Speaker:
MK Palmore, Director, Office of the CISO, Google Cloud & former FBI Special Agent

What emerging security trends have been exposed in healthcare? What key insights and principles of cybersecurity can be applied to foster resiliency? And, how can you create an adaptive and agile cybersecurity culture to prevent modern threats?

Please join MK Palmore for a keynote discussion that will draw from his experiences and perspective, offering thoughts on challenges and opportunities in securing today’s digital healthcare organizations.

Speaker:
Flavio Aggio, CISO, World Health Organization

COVID-19 Cybersecurity attacks: Cybersecurity technologies to identify, protect, detect, respond and recover are extremely important, but not sufficient. HumanOS upgrade is required to safely use the Internet and it is not only about training and awareness. It is about the way users must behave online and the IT community must openly acknowledge system vulnerabilities. Humans are the weakest and strongest links in Cybersecurity.

Speakers:
Jason Lee, Chief Information Security Officer, Zoom
Ron Emerson, Global Director of Healthcare, Zoom

Join Zoom's Chief Information Security Officer, Jason Lee, and Global Healthcare Lead, Ron Emerson, RN BSN, as they discuss Zoom's security and privacy strategy, best practices for security and privacy, and key applications in healthcare for virtual care.

Speaker:
Pascal Geenens, Director, Threat Intelligence, Radware

Lessons learned from the past will help us secure the future. As the world is migrating their applications to new hemispheres and the weight of internet is becoming dominant in their business practices, bad actors are smelling the new opportunities and new attack vectors are forming as a dark storm cloud menacing the opportunities of digitalization. Join this session to learn about the threats to your businesses, understand who are the actors behind the threats and what are the tools they have at their disposal to disrupt your business. As you moved to remote work and accelerated your digitalization journey, a clear understanding of the threats helps you to better assess the risk and find the right balance to secure your assets and resources.

Speakers:
Amber Johanson, Vice President Sales Engineering, North America, Forcepoint
David Finkelstein, Information Security Officer, St. Luke’s University Health Network

With the global shift of a remote workforce, the walls that maintained order within healthcare organizations have since fallen. Healthcare providers across the globe have had to swiftly adapt and shift their ways of thinking to adopt new cloud security protocols and strategies. Listen to David Finkelstein and Amber Johanson, as they share best practices on how to protect your remote workforce without breaching employee or patient privacy.

In this session we will cover:

• Best practices around protecting your remote workforce without breaching employee or patient privacy.
• How COVID19 forced healthcare security officers to accept more risk in order to enable remote workers.
• How to ensure centralized data security policies across various channels: endpoint, network, and the cloud.

Speakers:
Allison Norfleet, Global Healthcare Lead, Industry Solutions Group, Cisco
Wolfgang Goerlich, Advisory CISO, Cisco Secure

2020 was a year of rapid adaptation for everyone. Few industries faced the level of complexity inherent to healthcare, with stringent compliance standards and an environment where streamlined security workflows can mean the difference between life and death. We triaged the event, moving rapidly to telemedicine and remote work, focusing on health and safety. We made significant IT changes quickly. As we come into 2021, our attention turns toward recovery. In this session, we’ll cover the efforts to stabilize and mature remote IT services, as well as new demands of vaccine distribution. Many of these shifts are with us for the foreseeable future. Now, we turn towards resilience to handle what's come and prepare for what's next.

Speaker:
Gorka Sadowski, Former Gartner analyst and Chief Strategy Officer, Exabeam

Millions of dollars are spent annually to set up SOCs in the healthcare industry and yet, in just the last two years alone, 89% of healthcare organizations have experienced a data breach. Why are SOCs failing? Listen as ISMG’s Nick Holland interviews Exabeam’s Chief Strategy Officer Gorka Sadowski to learn more about why SOCs always fail when built under the current operating model. And what to do to make SOCs successful using a simple maturity model based on outcomes and use cases.

Key Learnings:

• Why an outcome-based approach is the only way for SOCs to offer effective coverage and protection for your organization
• How the most successful healthcare SOCs use a comprehensive, strategic and end-to-end focused approach to address 95% of all operational issues at scale
• Why it is critical for healthcare Security Operations (SecOps) to become more use case-driven and full lifecycle workflow orientated
• Lastly, learn about a new simple framework and maturity model that will help your organization approach SOCs the right way

Speaker:
Dave Lewis, Global Advisory CISO, Duo Security at Cisco

Security debt, defined by Dave Lewis, Global Advisory CISO, Duo Security at Cisco, as “the accumulation of the patches missed, the risks accepted, and the configurations misapplied,” is a serious and common problem for many organizations, especially with the move to cloud computing and rise of IoT. Organizations should look to strategies like the zero-trust model, trust but verify, sanitation of inputs and outputs, and of course, make sure to execute patches instead of pushing it onto the next person.

Speaker:
Thom Langford, Security Advocate, SentinelOne & former CISO, Publicis Groupe

The traditional paradigm of investing in protection of known threats alone has been declining over recent years, as attackers become more adaptable and capable. Combine this with increased threats and attacker ingenuity it is small wonder that a CISO’s role has become more complex. This leads to the inevitability of a security incident where the complex environments and inventive attacks collide.

In this presentation, Thom Langford, Security Advocate, SentinelOne, looks at three fundamentals:

• Why traditional protective approaches are no longer effective enough.
• How complexity has made the CISO’s ability to respond more difficult.
• The importance of automation in the response process to address this paradigm shift CISOs now face.

Speaker:
Jason Mitchell, Senior Vice President, Engineering, Centrify

The move to remote work and a saturated digital environment has prompted many organizations to migrate to the cloud. Experts agree that the top priority for cloud migration should be data security and privacy. However, recent studies discovered that 70% of organizations experienced a public cloud security incident in the last year—including malware, exposed data, and compromised accounts. With 80% of organizations predicted to migrate toward cloud, hosting, and colocation services by 2025, new attack surfaces may arise and create greater security vulnerabilities.

To fully benefit from rapid technological transformation, it is imperative that enterprises embrace strategies for safeguarding their infrastructure both during and after cloud migration. In this session we will discuss the tools and strategies IT and security leaders are finding most effective for managing a secure transformation to the cloud.

Speaker:
Omar Khawaja, CISO, Highmark Health

Omar Khawaja, CISO of Highmark Health, describes his organization’s journey to enhance its security program while serving the needs of the business and providing internal customers with ease-of-use.

In this exclusive interview Khawaja will discuss:

• How security programs must serve the business;
• The goals of a business-centric security program;
• How security leaders must avoid saying “no,” and instead demonstrate “here’s how”
• Treating the business like a paying client.

Speakers:
Mitch Parker, CISO, Indiana University Health System
Rob Suárez, VP, CISO, Becton, Dickinson and Company
Suzanne Schwartz, MD, Director, Office of Strategic Partnerships and Technology Innovation (OST), FDA’s Center for Devices & Radiological Health (CDRH)

What’s the status of FDA’s latest guidance and other efforts to help strengthen the cybersecurity of medical devices – especially amid the surge in COVID-19 remote patient monitoring and shortages of certain critical medical equipment? How are medical device makers implementing better security controls and best practices, and what are healthcare delivery organizations doing to keep their patients and data safe from the latest threats facing devices? Our panel will discuss these issues, plus:

• The ongoing challenges involving legacy devices issues and outdated third-party software;
• Vulnerability disclosures and patching;
• Third-party components and a “Cybersecurity Bill of Materials”;
• What the SolarWinds attack and connected medical devices have in common.

Speaker:
Sharat Chander, Director of Java Product Management, Oracle

The need for agility has never been more important as healthcare organizations revise their processes and applications at an unprecedented pace, and that, in turn, has underscored the need for business-critical application performance, stability and security. As IT leaders guide their teams through ongoing business transformation demands to meet business needs and customer expectations, it is critical to examine how the essential applications are managed and how risk is calculated to drive improvement. Join Sharat Chander, Senior Director of Java Product Management at Oracle, for an insightful discussion to learn how to modernize Java applications while mitigating risk.

Speaker:
Stephen Gates, Security Evangelist and Senior Solutions Specialist, Checkmarx

Today’s modern applications depend on of a substantial amount of open source components and third-party libraries. Although organizations acknowledge a heightened level of security, license, and operational risk, unfortunately, many don’t effectively track or manage open source throughout their entire code base and cannot consistently address the widening hazards they face. As a result, organizations desire automated, repeatable processes for open source usage, risk management, and vulnerability remediation that fit within modern development environments.

In this session, attendees will hear recommendations from Stephen Gates, Checkmarx SME on how to effectively implement an approach to:

• Identify open source with confidence.
• Minimize open source security and license risks.
• Prioritize exploitable vulnerabilities.
• Accelerate informed remediation.
• Integrate and automate open source analysis.

Speakers:
Christopher Hertz, VP of Cloud Security Sales, Rapid7
Thomas Martin, Founder, NephōSec and Former CIO at GE

When it comes to the security and compliance of your enterprise cloud, healthcare and life sciences organizations must have an integrated, automated, enterprise-wide, multi-cloud approach to ensure regulatory compliance and complete data protection. Join Thomas Martin, Founder at NephōSec and former CIO at GE, along with Chris Hertz, Vice President Cloud Security Sales at DivvyCloud by Rapid7, for a review of the latest global trends in cloud risk for healthcare and how to achieve continuous full life cycle security and compliance for multi-cloud environments.

Speakers:
Marty Momdjian, Healthcare Solutions Advisor, Sirius Healthcare
Matthew Radcliffe, AVP, Healthcare, Sailpoint

Due to COVID-19, healthcare continues to face unprecedented challenges. With the rapid movement of clinical staff and provisioning a larger number of contingent workers, healthcare organizations are facing increased cybersecurity threats. The pandemic put a magnifying glass on identity security. First, it highlighted vulnerabilities in identity governance policies and procedures, specifically how to secure and maintain applications, platforms, and infrastructures for remote workers. Secondly, automated identity solutions with AI and ML can better address micro and macro-operational changes to improve efficiencies within or outside of the four walls.

Join Matthew Radcliffe, AVP of Healthcare for SailPoint, and Marty Momdjian, Healthcare Solutions Advisor at Sirius Healthcare, for a thoughtful discussion on the strategic approach healthcare organizations should consider to improve cybersecurity and drive compliance.

Speaker:
Ed Jackowiak, President, CyGlass

In this presentation, CyGlass CEO Ed Jackowiak will look at the unique challenges faced by small security and IT teams at healthcare organizations. Ed will then detail why gaining visibility to your network and the risks and threats hidden within is the most cost-effective approach to mitigating the threats you will face in 2021 and beyond. He will then describe how a new generation of SaaS technologies offers small teams operationally effective enterprise-class cyber defense capabilities at a fraction of the cost.

Speaker:
Ed Gaudet, CEO and Founder, Censinet

Today, cybersecurity risk is siloed throughout a health system with disparate data across different teams using manual processes and non-integrated tools. This approach clearly isn't working. To significantly reduce the occurrence of risks or the impact of an incident, it's time that we, as health system leaders and practitioners, start integrating and operationalizing risk across the enterprise. Only by consolidating risk into a single unified, operational view can we then manage, control, and remediate it, limiting our organization's cybersecurity exposure and protecting those we serve.

Speakers:
Anahi Santiago, CISO, Christiana Care Health System
Martin Littmann, CISO, Kelsey-Seybold Clinic
Matthew Hickey, Director of Sales Engineering, Sophos

Not only are cybercriminals installing ransomware to encrypt data and freeze up systems, some attacks have evolved with the exfiltration of sensitive patient data and double extortion schemes. In some cases, backup systems are being hit as well, hampering recovery efforts from these attacks. But what are the critical steps and latest strategies that healthcare sector entities can take to prevent falling victim to these highly disruptive and dangerous attacks, especially as they escalate during the COVID-19 pandemic?

Speakers:
Jim Angle, Product Manager for IT service - Information Security, Trinity Health
John Houston, Esq Vice President, Information Security and Privacy; Associate Counsel, UPMC
Martyn Crew, Director of Solutions Marketing, Gigamon

The delivery of healthcare services using telehealth and remote medicine capabilities has soared during the COVID-19 crisis, and this is not a temporary phenomenon: telemedicine is here to stay. Not only is telemedicine here to stay, it will undoubtedly expand as healthcare organizations move to scalable hybrid cloud architectures and 5G massively increases mobile bandwidth.

But what are the emerging operational and security challenges associated with these changes? Our panel of experts will examine issues including:

• As healthcare organizations adopt hybrid cloud architectures, what are the key challenges they face?
• How can organizations secure the movement and monitoring of sensitive healthcare data traffic?
• How will 5G impact telehealth, remote medicine and patient security?

Speakers:
Michael McNeil, SVP, Global CISO, Mckesson
Stephen Dunkle, CISO, Geisinger Health

After the SolarWinds attack, how can an entity ever trust that any vendor’s security incident won’t become their own next crisis? Healthcare sector entities in particular deal with a complex digital supply chain that range from critical IT vendors to suppliers of life-saving network-connected patient gear, and all the other players – known and maybe unknown – in-between. Our panel will discuss:

• Digital supply chain challenges spotlighted during COVID-19;
• Healthcare sector lessons emerging from the SolarWinds and other major vendor attacks;
• Lessons from the Urgent/11 IPnet vulnerabilities;
• Cloud vendors and change management issues;
• Vetting and trusting third-parties – including their software patches.

Speakers:
Mikki Smith, CISO, Director, Cybersecurity & Enterprise Architecture, HHS
Nicholas Heesters, Attorney, Senior advisor for Cybersecurity, HHS Office for Civil Rights
Vimala Devassy, Regulatory Attorney, Partner, BakerHostetler

HHS OCR issued a record number of HIPAA settlements in 2020 in cases involving patient “right of access” violations. Meanwhile, compliance with HHS’ health IT interoperability and information blocking regulations – which include provisions for providing patients secure access to their health information via smartphones and standards-based APIs – come due in April. What are the challenges involved in providing patients timely, secure access to their health information? Our panel will discuss:

• Common obstacles and top tips for complying with HHS’ secure patient access and information blocking regulations;
• Critical technology considerations for providing secure patient access to digital health records
• Secure exchange of patient information among competing healthcare providers and diverse health IT platforms
• What’s next for HIPAA privacy, security and breach notification regulations and enforcement.

Speakers:
Jacki Monson, CISO, CTRO, & CPO, Sutter Health
Joshua Corman, CISA, Chief Strategist, Healthcare Sector

Segments of healthcare sector cybersecurity have been rocky for a while, despite incremental improvements in the wake of a HHS cyber task report making key recommendations. But how has the pandemic further stressed and strained healthcare cybersecurity – and what seams and cracks are now widening? What needs to be fixed STAT, before system outages and compromises turn deadly?

Our panelists will discuss:

• Risks highlighted in the HHS task force report – what’s gotten better, what’s getting worse;
• Connected biomedical devices, telehealth, the overall push for interconnectivity – what’s the latest impact on cyber risk;
• Delayed and compromised patient care due to cyberattacks and breaches– addressing the threats and consequences;
• Furloughed security teams, tight security resources – what needs to be done;
• Hit by ransomware – who should healthcare entities contact first for help;
• Why the pandemic is an “aha” moment for healthcare cybersecurity.

Speaker:
Cris Ewell, CSO and CPO, NRC Health

Washington State was the first U.S. epicenter of the COVID-19 pandemic, and as CISO of UW Medicine Cris Ewell was supporting the first responders. How is his security organization most different today than it was a year ago? Hear his approach to:

• Work from anywhere
• Supply chain risk
• Medical device security

Speaker:
Meredith Harper, VP, CISO, Eli Lilly and Company

Has there ever been a more challenging time to be CISO of a major global pharmaceutical enterprise? Meredith Harper, VP and CISO of Eli Lilly and Company, discusses how the organization has responded to COVID-19 and the new workplace. She also shares plans for:

• Cloud transformation
• Zero trust
• Building a diverse workforce