Healthcare Summit
Hybrid Summit July 12 - 13, 2022
ISMG's 2022 Healthcare Security Summit will address the top threats, risks and security needs facing the healthcare sector, including the most critical cybersecurity challenges and lessons emerging from the global pandemic. Join more than 400 attendees and subject matter experts to learn more about strategies and tactics to defend against and respond to ransomware and other disruptive cyberattacks; bolster medical device security; prevent and detect privacy breaches; tackle identity and access issues; address telehealth challenges, and manage other leading cybersecurity concerns. Besides an opportunity to interact with peers and top industry experts, the event will also provide an avenue to stay abreast of pertinent health data security and privacy regulatory developments and related issues.
ISMG's agendas provide actionable education and exclusive networking opportunities with your peers and our subject matter expert speakers.
Christopher Frenz
AVP of IT Security
Mount Sinai South Nassau
Frenz currently serves as the assistant vice president of information security at Mount Sinai South Nassau, where he develops the hospital's information security program and infrastructure. Under his leadership, the hospital has been one of the first in the country...
Omar Khawaja
CISO
Highmark Health
Anna Delaney
Director of Productions
ISMG
Michael McNeill
Global CISO
McKesson
Gorka Sadowski
Former Gartner analyst and Chief Strategy Officer
Exabeam
Gorka is Chief Strategy Officer at Exabeam. In his role, he assists the executive team and functional leaders across the company with developing, communicating, executing and sustaining corporate strategic initiatives. Gorka has spent the last 30 years in security with...
Errol Weiss
CSO
H-ISAC
Sharat Chander
Director of Java Product Management
Oracle
Anahi Santiago
CISO
ChristianaCare
Ian Farquhar
Field CTO
Gigamon
Ian has worked in IT security for 30 years. At Gigamon he is Field CTO (Global), and also leads the Security Architecture Team. The SAT assists customers worldwide in high complexity security designs and operational capabilities, including incident response and...
James Blake
Field CTO EMEA, Security
Rubrik
With over three decades of operational experience, James Blake is the Field CTO for Security for Rubrik where he assists customers in designing & delivering transformation programs around their cyber resiliency capabilities. James was formerly the Advisory CISO for ServiceNow,...
Rob Suarez
CISO
Becton Dickinson
Rob Suárez is a cybersecurity and privacy professional in the medical device and healthcare IT industry. At BD, Rob serves as Chief Information Security Officer and oversees cybersecurity across the company’s enterprise, IT and manufacturing systems. Rob currently chairs the...
Flavio Aggio
CISO
World Health Organisation
Tom Field
Senior Vice President of Editorial
ISMG
Thad Phillips
CISO
Baptist health
Meredith Harper
VP, CISO
Eli Lilly and Company
Cris Ewell
CISO
UW Medicine
As an executive information security leader, I have gained years of experience developing and executing IS and risk management strategies to help organizations achieve new levels of growth and success. Through a deep understanding of both short- and long-term security...
View Agenda
Addressing Cyber Attacks During a Global Pandemic
Flavio Aggio, CISO, World Health Organisation

COVID-19 Cybersecurity attacks: Cybersecurity technologies to identify, protect, detect, respond and recover are extremely important, but not sufficient. HumanOS upgrade is required to safely use the Internet and it is not only about training and awareness. It is about the way users must behave online and the IT community must openly acknowledge system vulnerabilities. Humans are the weakest and strongest links in Cybersecurity.

Flavio Aggio
  • 09:10 AM
  • 09:39 AM
Zero Trust and the Dangers of the Implicit Trust
Ian Farquhar, Field CTO, Gigamon

The tenets of zero trust are well defined in NIST SP 800-207, but have many architects truly taken them on-board? Are we exhibiting a familiarity bias: over-trusting certain mechanisms and failing to properly ascertain their trustability, as we are required to?  Are we ignoring others, which provide useful evidence of trustability?  Are we looking too much at the actual network we are trying to protect, and disregarding unmanaged devices, IoT/OT/ICS, BYOD?  Is EDR, as is mandated by EO M-22-01, the right approach, or an initial step on the road?  How do we expect our adversaries to behave, and how do we counter that threat in the way we architect our zero trust environments?

Ian Farquhar
  • 09:45 AM
  • 10:14 AM
Cybersecurity Leadership for the Post-Pandemic
Meredith Harper, VP, CISO, Eli Lilly and Company

Has there ever been a more challenging time to be CISO of a major global pharmaceutical enterprise? Meredith Harper, VP and CISO of Eli Lilly and Company, discusses how the organization has responded to COVID-19 and the new workplace. She also shares plans for:

  • Cloud transformation
  • Zero trust
  • Building a diverse workforce
     
Meredith Harper
  • 10:20 AM
  • 10:49 AM
IT Leader’s Guide for Modern Application Development in Healthcare
Sharat Chander, Director of Java Product Management , Oracle

The need for agility has never been more important as healthcare organizations revise their processes and applications at an unprecedented pace, and that, in turn, has underscored the need for business-critical application performance, stability and security. As IT leaders guide their teams through ongoing business transformation demands to meet business needs and customer expectations, it is critical to examine how the essential applications are managed and how risk is calculated to drive improvement. Join Sharat Chander, Senior Director of Java Product Management at Oracle, for an insightful discussion to learn how to modernize Java applications while mitigating risk.

Sharat Chander
  • 10:55 AM
  • 11:09 AM
Exhibit & Networking Break
  • 11:10 AM
  • 11:24 AM
Cyber Resiliency: Achievable Goal or Flight-of-Fancy?
James Blake, Field CTO EMEA, Security, Rubrik

Most organisation’s IT infrastructures remain fragile to cyber attacks, especially the current scourge of ransomware operators sweeping across all verticals and all countries across the globe.  Becoming cyber resilient to these kinds of attack is an emergent property, not a collection of products you can buy.  In this session James will discuss those emergent properties and how he has seen organisations best achieve them using best-practice frameworks and solid engineering principles.

James Blake
  • 11:25 AM
  • 11:54 AM
First Responders and the Response to Cybersecurity Concerns
Cris Ewell, CISO, UW Medicine

Washington State was the first U.S. epicenter of the COVID-19 pandemic, and as CISO of UW Medicine Cris Ewell was supporting the first responders. How is his security organization most different today than it was a year ago? Hear his approach to:

  • Work from anywhere
  • Supply chain risk
  • Medical device security
Cris Ewell
  • 12:00 PM
  • 12:29 PM
Lunch
  • 12:30 PM
  • 01:14 PM
Why SOCs Fail
Gorka Sadowski, Former Gartner analyst and Chief Strategy Officer, Exabeam

Millions of dollars are spent annually to set up SOCs in the healthcare industry and yet, in just the last two years alone, 89% of healthcare organizations have experienced a data breach. Why are SOCs failing? Listen as ISMG’s Tom Field interviews Exabeam’s Chief Strategy Officer Gorka Sadowski to learn more about why SOCs always fail when built under the current operating model. And what to do to make SOCs successful using a simple maturity model based on outcomes and use cases.  

Gorka Sadowski
  • 01:15 PM
  • 01:44 PM
Building a Business-Focused, Customer-Centric Security Program: A Case Study
Omar Khawaja, CISO, Highmark Health


Omar Khawaja, CISO of Highmark Health, describes his organization’s journey to enhance its security program while serving the needs of the business and providing internal customers with ease-of-use.

In this exclusive interview Khawaja will discuss:

  • How security programs must serve the business;
  • The goals of a business-centric security program;
  • How security leaders must avoid saying “no,” and instead demonstrate “here’s how”;
  • Treating the business like a paying client.
Omar Khawaja
  • 01:50 PM
  • 02:19 PM
Defending Against the Surge in Healthcare Cyberattacks During the COVID Crisis
Anahi Santiago, CISO, ChristianaCare

Not only are cybercriminals installing ransomware to encrypt data and freeze up systems, some attacks have evolved with the exfiltration of sensitive patient data and double extortion schemes. In some cases, backup systems are being hit as well, hampering recovery efforts from these attacks. But what are the critical steps and latest  strategies that healthcare sector entities can take to prevent falling victim to these highly disruptive and dangerous attacks, especially as they escalate during the COVID-19 pandemic?

Anahi Santiago
  • 02:25 PM
  • 02:54 PM
Exhibits & Networking Break
  • 02:55 PM
  • 03:09 PM
Digital Supply Chain Security: It’s a Matter of Trust
Michael McNeill, Global CISO , McKesson

After the SolarWinds attack, how can an entity ever trust that any vendor’s security incident won’t become their own next crisis? Healthcare sector entities in particular deal with a complex digital supply chain that range from critical IT vendors to suppliers of life-saving network-connected patient gear, and all the other players – known and maybe unknown – in-between. Our panel will discuss:

  • Digital supply chain challenges spotlighted during COVID-19;
  • Healthcare sector lessons emerging from the SolarWinds and other major vendor attacks;
  • Lessons from the Urgent/11 IPnet vulnerabilities;
  • Cloud vendors and change management issues; 
  • Vetting and trusting third-parties – including their software patches.
Michael McNeill
  • 03:10 PM
  • 03:39 PM
Medical Device Cybersecurity: The Latest Challenges
Rob Suarez, CISO, Becton Dickinson

What’s the status of FDA’s latest guidance and other efforts to help strengthen the cybersecurity of medical devices – especially amid the surge in COVID-19 remote patient monitoring and shortages of certain critical medical equipment? How are medical device makers implementing better security controls and best practices, and what are healthcare delivery organizations doing to keep their patients and data safe from the latest threats facing devices? Our panel will discuss these issues, plus:

  • The ongoing challenges involving legacy devices issues and outdated third-party software;
  • Vulnerability disclosures and patching;
  • Third-party components and a “Cybersecurity Bill of Materials”;
  • What the SolarWinds attack and connected medical devices have in common.
Rob Suarez
  • 03:45 PM
  • 04:14 PM
Day 2 Agenda

All content from Day 1 will be available on demand from 9 AM - 5 PM ET on Day 2, Wednesday, July 13th. Don’t miss the chance to log-in and consume any content you may not have had the chance to see at your own convenience.

  • 09:00 AM
  • 04:59 PM

ISMG's 2022 Healthcare Security Summit will address the top threats, risks and security needs facing the healthcare sector, including the most critical cybersecurity challenges and lessons emerging from the global pandemic. Join more than 400 attendees and subject matter experts to learn more about strategies and tactics to defend against and respond to ransomware and other disruptive cyberattacks; bolster medical device security; prevent and detect privacy breaches; tackle identity and access issues; address telehealth challenges, and manage other leading cybersecurity concerns. Besides an opportunity to interact with peers and top industry experts, the event will also provide an avenue to stay abreast of pertinent health data security and privacy regulatory developments and related issues.
ISMG's agendas provide actionable education and exclusive networking opportunities with your peers and our subject matter expert speakers.

Christopher Frenz
AVP of IT Security
Mount Sinai South Nassau
Frenz currently serves as the assistant vice president of information security at Mount Sinai South Nassau, where he develops the hospital's information security program and infrastructure. Under his leadership, the hospital has been one of the first in the country...
Omar Khawaja
CISO
Highmark Health
Anna Delaney
Director of Productions
ISMG
Michael McNeill
Global CISO
McKesson
Gorka Sadowski
Former Gartner analyst and Chief Strategy Officer
Exabeam
Gorka is Chief Strategy Officer at Exabeam. In his role, he assists the executive team and functional leaders across the company with developing, communicating, executing and sustaining corporate strategic initiatives. Gorka has spent the last 30 years in security with...
Errol Weiss
CSO
H-ISAC
Sharat Chander
Director of Java Product Management
Oracle
Anahi Santiago
CISO
ChristianaCare
Ian Farquhar
Field CTO
Gigamon
Ian has worked in IT security for 30 years. At Gigamon he is Field CTO (Global), and also leads the Security Architecture Team. The SAT assists customers worldwide in high complexity security designs and operational capabilities, including incident response and...
James Blake
Field CTO EMEA, Security
Rubrik
With over three decades of operational experience, James Blake is the Field CTO for Security for Rubrik where he assists customers in designing & delivering transformation programs around their cyber resiliency capabilities. James was formerly the Advisory CISO for ServiceNow,...
Rob Suarez
CISO
Becton Dickinson
Rob Suárez is a cybersecurity and privacy professional in the medical device and healthcare IT industry. At BD, Rob serves as Chief Information Security Officer and oversees cybersecurity across the company’s enterprise, IT and manufacturing systems. Rob currently chairs the...
Flavio Aggio
CISO
World Health Organisation
Tom Field
Senior Vice President of Editorial
ISMG
Thad Phillips
CISO
Baptist health
Meredith Harper
VP, CISO
Eli Lilly and Company
Cris Ewell
CISO
UW Medicine
As an executive information security leader, I have gained years of experience developing and executing IS and risk management strategies to help organizations achieve new levels of growth and success. Through a deep understanding of both short- and long-term security...

View Agenda
Addressing Cyber Attacks During a Global Pandemic
Flavio Aggio, CISO, World Health Organisation

COVID-19 Cybersecurity attacks: Cybersecurity technologies to identify, protect, detect, respond and recover are extremely important, but not sufficient. HumanOS upgrade is required to safely use the Internet and it is not only about training and awareness. It is about the way users must behave online and the IT community must openly acknowledge system vulnerabilities. Humans are the weakest and strongest links in Cybersecurity.

Flavio Aggio
  • 09:10 AM
  • 09:39 AM
Zero Trust and the Dangers of the Implicit Trust
Ian Farquhar, Field CTO, Gigamon

The tenets of zero trust are well defined in NIST SP 800-207, but have many architects truly taken them on-board? Are we exhibiting a familiarity bias: over-trusting certain mechanisms and failing to properly ascertain their trustability, as we are required to?  Are we ignoring others, which provide useful evidence of trustability?  Are we looking too much at the actual network we are trying to protect, and disregarding unmanaged devices, IoT/OT/ICS, BYOD?  Is EDR, as is mandated by EO M-22-01, the right approach, or an initial step on the road?  How do we expect our adversaries to behave, and how do we counter that threat in the way we architect our zero trust environments?

Ian Farquhar
  • 09:45 AM
  • 10:14 AM
Cybersecurity Leadership for the Post-Pandemic
Meredith Harper, VP, CISO, Eli Lilly and Company

Has there ever been a more challenging time to be CISO of a major global pharmaceutical enterprise? Meredith Harper, VP and CISO of Eli Lilly and Company, discusses how the organization has responded to COVID-19 and the new workplace. She also shares plans for:

  • Cloud transformation
  • Zero trust
  • Building a diverse workforce
     
Meredith Harper
  • 10:20 AM
  • 10:49 AM
IT Leader’s Guide for Modern Application Development in Healthcare
Sharat Chander, Director of Java Product Management , Oracle

The need for agility has never been more important as healthcare organizations revise their processes and applications at an unprecedented pace, and that, in turn, has underscored the need for business-critical application performance, stability and security. As IT leaders guide their teams through ongoing business transformation demands to meet business needs and customer expectations, it is critical to examine how the essential applications are managed and how risk is calculated to drive improvement. Join Sharat Chander, Senior Director of Java Product Management at Oracle, for an insightful discussion to learn how to modernize Java applications while mitigating risk.

Sharat Chander
  • 10:55 AM
  • 11:09 AM
Exhibit & Networking Break
  • 11:10 AM
  • 11:24 AM
Cyber Resiliency: Achievable Goal or Flight-of-Fancy?
James Blake, Field CTO EMEA, Security, Rubrik

Most organisation’s IT infrastructures remain fragile to cyber attacks, especially the current scourge of ransomware operators sweeping across all verticals and all countries across the globe.  Becoming cyber resilient to these kinds of attack is an emergent property, not a collection of products you can buy.  In this session James will discuss those emergent properties and how he has seen organisations best achieve them using best-practice frameworks and solid engineering principles.

James Blake
  • 11:25 AM
  • 11:54 AM
First Responders and the Response to Cybersecurity Concerns
Cris Ewell, CISO, UW Medicine

Washington State was the first U.S. epicenter of the COVID-19 pandemic, and as CISO of UW Medicine Cris Ewell was supporting the first responders. How is his security organization most different today than it was a year ago? Hear his approach to:

  • Work from anywhere
  • Supply chain risk
  • Medical device security
Cris Ewell
  • 12:00 PM
  • 12:29 PM
Lunch
  • 12:30 PM
  • 01:14 PM
Why SOCs Fail
Gorka Sadowski, Former Gartner analyst and Chief Strategy Officer, Exabeam

Millions of dollars are spent annually to set up SOCs in the healthcare industry and yet, in just the last two years alone, 89% of healthcare organizations have experienced a data breach. Why are SOCs failing? Listen as ISMG’s Tom Field interviews Exabeam’s Chief Strategy Officer Gorka Sadowski to learn more about why SOCs always fail when built under the current operating model. And what to do to make SOCs successful using a simple maturity model based on outcomes and use cases.  

Gorka Sadowski
  • 01:15 PM
  • 01:44 PM
Building a Business-Focused, Customer-Centric Security Program: A Case Study
Omar Khawaja, CISO, Highmark Health


Omar Khawaja, CISO of Highmark Health, describes his organization’s journey to enhance its security program while serving the needs of the business and providing internal customers with ease-of-use.

In this exclusive interview Khawaja will discuss:

  • How security programs must serve the business;
  • The goals of a business-centric security program;
  • How security leaders must avoid saying “no,” and instead demonstrate “here’s how”;
  • Treating the business like a paying client.
Omar Khawaja
  • 01:50 PM
  • 02:19 PM
Defending Against the Surge in Healthcare Cyberattacks During the COVID Crisis
Anahi Santiago, CISO, ChristianaCare

Not only are cybercriminals installing ransomware to encrypt data and freeze up systems, some attacks have evolved with the exfiltration of sensitive patient data and double extortion schemes. In some cases, backup systems are being hit as well, hampering recovery efforts from these attacks. But what are the critical steps and latest  strategies that healthcare sector entities can take to prevent falling victim to these highly disruptive and dangerous attacks, especially as they escalate during the COVID-19 pandemic?

Anahi Santiago
  • 02:25 PM
  • 02:54 PM
Exhibits & Networking Break
  • 02:55 PM
  • 03:09 PM
Digital Supply Chain Security: It’s a Matter of Trust
Michael McNeill, Global CISO , McKesson

After the SolarWinds attack, how can an entity ever trust that any vendor’s security incident won’t become their own next crisis? Healthcare sector entities in particular deal with a complex digital supply chain that range from critical IT vendors to suppliers of life-saving network-connected patient gear, and all the other players – known and maybe unknown – in-between. Our panel will discuss:

  • Digital supply chain challenges spotlighted during COVID-19;
  • Healthcare sector lessons emerging from the SolarWinds and other major vendor attacks;
  • Lessons from the Urgent/11 IPnet vulnerabilities;
  • Cloud vendors and change management issues; 
  • Vetting and trusting third-parties – including their software patches.
Michael McNeill
  • 03:10 PM
  • 03:39 PM
Medical Device Cybersecurity: The Latest Challenges
Rob Suarez, CISO, Becton Dickinson

What’s the status of FDA’s latest guidance and other efforts to help strengthen the cybersecurity of medical devices – especially amid the surge in COVID-19 remote patient monitoring and shortages of certain critical medical equipment? How are medical device makers implementing better security controls and best practices, and what are healthcare delivery organizations doing to keep their patients and data safe from the latest threats facing devices? Our panel will discuss these issues, plus:

  • The ongoing challenges involving legacy devices issues and outdated third-party software;
  • Vulnerability disclosures and patching;
  • Third-party components and a “Cybersecurity Bill of Materials”;
  • What the SolarWinds attack and connected medical devices have in common.
Rob Suarez
  • 03:45 PM
  • 04:14 PM
Day 2 Agenda

All content from Day 1 will be available on demand from 9 AM - 5 PM ET on Day 2, Wednesday, July 13th. Don’t miss the chance to log-in and consume any content you may not have had the chance to see at your own convenience.

  • 09:00 AM
  • 04:59 PM

Speaker Interviews

July 12 - 13, 2022

Healthcare Summit