Healthcare Security Summit ISMG%%sep%%Events ismg.events

July 18, 2023

Healthcare Security Summit

9:00 AM ET - 4:00 PM ET

In-person event

Event Overview

ISMG Summits feature carefully curated agendas, a keynote address from an industry luminary, case-based learning, networking and more. The summits are geo-targeted, industry-specific and topic-driven events designed for security leaders.

ISMG’s agendas provide actionable education and exclusive networking opportunities with your peers and our subject matter expert speakers.

Venue

Convene

151 West 42nd Street, New York, NY 10036

Topic Highlights

CISA’s Vital Role in Safeguarding Healthcare Infrastructure
Generative AI in Cyber Healthcare
Essential Considerations for HIPAA Compliance and Data Protection
Updates and Enhancements to the HICP Guide

Nitin Natarajan

Deputy Director, CISA

Michael DeNicola

Supervisory Special Agent, FBI

John Frushour

Vice President, & CISO, NewYork-Presbyterian Hospital

Oren J Falcowitz

Security Officer, Cloudflare

Melanie Fontes Rainer

Director, HHS

Suzanne Schwartz

Director for Strategic Partnerships & Technology Innovation at the Center for Devices and Radiological Health, FDA

Phil Englert

VP Medical Device Security, H-ISAC

Romanus Prabhu Raymond

Director of Product Support, ManageEngine

Peter Halprin

Partner, Pasich LLP

Anahi Santiago

CISO, ChristianaCare

Greg Garcia

Executive Director, Health Sector Coordinating Council

David Holtzman

Principal, HITPrivacy LLC

Rocco Grillo

Managing Director, Alvarez & Marsal

Theresa Lanowitz

Head of Cybersecurity Evangelism, AT&T Business

John Fahey

Cybersecurity Specialist, Infoblox

Priscilla Sandberg

Director Healthcare Strategy, Pure Storage

Speakers

Thought Leaders Leading Deep-Dive Discussions on Stage

ISMG Summits bring the foremost thought leaders and educators in the security space to the stage, at interactive workshops and networking events. Learn from the who’s who in the cybersecurity industry, passionate about the latest tools and technology to defend against threats.

Agenda

You can now view or download a PDF version of the attendee guide.

Registration and Breakfast

Nitin Natarajan

Deputy Director, CISA

Collaborative Cybersecurity Solutions: CISA's Vital Role in Safeguarding Healthcare Infrastructure

Join Nitin Natarajan, deputy director of the Department of Homeland Security's Cybersecurity Infrastructure and Security Agency (CISA), as he presents an insightful exploration of the healthcare sector's cybersecurity challenges.

Through this interactive fireside chat, attendees will have the opportunity to delve deeper into ways to building effective partnerships to enhance cyberthreat information sharing, leverage CISA’s expertise to bolster incident response and recovery capabilities, and discuss CISA’s role in supporting the healthcare sector.

Key Discussion Points:

CISA’s collaborative approach: Overview of CISA’s initiatives and resources available to healthcare organizations;
Strengthening cyber resilience: Empowering entities to combat modern cybersecurity challenges;
Enhancing cybersecurity education and awareness across healthcare entities;
Future-proofing cyber planning: Developing a comprehensive understanding of the evolving cyberthreat landscape;
Addressing regulatory and compliance requirements while strengthening cybersecurity posture.

Attendees will leave this session equipped with actionable insights and practical strategies to fortify their cybersecurity defenses, effectively leverage CISA’s support, and adapt their cyber planning to address the ever-changing healthcare landscape. Don’t miss the opportunity to gain a comprehensive understanding of the healthcare cyberthreat landscape and discover innovative approaches to protect patient data and critical infrastructure.

Nitin Natarajan, Deputy Director, CISA

Priscilla Sandberg

Director Healthcare Strategy, Pure Storage

Emerging Cybersecurity Insights and Trends From a Data Storage Perspective

Cybersecurity risks pertaining to the healthcare sector continue to grow in frequency and impact to organizations, threatening patient care. With limited capital and resources, organizations need to make informed investment decisions that maximize the protection from the impact of cybersecurity events.

Perspectives from a healthcare data storage solution partner will help offer fresh insights and trends as emerging best practices. Leveraging your existing investment in data storage solutions can provide real value to cybersecurity protection, detection, response and recovery.

Topics will include:

Tiered resiliency architecture;
Rapid ransomware recovery;
Emerging examples of the cybersecurity mesh architecture, CSMA;
Modern backup solutions for healthcare;
Rapid availability of production data for investigators.

Priscilla Sandberg, Director Healthcare Strategy, Pure Storage

Theresa Lanowitz

Head of Cybersecurity Evangelism, AT&T Business

The Healthcare Edge Ecosystem: Breaking Down Silos Toward a Secure Future

Edge computing is a collaborative endeavor that requires organizations to break down silos and fosters a healthy working relationships among all stakeholders.

Based on new research, Theresa Lanowitz explains how these new relationships drive innovation focused on patient or business requirements, increase resilience, and improve security. She will share the business drivers for edge use cases and how organizations are shifting budgets to support and secure these initiatives.

Theresa Lanowitz, Head of Cybersecurity Evangelism, AT&T Business

John Frushour

Vice President, & CISO, NewYork-Presbyterian Hospital

Anahi Sanitago

CISO, ChristianaCare

Unleashing Generative AI in Cyber Healthcare: A Double-Edged Sword

This panel of CISOs will engage in a discussion regarding the consequences of generative AI in the healthcare industry, exploring its influence on cybersecurity in light of emerging clinical and business applications.

The discussion will delve into the following aspects:

Where generative AI is being used in healthcare now, and which AI tool is the most promising, looking ahead?
What are the cybersecurity and privacy threats and risks involving these generative AI use cases in healthcare?
How can generative AI be used to improve cybersecurity and privacy in healthcare?

John Frushour, VP and CISO, NewYork-Presbyterian Hospital

Anahi Santiago, CISO, ChristianaCare

Networking and Exhibition Break

John Fahey

Cybersecurity Specialist, Infoblox

Reducing Cyber Risk in Healthcare

John Fahey from Infoblox will discuss ways to detect threats in healthcare networks early in the kill chain, protect standard and nonstandard devices such as OT/IoT anywhere, and improve SecOps efficiency with unparalleled visibility and automation.

John Fahey, Cybersecurity Specialist, Infoblox

Melanie Fontes Rainer

Director, Department of Health and Human Services' Office for Civil Rights

Essential Considerations for HIPAA Compliance and Data Protection: Expert Advice From Director Fontes Rainer

Office for Civil Rights and the country's top HIPAA enforcer and regulator, as she delivers a comprehensive update on the latest developments in HIPAA security, privacy and breach notification rulemaking.

In this exclusive session, attendees will:

Gain insight into the latest HHS OCR guidance materials that cover topics such as the use of online tracking technologies and HIPAA considerations;
Stay informed about the agency’s HIPAA rulemaking activities and gain an understanding of their enforcement priorities;
Discover critical considerations that are essential for HIPAA-covered entities and business associates to ensure compliance and protect sensitive health information.

Melanie Fontes Rainer, Director, Department of Health and Human Services’ Office for Civil Rights

Romanus Prabhu Raymond

Director of Product Support, ManageEngine

Vaccine for Cyber Risk Syndrome: The UEM Approach

Due to the widespread adoption of cloud solutions and remote work in the wake of the COVID-19 pandemic, the attack surfaces of most organizations have widened. To counter this, organizations today need to implement the right cybersecurity strategies for endpoints.

The session will cover:

Business-focused security and employee-friendly practices with unified endpoint management;
The right response and recovery strategy for endpoints to enhance cybersecurity;
A practical approach to protect the endpoints for secure user access.

Romanus Prabhu Raymond, Director of Product Support, ManageEngine

Solutions Showcase

11:30 am – 12:30 pM ET

Rob Knoblauch

Deputy CISO and VP Global Security Services , Scotiabank

Provider 1

Solutions Showcase: Gain insight into leading security trends and technology from cutting-edge solution providers. Walk away with practical solutions to apply in your place of work

11:30 am – 12:30 pM ET

Rob Knoblauch

Deputy CISO and VP Global Security Services , Scotiabank

Provider 2

Solutions Showcase: Gain insight into leading security trends and technology from cutting-edge solution providers. Walk away with practical solutions to apply in your place of work

11:30 am – 12:30 pM ET

Rob Knoblauch

Deputy CISO and VP Global Security Services , Scotiabank

Provider 3

Solutions Showcase: Gain insight into leading security trends and technology from cutting-edge solution providers. Walk away with practical solutions to apply in your place of work

Lunch and Exhibition Break

Michael DeNicola

Supervisory Special Agent, FBI

The Shape Shifters: The Rise and Reinvention of Business Email Compromise Attacks

The Solution Room is a highly engaging and interactive conference session, aimed at providing cybersecurity leaders with peer-to-peer support and subject matter expertise to tackle their most pressing challenges.

To enhance your learning experience, we invite you to join one of the ten tables for this collaborative session co-moderated by a CyberEdBoard member and an esteemed security leader.

Tom Field, senior vice president of Editorial at ISMG, will kick off the session with a fictitious security scenario. Each group will receive identical sets of questions and work collaboratively to find the answers. As the exercise progresses, new information will be revealed, adding unexpected twists and turns to the scenario. Through this dynamic approach, participants will be challenged to apply critical thinking and work as a cohesive team to effectively respond to the evolving situation. Our goal is to provide a stimulating and engaging learning experience that equips you with the skills and knowledge needed to handle real-world security scenarios.

Michael DeNicola, Supervisory Special Agent, The FBI New York Office, Cyber Branch

Rocco Grillo

Managing Director, Alvarez & Marsal

Peter Halprin

Partner, Pasich LLP

Anahi Santiago

CISO, ChristianaCare

John Frushour

Vice President, & CISO, NewYork-Presbyterian Hospital

Anatomy of a Business Email Compromise Attack and Their Mutations (and Why They Continue to Be Successful Today)

The Solution Room is a highly engaging and interactive conference session that aims to provide cybersecurity leaders with peer-to-peer support and subject matter expertise to tackle their most pressing challenges.

Through a combination of small group discussions, expert attendees will work through the life cycle of a business email compromise, BEC, attack.

What does participation in the Solution Room look like?

To enhance your learning experience, we invite you to join one of the ten tables for this collaborative session. Tom Field, senior vice president of Editorial at ISMG, will kick off the session with a fictitious BEC scenario. Each group will receive identical sets of questions and work collaboratively to find the answers. As the exercise progresses, new information will be revealed, adding unexpected twists and turns to the scenario. Through this dynamic approach, participants will be challenged to apply critical thinking and work as a cohesive team to effectively respond to the evolving situation. Our goal is to provide a stimulating and engaging learning experience that equips you with the skills and knowledge needed to handle real-world BEC scenarios.

Rocco Grillo, Managing Director, Alvarez & Marsal

Peter Halprin, Partner, Pasich LLP

Anahi Santiago, CISO, ChristianaCare

John Frushour, CISO, NewYork Presbyterian Hospital

Networking and Exhibition Break

Phillip Englert

VP Medical Devices Security, Health ISAC Inc

Suzanne Schwartz

Director for Strategic Partnerships & Technology Innovation at the Center for Devices and Radiological Health, FDA

Medical Device Cybersecurity: Essential Regulatory Updates and Developments

Delve into the forefront of medical device security in this session featuring Dr. Suzanne Schwartz, director of the office of strategic partnerships and technology innovation at the FDA, as she provides a comprehensive update on the latest regulatory developments in medical device cybersecurity.

The briefing will be followed by a panel discussion with esteemed expert Phil Englert, vice president of medical devices security at the Health Information Sharing and Analysis Center. Together, they will explore the implications of the FDA’s enhanced authority and explore emerging threats and challenges facing the medical device industry.

Key Discussion Points:

Vetting Cybersecurity in Pre-Market Submissions: Attendees will gain insights into the FDA’s “refuse to accept” policy, set to take effect on October 1, and its impact on ensuring early consideration and mitigation of cybersecurity risks during the development phase.
Implications for Device Makers and Healthcare Entities: Understand the necessary adjustments required to meet the enhanced cybersecurity requirements and ensure patient safety.
Emerging Cyberthreats and Challenges: Insights and strategies to address these evolving risks, empowering attendees to proactively protect patient privacy and the integrity of medical devices.

Join us for this thought-provoking session, which aims to equip stakeholders with the knowledge and tools necessary to navigate the evolving landscape of medical device cybersecurity and safeguard the future of healthcare.

Phillip Englert, VP Medical Devices Security, Health ISAC Inc

Suzanne Schwartz, Director for Strategic Partnerships & Technology Innovation at the Center for Devices and Radiological Health, FDA

Oren J Falkowitz

Security Officer, Cloudflare

You’re Going to Need a Bigger Boat-the Reality of Phishing

Phishing is the biggest threat to the integrity of systems and data within organizations across the globe, and that threat is evolving. From the easy availability of phishing kits to phishing campaigns, phishing remains the most common way criminals break into an organization.

Oren J. Falkowitz lifts the lid on the recent evolution of sophisticated methods of phishing and the impact it is having, citing odd horror stories along the way. By analyzing some of these incidents, the workshop also provides techniques and methodologies to protect against these attacks, overviewing the role of your security incident response team and forecasting what future phishing attacks may present.

Oren J Falkowitz, Security Officer, Cloudflare

David Holtzman

Principal , HITPrivacy LLC

Enhancements to the HICP Guide: Safeguarding Healthcare Cybersecurity

Join renowned privacy attorney David Holtzman, along with a member of the HHS 405(d) Task Group, as they shed light on the crucial updates incorporated into the Health Industry Cybersecurity Practices (HICP) guide. The HICP 2023 Edition has undergone comprehensive revisions by esteemed professionals from the industry and government sectors.

It now encompasses the top 10 cybersecurity practices that are highly pertinent and cost-effective in mitigating the prevailing cybersecurity threats faced by the healthcare industry.

During this informative session, we will delve into the following crucial areas of focus:

Unveiling the New Topics and Changes: Discover the pivotal updates introduced in the HICP guide and understand why they hold immense importance for healthcare CISOs and their teams.
Navigating the Latest Cybersecurity Challenges: Discover practical strategies for implementing these practices to safeguard your organization’s sensitive data.
Achieving Regulatory Compliance and Avoiding Penalties: Gain a deeper understanding of how adherence to these practices can provide a safe harbour to protect your organization from regulatory fines and penalties in the event of a cybersecurity incident compromising health information.

We are grateful for the generous support of this presentation, made possible by a grant from the Cyber Trust Alliance.

David Holtzman, Principal, HITPrivacy LLC