ismg summit logo

July 18th 2024

Healthcare Cybersecurity Summit: New York

9:00 AM ET - 5:00 PM ET

Hosted By

Event Overview

Join us for a pivotal day of advanced cybersecurity discussions and learning tailored for healthcare professionals. The summit features a unique tabletop exercise on Deep Fakes hosted by the United States Secret Service and CyberEdBoard, simulating a sophisticated cyber-attack to enhance strategic response and operational readiness.

Engage in transformative sessions on AI-powered threat detection, incident response strategies, and regulatory compliance. Our agenda is rich in insightful discussions and hands-on collaboration, providing invaluable insights and practical strategies for cybersecurity professionals.

This event is essential for CISOs and cybersecurity leaders aiming to deepen their understanding of emerging threats and innovative defense approaches in healthcare cybersecurity, equipping them with the knowledge and tools to enhance organizational resilience and stay ahead of evolving threats.

View our ISMG Event Experience video to see what your peers are saying about their participation. 

Venue

Well& by Durst - One World Trade Center

285 Fulton Street, 64th Floor 

 

NOTE:  All requests to attend will be reviewed by event staff and approved based on professional qualifications and event capacity.

Topic Highlights

  • CISA’s Vital Role in Safeguarding Healthcare Infrastructure

  • Generative AI in Cyber Healthcare

  • Essential Considerations for HIPAA Compliance and Data Protection

  • Updates and Enhancements to the HICP Guide

Speakers

Thought Leaders on Stage and Leading Deep Dive Discussions

ISMG Summits bring the foremost thought leaders and educators in the security space to the stage, interactive workshops and networking events. Learn from the “who’s who” in Cybersecurity passionate about the latest tools and technology to defend against threats 

Keynote Speaker

John Riggi, National Advisor for Cybersecurity & Risk, American Hospital Association

Start your day with an enlightening session with Riggi, who will explore the latest cyber threats impacting healthcare, including ransomware and data breaches. Gain insights into managing third-party risks, emerging regulations, and enhancing your incident response strategies to ensure resilient and secure healthcare delivery. Don’t miss this opportunity to hear from an esteemed thought leader during the keynote address. 

John Riggi

National Advisor for Cybersecurity & Risk, American Hospital Association

Christopher Frenz

AVP of IT Security, Mount Sinai South Nassau

Ravi Thatavarthy

CISO, Rite Aid

Melanie Fontes Rainer

Director, Office for Civil Rights, U.S. Department of Health & Human Services

Errol Weiss

CSO, Health-ISAC

Lynette Sherrill

Deputy Assistant Secretary of Information Security & Chief Information Security Officer, U.S. Department of Veterans Affairs

Sunil Dadlani

Global CIDO & CISO, Atlantic Health System

Hugo Lai

CISO, Temple Health – Temple University Health System

Cory Brennan

Associate Senior Counsel of Technology & Commercial Transactions, Johns Hopkins Medicine

Karen Habercoss

Chief Privacy Officer, UChicago Medicine

Aaron Weismann

CISO, Main Line Health

Phil Englert

VP, Medical Device Security, Health-ISAC

Speakers

Thought Leaders Leading Deep-Dive Discussions on Stage

ISMG Summits bring the foremost thought leaders and educators in the security space to the stage, at interactive workshops and networking events. Learn from the who’s who in the cybersecurity industry, passionate about the latest tools and technology to defend against threats.

Agenda

You can now view or download a PDF version of the attendee guide.

Registration and Breakfast

Opening Remarks

John Riggi

National Advisor for Cybersecurity & Risk, American Hospital Association

Securing the Future of Healthcare

Riggi will provide a comprehensive overview of the current threat environment, highlighting the impact of recent ransomware attacks and data breaches on patient safety and healthcare operations, as well as related emerging regulatory issues. He will emphasize the importance of managing third-party and supply chain risk in an interconnected ecosystem and share actionable strategies to enhance incident response capabilities. This session will equip healthcare CISOs with the knowledge and tools to bolster their defenses and ensure secure, resilient healthcare delivery.

Key Themes:

  • Learn about the latest cyber adversaries, their tactics, techniques and procedures
  • Hear about lessons learned based upon assistance provided to victim organizations of ransomware attacks and the “ransomware blast radius”
  • Learn how digital risk translates into patient care risk and best practices on how to prepare for a loss of medical technology for four weeks or longer 
  • Discuss the emerging regulatory issues related to cybersecurity in healthcare

John Riggi, National Advisor for Cybersecurity & Risk, American Hospital

Association

Theresa Lanowitz

Chief Evangelist, LevelBlue

2024 LevelBlue FuturesTM Report for Healthcare

Our survey results tell an important story: 87% of healthcare respondents anticipate that dynamic computing will enhance operational performance within the next three years. Yet, a similar number acknowledge the increased exposure to risk.

The 2024 LevelBlue research uncovered the relationships between the barriers to cyber and cybersecurity resilience and how the business prioritizes them.

You will learn:
• Why business and tech leaders alike need to prioritize cyber resilience.
• The critical barriers to cyber resilience.
• The challenges impacting cybersecurity resilience.
• The business context reveals the operational issues associated with prioritizing resilience.
• What’s on the horizon that may impact cyber resilience.
• And five steps for prioritizing cyber resilience in a changing landscape.

Theresa Lanowitz, Chief Evangelist, LevelBlue

Lynette Sherrill

Deputy Assistant Secretary of Information Security & Chief Information Security Officer, U.S. Department of Veterans Affairs

Exploring the VA's Security Priorities and Strategy

In this candid conversation, Ms. Sherrill will share a comprehensive view into the VA’s latest cybersecurity priorities and strategic initiatives. She will discuss how the VA has embraced agile methodologies to safeguard Veterans’ information, the development and impact of the VA’s Zero Trust strategy, and the security risks presented by the proliferation of advanced medical devices. Additionally, she will delve into the security measures for special purpose systems at the VA, sharing successful implementation examples, and outline the VA’s approach to the Authorization and Accreditation process.
 
Looking forward, Ms. Sherrill will highlight the top cyber threats facing the VA and the proactive measures being implemented to counter these emerging challenges. Attendees will gain valuable insight that can be incorporated into their own security posture, enhancing their ability to protect sensitive information in healthcare’s increasingly complex digital environment.

Lynette Sherrill, Deputy Assistant Secretary of Information Security

& Chief Information Security Officer, U.S. Department of Veterans Affairs

Neal Quinn

Head of Cloud Security Services Business, Radware

DDoS Threats to Healthcare Providers: Strategies for Defense

Topics covered include:

  • Healthcare Providers in the line of fire from sophisticated nation-state actors.
  • Why standard protections are not enough anymore.
  • Best Practices: Discover how to defend against attacks, backed by a real-world case study of thwarting a sophisticated web DDoS assault.

Neal Quinn, Head of Cloud Security Services Business, Radware

Shasta Turney

Director, Solution Marketing, Ping Identity

The Future of Passwordless: Brought To You By Decentralized Identity

The healthcare industry remains the top target for cyberattacks, underscoring the urgent need for advanced security measures. Passwordless authentication is finally beginning to see broad implementation, with passkeys providing a strong boost in user awareness and adoption over the past year. According to a recent FIDO Alliance survey, more than half of respondents reported setting up a passkey. However, today’s solutions still have room for innovation: stronger security, better experiences, and more user control over data.
 
What if we could revolutionize the entire paradigm? Not just for account login, but for registration and robust protection against AI-driven authentication threats like voice and video deep fakes? Enter decentralized identity (DCI). Among its many promising applications in the identity landscape, DCI’s verifiable credentials hold immense potential to elevate passwordless authentication to new heights. Join this session to discover how the right blend of existing and emerging technologies can transform this vision into reality, providing healthcare organizations with the tools they need to defend against increasingly sophisticated cyber threats.

Shasta Turney, Director of Solution Marketing, Ping Identity 

Networking and Exhibition Break

Karen Habercoss

Chief Privacy Officer, UChicago Medicine

Greg Garcia

Executive Director, Health Sector Coordinating Council Cybersecurity Working Group

Anahi Santiago

CISO, ChristianaCare

Puja Khare

VP for Legal, Regulatory, and Professional Affairs, Greater New York Hospital Association

Future-Proofing Healthcare Cybersecurity Through 2030

This session will explore how information security leaders can future-proof their organizations’ security strategies by effectively integrating these comprehensive frameworks.

Our expert panel will cover meaningful strategies, emphasizing the importance of proactive measures in identifying and mitigating cyber threats. We will discuss how to integrate strategic initiatives and performance goals into existing security frameworks, ensuring organizations are prepared to meet the evolving cyber threat landscape. Additionally, attendees will learn effective methods for assessing and measuring progress, utilizing key metrics to track improvements and maintain robust cybersecurity defenses. 

Key Takeaways:

  • Learn how the Cybersecurity Performance Goals are related to the Health Sector Coordinating Council’s five-year Health Industry Cybersecurity Strategic Plan.
  • Recognize guiding principles, goals, objectives, and potential actions that can be taken to increase the overall health sector cybersecurity resilience level. 
  • Find out about current and future trends impacting the industry. 
  • Discover objectives with sample measurable outcomes that can be used to assess progress. 

Karen Habercoss, Chief Privacy Officer, UChicago Medicine

Greg Garcia, Executive Director, Health Sector Coordinating Council

Cybersecurity Working Group

Anahi Santiago, CISO, ChristianaCare

Puja Khare, VP for Legal, Regulatory, and Professional Affairs, Greater New York

Hospital Association

Shane Hasert

Director, Threat Research & Cybersecurity Standards, ProcessUnity

Best Practices for Zero-Day Vulnerability Attack Responses & Emergency Assessments

While each event is unique, they all result in third-party risk management teams scrambling to ensure their organizations are protected. Rapid responses and emergency assessments can be knee-jerk, stressful and distracting. It doesn’t have to be that way.
 
Join us for a discussion on the best practices to responding to zero-day vulnerability attacks and conducting emergency assessments. We’ll outline what’s required to prepare in advance so you’re ready to execute when the time comes. From establishing solid communication channels to leveraging automation, we’ll cover the necessary steps and considerations for an effective response plan.
 
Session attendees will learn:
 
  • How to gain visibility into your entire vendor ecosystem and prepare in advance to reduce both reaction time and exposure to loss
  • How to quickly identify which third parties require follow-on action based on each specific threat actor or vulnerability
  • How quick-assess campaigns can automatically scope, distribute, and score responses

Shane Hasert, Director, Threat Research & Cybersecurity Standards, ProcessUnity

Sumant Mauskar

Senior Vice President, Sales and Global Partnerships, Pindrop

Fraud, Patient Privacy, and Data Breaches: Protecting the Healthcare IVR

Patients rely on healthcare call centers for their most complicated issues and with requirements to protect PII and health records, healthcare providers must balance compliance, patient experience, and their own level of business risk. In this session, Pindrop will share how our healthcare customers are reducing fraud, protecting patient data, improving patient experience and lowering operational costs.

Sumant Mauskar, Senior Vice President, Sales and Global Partnerships, Pindrop

Josh Wasserman

Northeast Area Vice President, Semperis

How to Improve Business Resilience Through Identity-First Security

In this session, Semperis Northeast AVP Josh Wasserman explains why the ability to protect and quickly recover your core identity systems—Microsoft Active Directory (AD) and Entra ID, for most enterprise organizations—is vital to successful cyber disaster recovery. You’ll learn:

  • Why Gartner recommends an AD-specific security strategy
  • Why fast AD recovery is important and why so many companies fail to achieve it
  • The next steps to protect your hybrid AD environment

Josh Wasserman, Northeast Area Vice President, Semperis

Lunch and Exhibition Break

Hugo Lai

CISO, Temple University Health System

Errol Weiss

CSO, Health-ISAC

Christopher Frenz

AVP of IT Security, Mount Sinai South Nassau

John Banghart (Moderator)

Senior Director for Cybersecurity Services, Venable LLP

Strengthening Healthcare Security: Advanced Supply Chain Risk Mitigation Strategies

From vulnerabilities in medical devices, to securing legacy systems and managing third-party risk, a single vulnerable link in your supply chain can compromise the security of your entire organization, posing significant risks to patient safety and data integrity. Recent cyberattacks against Change Healthcare, Philips and others exemplify the critical need for robust supply chain security measures, including comprehensive vendor risk assessments, securing medical devices and software, and the necessity of continuous monitoring and rigorous security protocols.
Recognition that each interaction and transaction within the supply chain can introduce potential risks is crucial for maintaining a comprehensive security framework. This session will take a deep dive into the many aspects of supply chain security, emphasizing a holistic approach to preventing, detecting, and mitigating threats to critical operations and delivery of care.


Key strategies to be explored include:

  • Vendor Risk Assessments: Evaluate the security posture of suppliers and third-party vendors, focusing on those handling sensitive patient data and critical infrastructure.
  • Advanced Security Controls: Implement measures like code signing, software integrity verification, and secure boot mechanisms to protect connected medical devices and other components.
  • Contractual Security Requirements: Establish SLAs and contracts with stringent security clauses to ensure vendor accountability.

Hugo Lai, CISO, Temple University Health System 

Errol Weiss, CSO, Health-ISAC

Christopher Frenz, AVP of IT Security, Mount Sinai South Nassau 

John Banghart, Senior Director for Cybersecurity Services, Venable LLP

Matthew Oelsner

Network Intrusion Forensic Analyst, United States Secret Service

Todd Felker

Executive Strategist, Healthcare, CrowdStrike

Randy Guerette

HC Solutions Engineer, Claroty

Deep Fakes, Real Stakes: Unmasking Cyber Deception in a High-Stakes Tabletop Simulation

What You Will Gain From This Experience

  • Enhanced Organizational Readiness: To critically assess and improve organizational preparedness in responding to intricate cyber incidents involving deep fake technology and social engineering.
  • Interagency Collaboration and Knowledge Exchange: To strengthen the partnership and information sharing between the U.S. Secret Service and leaders in the private sector cybersecurity community.
  • Strategic Response Development: To create all-encompassing incident response strategies that cover legal, technical, and communicational facets, while also identifying and rectifying weaknesses in existing cybersecurity policies and governance.

Randy Guerette, HC Solutions Engineer, Claroty

Todd Felker, Executive Strategist, Healthcare, CrowdStrike

Matthew Oelsner, Network Intrusion Forensic Analyst, United States Secret Service

Networking and Exhibition Break

Aftin Ross

Deputy Director - Office of Readiness and Response, Office of Strategic Partnerships & Technology Innovation, Center for Devices and Radiological Health

Phil Englert

VP, Medical Device Security, Health-ISAC

Latest Cyber Expectations for Medical Devices

That briefing will be followed by discussion with our esteemed panel of experts, including Phil Englert, vice president of medical devices security at the Heath Information Sharing and Analysis Center.


This session will explore:

  • How the FDA is vetting cybersecurity of new medical device pre-market submissions,
  • How these new regulatory developments are affect device makers and healthcare entities
  • Other emerging cyber threats and challenges involving medical devices

 

Aftin Ross, Deputy Director, Office of Readiness and Response, Office of Strategic

Partnerships & Technology Innovation, Center for Devices and Radiological Health

Phil Englert, VP,  Medical Device Security, Health-ISAC

Melanie Fontes Rainer

Director, Department of Health and Human Services' Office for Civil Rights

Essential Considerations for HIPAA Compliance and Data Protection: Expert Advice From Director Fontes Rainer

In this exclusive session, attendees will:

  • Gain insight into the latest HHS OCR guidance materials that cover topics such as the use of online tracking technologies and HIPAA considerations;
  • Stay informed about the agency’s HIPAA rulemaking activities and gain an understanding of their enforcement priorities;
  • Discover critical considerations that are essential for HIPAA-covered entities and business associates to ensure compliance and protect sensitive health information.

Melanie Fontes Rainer, Director, Department of Health and Human Services’ Office

for Civil Rights

Cory Brennan

Associate Senior Counsel of Technology & Commercial Transactions, Johns Hopkins Medicine

Aaron Weismann

CISO, Main Line Health

David Hoffman

Assistant Professor of Bioethics, Columbia University

AI in Healthcare: Addressing Bias and Security Risks

However, as AI algorithms increasingly influence medical decision-making, concerns about bias and discrimination have become increasingly apparent. These biases can arise from inherent issues in AI datasets, algorithmic design, and implementation, potentially perpetuating disparities in healthcare delivery and outcomes.


This session will delve into the ethical, legal, and security implications of healthcare discrimination facilitated by AI, including the erosion of trust, patient harm, and legal challenges. We will explore how AI’s blind spots can inadvertently reinforce existing biases and how representative datasets can help mitigate these challenges.


Join us to examine the following key areas:


Biases in AI Datasets: Understand how biases in training data can lead to unequal healthcare outcomes and discuss the importance of using diverse and representative datasets.
Algorithmic Design, Implementation, and Security: Analyze how design choices and system vulnerabilities can influence the fairness and safety of AI applications.
• Mitigation and Protection Strategies: Discuss effective strategies to mitigate bias in AI healthcare applications, emphasizing the need for ongoing oversight, ethical standards, and robust security measures to ensure equitable and ethical use of AI in healthcare.

Cory Brennan,  Associate Senior Counsel of Technology & Commercial Transactions,

Johns Hopkins Medicine 

Aaron Weismann, CISO, Main Line Health 

David Hoffman, Assistant Professor of Bioethics, Columbia University 

Closing Comments

Sponsors

Register

RSVP here to attend our events. You can select for multiple or individual tickets. 

NOTE:  All requests to attend will be reviewed by event staff and approved based on professional qualifications and event capacity.

The Summit Experience

CPE Credits

Our Summits offer Continuing Education Credits. Learn informative and engaging content created specifically for security professionals.

Upcoming ISMG Events

December 3, 2024

Securing Multi-Cloud: Faster, Integrated with Greater Visibility

December 10, 2024

Transformez vos Opérations avec l'IA Générative Avancée d'Elastic et Google Cloud Paris

December 5, 2024

Virtual IoT/OT Summit

February 11-12, 2025

Virtual Summit: Cybersecurity Implications of AI

december 12, 2024

Revolutionizing AppSec with Multi-AI Agent Approach

Upcoming ISMG Events

December 3, 2024

Securing Multi-Cloud: Faster, Integrated with Greater Visibility

December 5, 2024

Virtual IoT/OT Summit

December 10, 2024

Transformez vos Opérations avec l'IA Générative Avancée d'Elastic et Google Cloud Paris