Speaker:
Philip Reitinger, President & CEO, Global Cyber Alliance; former Deputy Undersecretary for Cybersecurity, Department of Homeland Security; former CISO, Sony

One thing we know for certain - cyberthreats and cyber-risks are growing, perhaps exponentially. So how can small and medium-sized healthcare institutions and practices, which lack the resources of Fortune 100 companies but have extremely valuable data, address these risks? The answer lies in finding solutions that scale; solutions that provide security as part of a service; and solutions that, in implementing transparency, protect a hospital or doctor's office, as well as its patients' privacy, with secure email messaging and authentication.

Email and credential security are at the heart of cybersecurity, as most breaches result from the compromise of weak logins and passwords. And how are those logins and passwords most-often compromised? The answer: Phishing attacks. In this session, Phil Reitinger, CEO of the Global Cyber Alliance and the former Deputy Undersecretary at the Department of Homeland Security, discusses how the email security protocols known as DMARC - the Domain-based Message Authentication, Reporting and Conformance standard - can be used to make the world a safer place. Reitinger explains why a cybersecurity mindset is needed and why so many organizations are still reluctant to buy in.

Speaker:
Justin Fier, Director of Cyber Analysis and Intelligence, Darktrace

The 2017 WannaCry global ransomware attack was a wake-up call for all industries - especially healthcare. Over the past several years, the healthcare industry has become heavily targeted by cyberattackers because patient records are a treasure trove of valuable information that remains valid for years. But beyond being an attractive target, the healthcare industry has been characterized by an increasingly complex business landscape - fueled, in part, by connected medical devices and digital records, combined with an increasingly sophisticated threat landscape. This session reviews how artificial intelligence algorithms are being used to help systems learn the "self" of an organization by building a "pattern of life" for every device, user and network. It's called Enterprise Immune System technology, and it's being used to detect and respond to emerging threats as they arise, regardless of the threat vector - without rules, signatures or prior assumptions about what "bad" is.

Speaker:
Eric Rydberg, National Account Sales Engineer, Sophos

Modern malware and active adversary attacks are using unique applications and URLs, as well as leveraging social engineering, to make the greatest impact. In this session, Sophos breaks down several recent attacks, explains the techniques used and discusses how modern security vendors must adapt to the changing threats of disposable binaries and state-sponsored attacks. The session also provides best practices for protecting against these types of dangers as well as the most damaging threat of the decade - ransomware.

Speaker:
Ted Gary, Senior Product Marketing Manager for Security Frameworks, Tenable

Healthcare organizations, regardless of size, IT resources and budget, are faced with adequately protecting sensitive information and complying with HIPAA, PCI and other requirements. But many organizations that need to develop more mature cybersecurity programs struggle with where to start. What will deliver the most impact in the shortest time? This session reviews how to get started with foundational security controls proven to deliver the highest value and how to support your program as it evolves. According to research sponsored by Tenable and the Center for Internet Security, only about half of organizations have automated their foundational controls. Fortunately, once implemented, these controls will support virtually all security frameworks and compliance requirements, including HIPAA and PCI.

Speakers:
Jason Taule, Chief Security Officer/Chief Privacy Officer, FEi Systems
Richard Conti, Information Security Specialist, The Children's Hospital of Philadelphia
Vikrant Arora, CISO, Hospital for Special Surgery

Healthcare organizations must adopt a wartime mindset against their sophisticated, persistent attackers. But how can CISOs lead the way in developing an effective security action plan designed for the current threat environment? Vikrant Arora, CISO at the Hospital for Special Surgery, opens this panel discussion with an industry overview, highlighting some of his experiences with putting together an effective data security action plan at HSS, where he was hired in early 2017 as the hospital's first CISO. From there, the full panel reviews:

• Real-world insights about how to create an action plan;
• Core elements of breach prevention, detection and response strategies; and
• Security technologies that can play effective roles in supporting a wartime strategy.

Speaker:
Brad Antoniewicz, Security Researcher, Cisco

Cybercriminals are increasingly exploiting internet services to build agile and resilient infrastructures, and, consequently, to protect themselves from being exposed and stopped. This session looks at recent attacks and explains how the correlation of internet data from multiple levels - DNS, BGP, ASN and prefixes/IPs - can be used to expose the attackers' infrastructure.

Speaker:
Mike Fowler, Vice President, Professional Services, DF Labs

Without an adequate workforce, fraud and security teams are overwhelmed by the current volume of alerts they receive on a daily basis. An automated alert response capability with integrated, trackable workflows designed around recognized standards and best practices can be an integral part of any cyber-response plan. This session explores why the skilled-labor shortage cannot simply be solved through the use of traditional security-incident response platforms or security orchestration and automated response solutions.

Speaker:
Nathaniel Gleicher, Head of Cybersecurity Policy, Facebook; formerly Director for Cybersecurity Policy, National Security Council at the White House

Data center cybersecurity is often chaotic and complex. As a result, sadly, hackers often know the networks and systems they compromise better than their defenders. The Secret Service - and other expert physical security teams - approach security in a surprisingly different way, focusing on understanding and controlling their environment. In this session, Nathaniel Gleicher of Illumio reviews lessons cybersecurity professionals can learn from physical security and explains how to adapt these lessons to secure networks. He discusses why understanding and controlling your data center is essential and why relying solely on high cyber walls is not enough.

Speaker:
Jack Lewin, MD, Founder and Principal, Lewin and Associates LLC; Chairman, National Coalition on Health Care

As information security threats intensify, organizations' risk management tasks are becoming disoriented - focused more on grappling with complex technology, an explosion of data, increased regulation and a debilitating skills shortage. This is a huge danger, because prompt action is required to interpret an increasingly complex threat environment, which could place organizations and their goals at risk. By preparing for the unknown, organizations will have the flexibility to withstand unexpected, high-impact security attacks and events. This session reviews the top global security threats, how they are expected to evolve and how organizations can prepare.

Speakers:
Dale Nordenberg, MD, Executive Director, Medical Device Innovation, Safety and Security Consortium
Dave Nathans, Product Security, Siemens Healthcare
Jennings Aske, CISO, New York-Presbyterian
Marianne Kolbasuk McGee, Executive Editor, HealthcareInfoSecurity
Steven Teppler, Attorney; Bitcoin/Blockchain Expert, Mandelbaum Salsburg P.C.
Suzanne Schwartz, MD, Director, Office of Strategic Partnerships & Technology Innovation (Acting), FDA Center for Devices and Radiological Health

Protecting end-user devices is an essential part of any information security strategy. But many healthcare organizations have literally thousands of connected medical devices - from infusion pumps to heart monitors - used in patient treatment that can be vulnerable, opening the door to a broader cyberattack. Meanwhile, the internet of things, including consumer wearables and other devices, is adding to the challenges of keeping data secure and patients safe.

Dr. Suzanne Schwartz of the Food and Drug Administration kicks off this panel with an overview of the current state of medical device security within the healthcare industry, highlighting some of the unique challenges hospitals face when it comes to security surrounding IoT. From there, the panel discusses why treating medical devices like untrusted end-users is becoming increasingly critical for hospitals of all sizes and shares additional insights about how organizations from all industries should be addressing IoT security risks, from third-party risk, legal and federal regulatory perspectives.

Speakers:
Jay Kramer, Partner, Data Privacy and Cyber Security Practice Group, Lewis Brisbois Bisgaard & Smith; former Supervisory Special Agent, FBI - NY Cyber Division
Jennings Aske, CISO, New York-Presbyterian
Randy Vanderhoof, Director, US Payments Forum

When it comes to authentication, usernames and passwords still dominate in healthcare, despite experts urging the implementation of multifactor authentication. That's due, in part, to the pressure of providing busy clinicians quick and easy access to patient information. If authentication is cumbersome, physicians, nurses and even patients often push back. Our panelists will discuss how they've bolstered authentication at their organizations, the emerging technologies they're using and how they've built support among clinicians and others.

Speakers:
David Houlding, Principal Healthcare Program Manager, Microsoft
Marianne Kolbasuk McGee, Executive Editor, HealthcareInfoSecurity
Mark Eggleston, VP, CISO and CPO, Health Partners Plans
Steven Teppler, Attorney; Bitcoin/Blockchain Expert, Mandelbaum Salsburg P.C.
Vikrant Arora, CISO, Hospital for Special Surgery

Ransomware has already crippled the ability of some targeted healthcare organizations to access patient records, interrupting delivery of care for days. But will the next iteration of malware attacks bring even more disruption, and perhaps have an even more devastating impact on patients? Cyberattacks involving medical devices and IoT are often discussed. Yet no healthcare organization to date has seen a significant attack linked to the compromise of internet-connected medical devices. It's hard to know or anticipate exactly what the next mega-breach will be, or what will cause it. If you thought the Anthem cyberattack was bad, and the Equifax breach was even worse, then it may be difficult to envision anything more devastating. This panel of experts addresses what could be the next big attack or breach that shakes the healthcare industry.