ISMG Events
  • Summits
  • Roundtables
  • Faculty
  • About ISMG Events
  • Contact us

Healthcare Security Summit: New York City

November 14-15, 2017

View Sessions

Speaker

Phil Reitinger, CEO of the Global Cyber Alliance

SUMMARY / Healthcare

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity

Our Healthcare Security summit will spotlight the critical cybersecurity challenges facing healthcare sector organization.  Explore why a focus on compliance-driven security risk programs can put entities at a great disadvantage in dealing with these challenges – and what’s needed to implement a more war-minded approach to battle the evolving threat landscape. Learn from our stellar lineup of industry influencers how you can strengthen your defenses against ransomware and other forms of cyber-extortion; improve your organization’s ID access management policies; bolster breach prevention, detection, response; and address the increasing security risks posed by medical devices, among other issues. We have intentionally designed our sessions to address the needs of CISOs, fraud and risk teams, security and IT professionals, and many others by providing hands-on tools and real-world problems and solutions that attendees can take back to their organizations long after the our two-day summit end.

Details

Westin Times Square

November 14th & 15th, 2017

$795

View Sessions

Registering For a Group?
Call + 1 (609)-356-1499

  • Event Gallery

Mitch Parker

CISO, Indiana University Health System

Joan Goodchild

Director of Multimedia Content, ISMG

Howard Anderson

News Editor, ISMG

Richard Jacobs

Assistant Special Agent in Charge, Cyber Branch, FBI New York Division

Tracy Kitten

Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Phil Reitinger

President & CEO, Global Cyber Alliance; former Deputy Undersecretary for Cybersecurity, Department of Homeland Security; former CISO, Sony

Jennings Aske

CISO, New York Presbyterian

Jay Kramer

former Supervisory Special Agent, Cyber Division, Federal Bureau of Investigation

SPEAKERS / Featured Speakers For Our NYC Healthcare Summit

Jim Routh

Chief Information Security Officer, Aetna

Vikrant Arora

CISO, Hospital for Special Surgery

Jennings Aske

CISO, New York-Presbyterian

Iliana Peters

Shareholder, Healthcare Security, Polsinelli

Anahi Santiago

CISO, Christiana Care Health System

Suzanne Schwartz, MD

Director, Office of Strategic Partnerships & Technology Innovation (Acting), FDA Center for Devices and Radiological Health

Steve Chabinsky

Global Chair of Data, Privacy and Cybersecurity, White & Case

Philip Reitinger

President & CEO, Global Cyber Alliance; former Deputy Undersecretary for Cybersecurity, Department of Homeland Security; former CISO, Sony

Dale Nordenberg, MD

Executive Director, Medical Device Innovation, Safety and Security Consortium

Mitch Parker

CISO, Indiana University Health System

Tom Field

Senior Vice President, Editorial, ISMG

Jack Lewin, MD

Founder and Principal, Lewin and Associates LLC; Chairman, National Coalition on Health Care

Richard Conti

Information Security Specialist, The Children's Hospital of Philadelphia

Mark Eggleston

VP, CISO and CPO, Health Partners Plans

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity

Richard T. Jacobs

Assistant Special Agent in Charge, Cyber Branch, FBI NY

Jay Kramer

Partner, Data Privacy and Cyber Security Practice Group, Lewis Brisbois Bisgaard & Smith; former Supervisory Special Agent, FBI - NY Cyber Division

Michael Theis

Chief Counterintelligence Expert, Carnegie Mellon University CERT Insider Threat Center

Randy Vanderhoof

Director, US Payments Forum

Joshua Corman

Chief Security Officer at PTC and Fellow at the Atlantic Council

Kirk Nahra

Privacy Attorney, Wiley Rein

Lisa Sotto

Managing Partner, Chair of Global Privacy and Cybersecurity Practice, Hunton & Williams

Jason Taule

Chief Security Officer/Chief Privacy Officer, FEi Systems

Steven Teppler

Attorney; Bitcoin/Blockchain Expert, Mandelbaum Salsburg P.C.

Brad Antoniewicz

Security Researcher, Cisco

Rohyt Belani

Co-Founder and CEO, PhishMe

Carolyn Crandall

Chief Deception Officer, Attivo

Sam Elliott

Director of Security Product Management, Bomgar

Gleb Evfarestov

Solutions Engineer, BitGlass

Mike Fowler

Vice President, Professional Services, DF Labs

Ted Gary

Senior Product Marketing Manager for Security Frameworks, Tenable

Andy Givens

Regional Director, Engineering, CyberArk

Sam Kassoumeh

COO and Co-Founder, SecurityScorecard

Eric Rydberg

National Account Sales Engineer, Sophos

Ariel Shuper

Cloud and Network Security Product Manager, Check Point

Justin Fier

Director of Cyber Intelligence and Analytics, Darktrace

Nathaniel Gleicher

Head of Cybersecurity Policy, Facebook; formerly Director for Cybersecurity Policy, National Security Council at the White House

Paul Bowen

Principal Security Technologist, Arbor Networks

David Houlding

Principal Healthcare Program Manager, Microsoft

Dave Summitt

CISO, H. Lee Moffitt Cancer Center and Research Institute

Dave Nathans

Product Security, Siemens Healthcare

Meet Our Speakers

What’s Wrong With Relying on HIPAA Compliance?

CISO Jennings Aske on the Need to Use a Comprehensive Framework

Asking Cloud Providers the Right Questions

Eric Chiu of HyTrust on Scrutinizing Vendors

Breach Investigations: Switching Sides

Former FBI Agent Jay Kramer on His New Legal Role in the Private Sector

Data Security Lessons Healthcare Can Learn From DoD

Dave Summitt Describes Applying Defense Department Strategies to Health Data Protection

Step One: Admitting We Have a Cybersecurity Problem

Reitinger of Global Cyber Alliance on Tackling Risk Management

How the Dark Web Presents New Insider Threats

Carnegie Mellon's Michael Theis Offers Update on Latest Trends

Schedule / Session Date & Times



  • Tuesday, November 14th

  • Wednesday, November 15th

  • Hall A
  • Hall B
  • Hall C
  • Hall D
8:00 am -
8:45 am
8:00 am - 8:45 am

Registration, Breakfast & Exhibit Browsing

8:45 am -
9:00 am
8:45 am - 9:00 am

Opening Remarks

9:00 am -
9:45 am
9:00 am - 9:45 am

Threat Hunting, From a Model-Driven Cybersecurity Approach

Speaker:
Jim Routh, Chief Information Security Officer, Aetna

Four years ago, Aetna Global Security hired a chief data scientist for security - a former NSA data scientist who did an outstanding job building over 100 models and a big data infrastructure dedicated to security. The purpose of hiring this data scientist: to take multiple sources of log files from newly deployed controls and determine how best to allocate scarce resources for threat hunting. Soon, while the project was underway, six other implementations of machine learning-driven point solutions catapulted Aetna Global Security into a model-driven security deployment using data analytics. In this session, Jim Routh, CISO at Aetna, discusses what his organization learned from this experience, the implications for security talent management and information sharing going forward, as well as the company's planned move away from passwords to continuous behavioral authentication.

9:55 am -
10:25 am
9:55 am - 10:25 am Breach Track

Securing the Privileged Pathway - The Most Traveled Cyberattack Route

Speaker:
Andy Givens, Regional Director, Engineering, CyberArk

Privileged accounts have been at the center of many recent high-profile attacks. Moreover, attackers are leveraging privileged credentials as their entry point to high-value systems within the network. This session explains how hackers who successfully exploit these credentials are able to gain a privileged foothold, allowing them unfettered access to elevate privileges and move about the network freely without detection. With a solid understanding of this well-used method of attack, attendees will learn how to properly secure and manage these powerful credentials. During this session, CyberArk discusses attack trends and what security leaders are doing to protect their organizations from these advanced attacks and walks through a typical attack that uses privileged accounts, showing how passwords can be exploited to break down the front door.

9:55 am - 10:25 am Clinical/Business Track

Six Steps to Secure Access for Privileged Insiders and Vendors

Speaker:
Sam Elliott, Director of Security Product Management, Bomgar

Many organizations trying to secure privileged access for employees or vendors focus solely on the privileged credentials or identities. But that's only half the battle. Securing the access pathways is just as critical to protecting your critical systems and data from cyber threats. This session outlines the six steps companies need to take to secure privileged access while simultaneously improving business productivity.

10:25 am -
10:40 am
10:25 am - 10:40 am

Exhibit & Networking Break

10:40 am -
11:10 am
10:40 am - 11:10 am Breach Track

Healing From "Ransomwaricis" - Immunizing Connected Medical Devices

Speaker:
Ariel Shuper, Cloud and Network Security Product Manager, Check Point

Ransomware attacks against healthcare organizations threaten vulnerable systems that are part of a larger ecosystem. The fast propagation of ransomware attacks creates significant damage spanning beyond the infected systems, often resulting in the shutting down of healthcare operations. While cybersecurity ecosystems manage to minimize the risk of additional ransomware attacks against the IT systems, the future of IoT and connected medical devices poses significant potential for a new attack surface that isn't covered with current tools and systems. This session examines ransomware attacks, the potential for new and connected medical devices to be affected by these attacks and steps that can be taken to prevent these attacks from occurring.

10:40 am - 11:10 am Clinical/Business Track

Effectively Gauging Security, Compliance and Risk Management

Speaker:
Sam Kassoumeh, COO and Co-Founder, SecurityScorecard

How can organizations adequately assess their risks, exposure and compliance? During this session, Sam Kassoumeh of Security Scorecard walks through how businesses of any size can effectively identify and classify their risks and compare how their current cybersecurity solutions are measuring up.

10:40 am - 11:10 am Technology Track

Global Attack Campaign Innovation: Fastest Mean Time to Pay

Speaker:
Paul Bowen, Principal Security Technologist, Arbor Networks

The attack landscape has fundamentally changed; the threat today is human-orchestrated campaigns against specific targets. These attackers are more skillful; they use any combination of overwhelming force or carefully crafted entry points to disguise their tracks until it's too late. Defenders must fundamentally change their approaches to protect themselves. In this session, Paul Bowen of Arbor Networks addresses how organizations can improve their "people" skills to ensure their endpoints are secure.

11:20 am -
11:50 am
11:20 am - 11:50 am

How the NIST Framework Can Be Used to Assist, But Not Ensure, Cybersecurity and Compliance

Speaker:
Iliana Peters, Shareholder, Healthcare Security, Polsinelli

The healthcare industry is at an information security crossroads, ill-prepared for the cyberattacks increasingly targeting it. This session reviews how the focus on security regulatory compliance has hindered the sectors' ability to prevent, detect and respond to the current cyberthreat landscape. It also reviews how the healthcare industry must embrace security frameworks, such as the NIST Common Security Framework and ISO 27001, along with practices used by other industry verticals to address cyberthreats, thereby facilitating regulatory compliance.

11:50 am -
12:35 pm
11:50 am - 12:35 pm

Speed Networking with Presenters and Peers

One of the most valuable ways to learn is through interaction with your peers. Our “Speed Networking” session will provide an opportunity to meet practitioners who have similar challenges in the areas of fraud and breach prevention, and discuss solutions to potential obstacles. Mingle, share and learn in this unique, rapid-fire and interactive environment.

12:35 pm -
1:25 pm
12:35 pm - 1:25 pm

Lunch

1:25 pm -
2:05 pm
1:25 pm - 2:05 pm

The Evolving Regulatory Environment and Its Impact on Privacy and Security of Online Medical Records

Speakers:
Anahi Santiago, CISO, Christiana Care Health System
Iliana Peters, Shareholder, Healthcare Security, Polsinelli
Marianne Kolbasuk McGee, Executive Editor, HealthcareInfoSecurity
Mitch Parker, CISO, Indiana University Health System
Vikrant Arora, CISO, Hospital for Special Surgery

Data protection legislation and regulatory enforcement actions are rapidly changing throughout the world, having an immediate impact on how organizations globally approach cybersecurity, privacy, breach notification and data storage and protection. Too frequently, however, U.S. healthcare organizations have built their security programs by focusing on the compliance requirements of only the HIPAA security, privacy and breach notification rules. But is that preoccupation with HIPAA compliance leaving the healthcare sector even more vulnerable? This panel reviews how online medical records are impacting privacy and regulation and are setting the tone for other emerging data-protection regulations.

2:10 pm -
2:45 pm
2:10 pm - 2:45 pm

Insider Threat Detection: Lessons From the Trenches Based on Real Insider Cases

Speaker:
Michael Theis, Chief Counterintelligence Expert, Carnegie Mellon University CERT Insider Threat Center

This session shares the empirical findings of the CERT Insider Threat Center's more than 15 years of research into both malicious and unintentional insider threats. The presentation shows how the insider threat is pervasive in all sectors, both private and public, and how most organizations have been forced to deal with these threats. CERT also shares what types of threats are most likely to occur (intellectual property theft, fraud, IT sabotage, industrial espionage, etc.) and which trusted insiders are most likely to be engaged in these attacks. This session explores mitigation strategies and includes references to numerous free resources that can aid organizations in the detection and prevention of, and response to, insider threat attacks.

2:55 pm -
3:25 pm
2:55 pm - 3:25 pm Breach Track

Do Prairie Dogs Hold the Key to Fighting Ransomware?

Speaker:
Rohyt Belani, Co-Founder and CEO, PhishMe

Even prairie dogs can recognize and report potential threats and attacks. So why, after years and billions of dollars, do people still struggle with this basic concept? In this presentation, PhishMe's CEO explores how to harness the common detection techniques used by these critters and lessons we can all learn from prairie dogs in the domain of cybersecurity. This session reviews cases of real attacks that bypassed silver-bullet, next-generation technologies but were recognized, reported and responded to quickly and successfully by conditioned humans, thus saving their organizations from being victims of ransomware and data theft.

2:55 pm - 3:25 pm Clinical/Business Track

Getting to Yes: Secure Office 365 and Cloud Enablement

Speaker:
Gleb Evfarestov, Solutions Engineer, BitGlass

What do a Fortune 100 pharmaceutical company, one of the largest hospital systems in the U.S. and a bank with several trillion in assets have in common? All three have successfully used CASBs to mitigate security and compliance risk while enabling the public cloud applications their businesses need - apps such as Office 365, AWS and Salesforce. This session offers actionable advice that you can immediately bring to your organization.

2:55 pm - 3:25 pm Technology Track

The Art of Deception for Advanced Threat Detection in Healthcare Organizations

Speaker:
Carolyn Crandall, Chief Deception Officer, Attivo

Healthcare providers have improved patient care, enhanced safety and increased PHI protection by adopting deception technology. Hear why deception is being adopted for its effectiveness and efficiency in detecting targeted stolen-credential, Active Directory and ransomware attacks. In this session, three healthcare use cases will demonstrate the customer benefits and investment ROI of deception platforms based on: early detection, automated attack analysis and forensics, and medical device protection.

3:25 pm -
3:40 pm
3:25 pm - 3:40 pm

Exhibit & Networking Break

3:40 pm -
4:20 pm
3:40 pm - 4:20 pm

Cybersecurity and Patient Privacy in Healthcare: The Balancing Act

Speakers:
Dave Summitt, CISO, H. Lee Moffitt Cancer Center and Research Institute
Jennings Aske, CISO, New York-Presbyterian
Joshua Corman, Chief Security Officer at PTC and Fellow at the Atlantic Council
Marianne Kolbasuk McGee, Executive Editor, HealthcareInfoSecurity
Mark Eggleston, VP, CISO and CPO, Health Partners Plans
Steve Chabinsky, Global Chair of Data, Privacy and Cybersecurity, White & Case

How do you balance privacy with data exchange among clinicians, access for patients and medical breakthroughs for researchers? This session examines whether there's a "right balance" for protecting patients' confidentiality, bolstering cybersecurity and providing individuals with access to their own health data, while also optimizing the potential for new research discoveries and improved clinical care. Steve Chabinsky of the President's Commission on Enhancing National Cybersecurity kicks off our panel discussion with some examples and key themes related to patient privacy. The healthcare industry includes thousands of small clinics and laboratories that hold highly sensitive information yet are potentially the weak links for breaches that can impact larger entities and millions of individuals. How can these organizations protect data from cyberattacks, when many more sophisticated organizations and even government agencies haven't mastered cybersecurity?

4:25 pm -
5:00 pm
4:25 pm - 5:00 pm

We've Been Breached: Now What? How to Effectively Work with Law Enforcement and Regulators

Speakers:
Jay Kramer, Partner, Data Privacy and Cyber Security Practice Group, Lewis Brisbois Bisgaard & Smith; former Supervisory Special Agent, FBI - NY Cyber Division
Kirk Nahra, Privacy Attorney, Wiley Rein
Lisa Sotto, Managing Partner, Chair of Global Privacy and Cybersecurity Practice, Hunton & Williams
Richard T. Jacobs, Assistant Special Agent in Charge, Cyber Branch, FBI NY

Too many organizations continue to address breach response from a reactive mode - having a crude disaster-recovery plan in place in case something "does" happen, rather than accepting that something "will" happen and proactively preparing for it. In this session, a panel of legal, technical and law-enforcement experts discusses what well-prepared organizations are doing right on proactive interaction with law enforcement, information sharing and breach investigation and response.

5:00 pm -
5:15 pm
5:00 pm - 5:15 pm

Closing Remarks

5:15 pm -
6:15 pm
5:15 pm - 6:15 pm

Cocktails & Networking

View Schedule
  • Hall A
  • Hall B
  • Hall C
  • Hall D
8:00 am -
8:45 am
8:00 am - 8:45 am

Registration & Breakfast

8:45 am -
9:00 am
8:45 am - 9:00 am

Opening Remarks

9:00 am -
9:45 am
9:00 am - 9:45 am

Cyber Self-Defense, Addressing Escalating Attacks through New Partnerships

Speaker:
Philip Reitinger, President & CEO, Global Cyber Alliance; former Deputy Undersecretary for Cybersecurity, Department of Homeland Security; former CISO, Sony

One thing we know for certain - cyberthreats and cyber-risks are growing, perhaps exponentially. So how can small and medium-sized healthcare institutions and practices, which lack the resources of Fortune 100 companies but have extremely valuable data, address these risks? The answer lies in finding solutions that scale; solutions that provide security as part of a service; and solutions that, in implementing transparency, protect a hospital or doctor's office, as well as its patients' privacy, with secure email messaging and authentication.

Email and credential security are at the heart of cybersecurity, as most breaches result from the compromise of weak logins and passwords. And how are those logins and passwords most-often compromised? The answer: Phishing attacks. In this session, Phil Reitinger, CEO of the Global Cyber Alliance and the former Deputy Undersecretary at the Department of Homeland Security, discusses how the email security protocols known as DMARC - the Domain-based Message Authentication, Reporting and Conformance standard - can be used to make the world a safer place. Reitinger explains why a cybersecurity mindset is needed and why so many organizations are still reluctant to buy in.

9:55 am -
10:25 am
9:55 am - 10:25 am Breach Track

Protecting Healthcare: An Immune System for Cyber Defense

Speaker:
Justin Fier, Director of Cyber Intelligence and Analytics, Darktrace

The 2017 WannaCry global ransomware attack was a wake-up call for all industries - especially healthcare. Over the past several years, the healthcare industry has become heavily targeted by cyberattackers because patient records are a treasure trove of valuable information that remains valid for years. But beyond being an attractive target, the healthcare industry has been characterized by an increasingly complex business landscape - fueled, in part, by connected medical devices and digital records, combined with an increasingly sophisticated threat landscape. This session reviews how artificial intelligence algorithms are being used to help systems learn the "self" of an organization by building a "pattern of life" for every device, user and network. It's called Enterprise Immune System technology, and it's being used to detect and respond to emerging threats as they arise, regardless of the threat vector - without rules, signatures or prior assumptions about what "bad" is.

9:55 am - 10:25 am Clinical/Business Track

CPR for CISOs: Code Vulnerabilities, Password Theft and Ransomware

Speaker:
Eric Rydberg, National Account Sales Engineer, Sophos

Modern malware and active adversary attacks are using unique applications and URLs, as well as leveraging social engineering, to make the greatest impact. In this session, Sophos breaks down several recent attacks, explains the techniques used and discusses how modern security vendors must adapt to the changing threats of disposable binaries and state-sponsored attacks. The session also provides best practices for protecting against these types of dangers as well as the most damaging threat of the decade - ransomware.

9:55 am - 10:25 am Technology Track

Build Your Cybersecurity Program on a Proven Foundation

Speaker:
Ted Gary, Senior Product Marketing Manager for Security Frameworks, Tenable

Healthcare organizations, regardless of size, IT resources and budget, are faced with adequately protecting sensitive information and complying with HIPAA, PCI and other requirements. But many organizations that need to develop more mature cybersecurity programs struggle with where to start. What will deliver the most impact in the shortest time? This session reviews how to get started with foundational security controls proven to deliver the highest value and how to support your program as it evolves. According to research sponsored by Tenable and the Center for Internet Security, only about half of organizations have automated their foundational controls. Fortunately, once implemented, these controls will support virtually all security frameworks and compliance requirements, including HIPAA and PCI.

10:25 am -
10:40 am
10:25 am - 10:40 am

Exhibit & Networking Break

10:40 am -
11:25 am
10:40 am - 11:25 am

Creating a Health Data Security Action Plan: The Core Elements

Speakers:
Jason Taule, Chief Security Officer/Chief Privacy Officer, FEi Systems
Richard Conti, Information Security Specialist, The Children's Hospital of Philadelphia
Vikrant Arora, CISO, Hospital for Special Surgery

Healthcare organizations must adopt a wartime mindset against their sophisticated, persistent attackers. But how can CISOs lead the way in developing an effective security action plan designed for the current threat environment? Vikrant Arora, CISO at the Hospital for Special Surgery, opens this panel discussion with an industry overview, highlighting some of his experiences with putting together an effective data security action plan at HSS, where he was hired in early 2017 as the hospital's first CISO. From there, the full panel reviews:

  • Real-world insights about how to create an action plan;
  • Core elements of breach prevention, detection and response strategies; and
  • Security technologies that can play effective roles in supporting a wartime strategy.
11:35 am -
12:05 pm
11:35 am - 12:05 pm Breach Track

Anatomy of an Attack

Speaker:
Brad Antoniewicz, Security Researcher, Cisco

Cybercriminals are increasingly exploiting internet services to build agile and resilient infrastructures, and, consequently, to protect themselves from being exposed and stopped. This session looks at recent attacks and explains how the correlation of internet data from multiple levels - DNS, BGP, ASN and prefixes/IPs - can be used to expose the attackers' infrastructure.

11:35 am - 12:05 pm Clinical/Business Track

Automation as a Force Multiplier in Cyber Incident Response

Speaker:
Mike Fowler, Vice President, Professional Services, DF Labs

Without an adequate workforce, fraud and security teams are overwhelmed by the current volume of alerts they receive on a daily basis. An automated alert response capability with integrated, trackable workflows designed around recognized standards and best practices can be an integral part of any cyber-response plan. This session explores why the skilled-labor shortage cannot simply be solved through the use of traditional security-incident response platforms or security orchestration and automated response solutions.

11:35 am - 12:05 pm Technology Track

Think Like a Defender: Data Center Cybersecurity Lessons from the Secret Service

Speaker:
Nathaniel Gleicher, Head of Cybersecurity Policy, Facebook; formerly Director for Cybersecurity Policy, National Security Council at the White House

Data center cybersecurity is often chaotic and complex. As a result, sadly, hackers often know the networks and systems they compromise better than their defenders. The Secret Service - and other expert physical security teams - approach security in a surprisingly different way, focusing on understanding and controlling their environment. In this session, Nathaniel Gleicher of Illumio reviews lessons cybersecurity professionals can learn from physical security and explains how to adapt these lessons to secure networks. He discusses why understanding and controlling your data center is essential and why relying solely on high cyber walls is not enough.

12:05 pm -
1:00 pm
12:05 pm - 1:00 pm

Lunch

1:00 pm -
1:40 pm
1:00 pm - 1:40 pm

Cybersecurity and Healthcare: What Clinicians Need to Know to Protect Patient Privacy and Safety

Speaker:
Jack Lewin, MD, Founder and Principal, Lewin and Associates LLC; Chairman, National Coalition on Health Care

As information security threats intensify, organizations' risk management tasks are becoming disoriented - focused more on grappling with complex technology, an explosion of data, increased regulation and a debilitating skills shortage. This is a huge danger, because prompt action is required to interpret an increasingly complex threat environment, which could place organizations and their goals at risk. By preparing for the unknown, organizations will have the flexibility to withstand unexpected, high-impact security attacks and events. This session reviews the top global security threats, how they are expected to evolve and how organizations can prepare.

1:45 pm -
2:30 pm
1:45 pm - 2:30 pm

Medical Devices: Treat Them Like Untrusted End-User Devices

Speakers:
Dale Nordenberg, MD, Executive Director, Medical Device Innovation, Safety and Security Consortium
Dave Nathans, Product Security, Siemens Healthcare
Jennings Aske, CISO, New York-Presbyterian
Marianne Kolbasuk McGee, Executive Editor, HealthcareInfoSecurity
Steven Teppler, Attorney; Bitcoin/Blockchain Expert, Mandelbaum Salsburg P.C.
Suzanne Schwartz, MD, Director, Office of Strategic Partnerships & Technology Innovation (Acting), FDA Center for Devices and Radiological Health

Protecting end-user devices is an essential part of any information security strategy. But many healthcare organizations have literally thousands of connected medical devices - from infusion pumps to heart monitors - used in patient treatment that can be vulnerable, opening the door to a broader cyberattack. Meanwhile, the internet of things, including consumer wearables and other devices, is adding to the challenges of keeping data secure and patients safe.

Dr. Suzanne Schwartz of the Food and Drug Administration kicks off this panel with an overview of the current state of medical device security within the healthcare industry, highlighting some of the unique challenges hospitals face when it comes to security surrounding IoT. From there, the panel discusses why treating medical devices like untrusted end-users is becoming increasingly critical for hospitals of all sizes and shares additional insights about how organizations from all industries should be addressing IoT security risks, from third-party risk, legal and federal regulatory perspectives.

2:30 pm -
2:40 pm
2:30 pm - 2:40 pm

Exhibit & Networking Break

2:40 pm -
3:15 pm
2:40 pm - 3:15 pm

Why Does Healthcare Resist Strong Authentication?

Speakers:
Jay Kramer, Partner, Data Privacy and Cyber Security Practice Group, Lewis Brisbois Bisgaard & Smith; former Supervisory Special Agent, FBI - NY Cyber Division
Jennings Aske, CISO, New York-Presbyterian
Randy Vanderhoof, Director, US Payments Forum

When it comes to authentication, usernames and passwords still dominate in healthcare, despite experts urging the implementation of multifactor authentication. That's due, in part, to the pressure of providing busy clinicians quick and easy access to patient information. If authentication is cumbersome, physicians, nurses and even patients often push back. Our panelists will discuss how they've bolstered authentication at their organizations, the emerging technologies they're using and how they've built support among clinicians and others.

3:20 pm -
4:00 pm
3:20 pm - 4:00 pm

What's the Next Breach that No One Anticipates? From Ransomware to IoT

Speakers:
David Houlding, Principal Healthcare Program Manager, Microsoft
Marianne Kolbasuk McGee, Executive Editor, HealthcareInfoSecurity
Mark Eggleston, VP, CISO and CPO, Health Partners Plans
Steven Teppler, Attorney; Bitcoin/Blockchain Expert, Mandelbaum Salsburg P.C.
Vikrant Arora, CISO, Hospital for Special Surgery

Ransomware has already crippled the ability of some targeted healthcare organizations to access patient records, interrupting delivery of care for days. But will the next iteration of malware attacks bring even more disruption, and perhaps have an even more devastating impact on patients? Cyberattacks involving medical devices and IoT are often discussed. Yet no healthcare organization to date has seen a significant attack linked to the compromise of internet-connected medical devices. It's hard to know or anticipate exactly what the next mega-breach will be, or what will cause it. If you thought the Anthem cyberattack was bad, and the Equifax breach was even worse, then it may be difficult to envision anything more devastating. This panel of experts addresses what could be the next big attack or breach that shakes the healthcare industry.

4:00 pm -
4:15 pm
4:00 pm - 4:15 pm

Closing Remarks

View Schedule

SPONSORS / Supporting Organizations

Arbor Networks
Attivo Networks
bitglass
Bomgar
Cisco Systems
Cyber Ark
Darktrace
DF Labs
DUO Security
Illumio
Information Security Forum (ISF)
Ivanti
Next Caller
Phishme
SecureAuth
Security Scorecard
Sophos
Tenable
Zscaler

LOCATION / Venue & Address

Westin Times Square

270 West 43rd Street
New York, NY 10036

Visit the Venue Website

Location TBA

Register Now

Register Today

To earn CPE credits, hear from industry influencers, join ISMG’s global community and meet with leaders of technology register today.

Register Now

Registering For a Group?
Call + 1 (609)-356-1499  or email at events@ismg.io

Contact Us

Reach us: Reserve your attendance today to ensure you don’t miss the opportunity to meet, network and learn from the foremost experts in information security and risk management in this interactive environment.

+1 (609) 356-1499
events@ismg.io

Join the Community

Subscribe to get the latest happenings on our Roundtables, Summits, and other Events!

    • BankInfoSecurity
    • CUInfoSecurity
    • GovInfoSecurity
    • HealthcareInfoSecurity
    • InfoRiskToday
    • CareersInfoSecurity
    • DataBreachToday
    • CyberEd
    Home | Summits | Press Releases | Sponsorship
    © 2021 Information Security Media Group, Corp. |
    Privacy & GDPR Statement | CCPA: Do Not Sell My Personal Data