Technology Integrations, Focal Point

Call for Speakers is Now Open!

Interested in addressing ISMG’s global audience of cybersecurity, information security, fraud, risk and compliance professionals?

Click here to learn more!

Schedule / Session Times



  • Tuesday, June 25th

  • Hall A
  • Hall B
  • Hall C
  • Hall D
8:00 am -
8:30 am
8:00 am - 8:30 am

Registration, Breakfast & Exhibit Browsing

8:30 am -
8:45 am
8:30 am - 8:45 am

Opening Remarks

8:45 am -
9:20 am
8:45 am - 9:20 am

We're at War: Cyberattacks a Wake-Up Call for the Healthcare Sector

Speaker:
Prashanth Mekala, Supervisory Special Agent, FBI

The U.S. Department of Justice just indicted two alleged hackers in China in the highly sophisticated cyberattack on health insurer Anthem that exposed data on nearly 80 million Americans. Meanwhile, ransomware, business email compromises, intellectual property theft and other headline-grabbing breaches and cybercrimes in the healthcare sector are getting the attention of CEOs and boards of directors. What other difficult cybercrime cases are federal law enforcement agencies trying to crack, and how can your organization avoid becoming the next victim making headlines?

Our presenter - Prashanth Mekala, FBI, Supervisory Special Agent, New York Field Office will address:

  • Why healthcare is such an attractive target for cybercriminals, including nation state attacks;
  • Latest trends in ransomware, IP theft, and other cybercrimes hitting healthcare;
  • The main vulnerabilities in today's environment;
  • Essential elements of a successful wartime defense strategy.
9:25 am -
10:00 am
9:25 am - 10:00 am

Secure Journey to the Cloud: A Case Study

Speaker:
Thien La, CISO, Wellmark Blue Cross Blue Shield

What does it take to securely migrate nearly all your systems and data onto the cloud, phase out your own on-premises data center, and build shared cyber risk responsibility with third-parties? That's a journey under way at health insurer Wellmark. The health insurer's vice president and CISO Thien La will describe the company's migration to the cloud, including:

  • Risks and reward, pros and cons;
  • Getting buy-in from the board;
  • Unique challenges of securing PHI on the cloud;
  • What happens if there's a breach?
10:00 am -
10:10 am
10:00 am - 10:10 am

Tech Spotlight

Presented By:
Syra Arif, Senior Advisory Security Solutions Architect, ServiceNow, Security & Risk Practice

10:10 am -
10:35 am
10:10 am - 10:35 am

Exhibit & Networking Break

10:35 am -
11:05 am
10:35 am - 11:05 am Track A

Reducing Risk Now

Speaker:
Christopher Bontempo, VP Security Marketing, IBM Security

Health organizations face a wide range of new cyber security threats like crypto-jacking and IoT vulnerabilities while still facing the heavy load of compliance and basic security blocking and tackling. Security requires an end to end framework based approach to manage well against a constantly evolving threat environment - but where should you start to get your biggest immediate reductions in risk? Join us for this session to hear lessons derived from IBM Security clients on where to start and where to go next..

10:35 am - 11:05 am Track B

SSH Keys: Security Asset or Liability for Health Care?

Speaker:
Mike Dodson, Sr. Director Global Solution Engineering, Venafi

With the extensive network systems found in the health care industry, SSH keys are widely used to provide privileged administrative access and to secure machine-to-machine automation for important business functions. However, SSH keys are routinely untracked, unmanaged and unmonitored. This lack of visibility and control can create HIPAA violations by not adequately restricting access to Electronic Protected Health Information (ePHI). If SSH keys are not surely managed, the organization does not know who has access.

Only eight percent of heath care companies have accurate SSH key inventories. In addition, nearly half allow all or most of their administrators to manage SSH keys for the systems they control, resulting in an ad hoc process using inconsistent security practices. With no expiration and a lack of life cycle management, health care organizations can wind up with millions of SSH keys and a broad attack surface for insider threats and cybercriminals.

In this session, we'll examine SSH study results that reveal widespread lack of security controls for SSH keys in the health care industry. We'll discuss the common mistakes that almost all health care organizations make around security, policy, and auditing practices when managing SSH keys. We'll note the SSH key risks that are not addressed by IAM/PAM solutions and why they are probably some of the biggest risks in your network. The session will conclude with a 4-step approach to protecting SSH keys in health care networks.

11:10 am -
11:40 am
11:10 am - 11:40 am Track A

Zero-Trust Approach for Healthcare

Speaker:
Amanda Rogerson, Lead Healthcare Product Manager, Duo Security

Healthcare records remain one of the "holy grail" personally identifiable information (PII) data types for criminals. With patient data being more valuable to attackers than ever, alongside stricter HIPAA and HITECH compliance requirements and an ever-growing device inventory to manage, IT teams modernization projects must account for these risks in their strategic planning. To mitigate the risks being faced efficiently, healthcare organizations need to adopt a 'zero-trust' security approach and start viewing every threat surface, access point, identity, and login attempt as the new security perimeter.

By deploying solutions that can verify users and establish device trust while protecting every application (both cloud and legacy), healthcare organizations can quickly and effectively reduce their threat surface and meet compliance requirements.

11:10 am - 11:40 am Track B

Preventing the Insider Threat: Protecting Your Patient and Clinical Data While Managing Risk

Speaker:
Mark Bower, General Manager and CRO, Egress Technologies

Insider threat and email attack risks are a major issue in the health industry, 95% of IT executives have identified insider threats as a top concern in last 12 months, 79% think employees have put data at risk accidentally and 61% say employees have done so maliciously.

In this session will look at how organisations can use new analytic-driven machine learning to detect malicious human data handling risks and reduce human-error HIPAA violations. We will examine the types of insider threats leading to data exposure by distinguishing between malicious versus accidental breaches, highlight how adopting a risk-based approach to secure content and data sharing is vital for contemporary data protection. We will show through new techniques, how healthcare entities can protect employees from risky behavior and secure patient data without traditional friction that can impact adoption or interrupt care. Discover how companies like Epiphany Healthcare have streamlined the capture and use of clinical research data from over 900 hospitals, and how Raleigh Neurology ensures children's mental health privacy throughout high touch, high risk data workflows.

11:45 am -
12:15 pm
11:45 am - 12:15 pm

Secure Health Information Exchange

Speakers:
Cris Ewell, CISO, UW Medicine
Mitch Parker, CISO, Indiana University Health System

The federal government says it will scrutinize healthcare providers and health IT vendors that participate in so-called "information blocking." But what are the top technical challenges and other barriers in ensuring that health information is being appropriately, legally and securely shared with clinicians, patients and potentially industry competitors?

Our panel, including Cris Ewell, CISO at UW Medicine; Mitch Parker, CISO at Indiana University Health System; Sean Murphy, former CISO Premera Blue Cross Blue Shield and current CISO at Boeing Employees Credit Union - will share their suggestions and experiences, including:

  • Most secure ways for sharing patient data;
  • Pros and cons for utilizing health information exchange organizations, EHRs and patient portals to exchange data
  • Other methods of exchange, including direct secure messaging and blockchain
12:20 pm -
12:50 pm
12:20 pm - 12:50 pm

HHS OCR Breach Trends and Compliance Regulatory Update

Speakers:
Chris Frenz, CISO, Interfaith Medical Center
Nicholas Heesters, Senior Advisor for Cybersecurity, HHS OCR
Sonia Arista, National Healthcare Practice Director, Fortinet

In this session, HHS OCR provides an update on its latest HIPAA compliance and regulatory efforts - including possible modifications to the HIPAA rules. Then a panel of experts discusses:

  • Latest health data breach trends, including soaring hacker incidents;
  • The evolving regulatory climate and its impact on health data cyber efforts;
  • Does HIPAA need to be modified?
12:50 pm -
1:30 pm
12:50 pm - 1:30 pm

Lunch

1:30 pm -
2:10 pm
1:30 pm - 2:10 pm

Medical Device Cybersecurity: Addressing the Challenges

Speakers:
Chris Frenz, CISO, Interfaith Medical Center
Jennings Aske, CISO, New York-Presbyterian
Michael McNeil, Global Security Officer, Philips
Suzanne Schwartz, MD, Director, Office of Strategic Partnerships & Technology Innovation (Acting), FDA Center for Devices and Radiological Health

Suzanne Schwartz, MD, Associate Director for Science and Strategic Partnerships, at the Food and Drug Administration's Center for Devices and Radiological Health, will provide an update on FDA's medical device cyber efforts. That includes the status of a draft update to the cybersecurity guidance for premarket devices. Then, a panel of experts will discuss progress underway, including:

  • Jennings Aske, New York Presbyterian CISO, who is on working with others in the industry on an effort around a software bill of materials for medical devices;
  • Michael McNeil, global security officer at Philips, who will offer a device maker's cyber perspective;
  • Chris Frenz, Interfaith Medical Center CISO who will discuss the zero-trust approach that his organization is taking in securing its medical devices.
2:15 pm -
2:45 pm
2:15 pm - 2:45 pm Track A

Less is more: Leveraging Cloud Email Platforms Without Risk

Speaker:
Mounil Patel, Field CTO, Mimecast

More cloud? Definitely more goals. Healthcare technology leaders are in a constant struggle to do more with fewer resources. Is the organization's security strategy the root of the problem or an enabling factor to ensure patient safety while improving the quality of healthcare delivery? Come learn how to control the risk of leveraging cloud email platforms while reducing the complexity of infrastructure and management overhead.

2:15 pm - 2:45 pm Track B

Increasing Your Cybersecurity Posture: Value of Partnering with a Healthcare Exclusive MSSP

Speaker:
Preston Duren, Director, Cybersecurity Operations, Fortified Health Security

Many healthcare organizations today are hiring managed security service providers (MSSP) to manage specific security initiatives, or in some cases, outsourcing their entire security program. This approach is especially beneficial to those that have limited IT resources, lack internal security expertise, struggle to hire security talent, or simply need to implement a security program faster than they could in-house. But hiring an MSSP without the specific healthcare experience can pose just as much risk as cyber threats and attacks. Preston Duren, Director of Cybersecurity Operations at Fortified Health Security will discuss best practices for IT leaders to use when evaluating MSSPs and the importance of choosing the right partner. Topics include:

  • Understanding the nuances of securing a healthcare environment;
  • Key skills, certifications, and experience necessary for an effective healthcare MSSP;
  • Real-life examples of damage and disruption that can be caused by an inexperienced cybersecurity team.
2:45 pm -
2:55 pm
2:45 pm - 2:55 pm

Tech Spotlight

Presented by:
Chris Hickman, CSO, Keyfactor

2:55 pm -
3:05 pm
2:55 pm - 3:05 pm

Tech Spotlight

Presented By:
Ordr

3:05 pm -
3:30 pm
3:05 pm - 3:30 pm

Exhibit & Networking Break

3:30 pm -
4:00 pm
3:30 pm - 4:00 pm

Identity and Access Management - So Many Breaches and So Many Stolen Identities

Speakers:
Cris Ewell, CISO, UW Medicine
Jigar Kadakia, CISO & CPO, Partners HealthCare

What approaches are healthcare entities taking with their credentialing and IAM to better verify and manage the identities of patients, clinicians, researchers, vendors and others who want or need access to health and other critical data? Our panelists Cris Ewell, CISO at UW Medicine and Jigar Kadakia, CISO and chief privacy officer at Partners HealthCare discuss:

  • Challenges and approaches to IAM;
  • Why role-based EHR access is such a thorny issue;
  • Privileged access dilemmas
4:00 pm -
4:10 pm
4:00 pm - 4:10 pm

Tech Spotlight

Presented by:
Jeff Gilhool, Solutions Engineer, Lookout

4:10 pm -
4:40 pm
4:10 pm - 4:40 pm

Why is Detection So Hard?

Speakers:
Jennings Aske, CISO, New York-Presbyterian
Mitch Parker, CISO, Indiana University Health System

How do you find a needle in a haystack - whether it's a malicious insider or clues that a massive or devastating cyberattack could be underway? Our panel - including Mitch Parker, CISO at Indiana University Health System; and Jennings Aske, CISO NY Presbyterian - will discuss:

  • Challenges and approaches to breach, incident detection;
  • Getting the most out of behavioral analytics and other tools;
  • Promising developments and technologies in detection.
4:45 pm -
5:15 pm
4:45 pm - 5:15 pm

The Next Threats

Speakers:
Chris Frenz, CISO, Interfaith Medical Center
Jigar Kadakia, CISO & CPO, Partners HealthCare
Michael McNeil, Global Security Officer, Philips

What are the new data security, patient safety and privacy worries evolving with each new cyberattack on the healthcare sector? Our panel of experts - Jigar Kadakia, CISO of Partners HealthCare; Michael McNeil, global security officer at Philips; and Chris Frenz, CISO Interfaith Medical Center - will discuss what keeps them up at night, including:

  • Ransomware and other cyber extortion;
  • Threats impacting data integrity of medical devices;
  • Careless vendors and immature business associates;
  • What healthcare entities can do to stay ahead of these threats?
5:15 pm -
5:30 pm
5:15 pm - 5:30 pm

Closing Remarks

5:30 pm -
6:30 pm
5:30 pm - 6:30 pm

Cocktails & Networking

View Schedule

SPONSORS / Supporting Organizations

IBM
DUO Security
Tenable
Fortified Health Security
Informatica
CrowdStrike
Egress
Fortinet
ServiceNow
Venafi
Netskope
CyberMDX
Mimecast
Sailpoint
Unisys
Ordr
Keyfactor
Okta
Lookout
Cylera

Meet Our Speakers

What’s Wrong With Relying on HIPAA Compliance?

CISO Jennings Aske on the Need to Use a Comprehensive Framework

Asking Cloud Providers the Right Questions

Eric Chiu of HyTrust on Scrutinizing Vendors

Breach Investigations: Switching Sides

Former FBI Agent Jay Kramer on His New Legal Role in the Private Sector

Data Security Lessons Healthcare Can Learn From DoD

Dave Summitt Describes Applying Defense Department Strategies to Health Data Protection

Step One: Admitting We Have a Cybersecurity Problem

Reitinger of Global Cyber Alliance on Tackling Risk Management

How the Dark Web Presents New Insider Threats

Carnegie Mellon's Michael Theis Offers Update on Latest Trends

LOCATION / Venue & Address

Convene Conference Center
1 Liberty Plaza
New York, NY

A Room Block is available at the New York Marriott Downtown for $309/night + taxes for June 23 – 25, 2019. Block will close Friday, June 7, 2019 or when room block reaches capacity. Room Block reservations can be made directly with Marriott Reservations by calling (877) 303-0104. When making the reservation, mention that you are part of the Information Security Media Group room block.

New York Marriott Downtown
85 West Street at Albany Street
New York, NY 10006

Hotel Reservations

Register Today

To earn CPE credits, hear from industry influencers, join ISMG’s global community and meet with leaders of technology register today.

Register Now

Registering For a Group?
Call + 1 (609)-356-1499  or email at events@ismg.io

Contact Us

Reach us: Reserve your attendance today to ensure you don’t miss the opportunity to meet, network and learn from the foremost experts in information security and risk management in this interactive environment.

+1 (609) 356-1499
events@ismg.io

Join the Community

Subscribe to get the latest happenings on our Roundtables, Summits, and other Events!

    • BankInfoSecurity
    • CUInfoSecurity
    • GovInfoSecurity
    • HealthcareInfoSecurity
    • InfoRiskToday
    • CareersInfoSecurity
    • DataBreachToday
    • CyberEd
    Home | Summits | Press Releases | Sponsorship
    © 2021 Information Security Media Group, Corp. |
    Privacy & GDPR Statement | CCPA: Do Not Sell My Personal Data