Cybersecurity Summit: Healthcare | New York

Cybersecurity Summit: Healthcare, New York

11th Edition | OCtober 8, 2026

Hosted by Healthcare Info Security

Event Overview

ISMG Summits bring together global leaders in cybersecurity, risk management, information technology and digital trust for immersive, knowledge-sharing experiences. These events feature carefully curated agendas with thought-provoking keynotes, expert panel discussions and interactive workshops that address the most pressing challenges facing today’s security landscape – from threat intelligence and zero trust to AI governance, data protection and regulatory compliance.

Designed for senior executives and decision-makers across industries such as finance, healthcare, government and critical infrastructure, ISMG Summits provide valuable insights, practical strategies and opportunities for collaboration. Attendees gain actionable takeaways, forge meaningful connections and stay ahead in an ever-evolving digital threat environment.

Venue

Conrad New York Downtown

102 N End Avenue, New York, NY 10282

NOTE: All requests to attend will be reviewed by event staff and approved based on professional qualifications and event capacity.

2025 Speakers

Thought Leaders on Stage Leading Deep-Dive Discussions

ISMG Summits bring the foremost thought leaders and educators in the security space to the stage, interactive workshops and networking events. Learn from the “who’s who” in Cybersecurity passionate about the latest tools and technology to defend against threats

Rob Suarez

CISO, CareFirst BlueCross BlueShield

James Rutt

CIO/CISO, The Dana Foundation

Thurain Nyunt

CISO, New York State Department of Health

Donald Eckel

CISO, NJ Department of Health

Dr. Suzanne Schwartz

MD, MBA, Director, Office of Strategic Partnerships & Technology Innovation, Center for Devices & Radiological Health, FDA

Scott Gee

Deputy National Advisor for Cybersecurity & Risk, American Hospital Association

Bindu Sundaresan

Director, Cybersecurity, LevelBlue

Jigar Kadakia

CISO, GeneDX

Keynote Speaker

Dr. Suzanne Schwartz, MD.

MBA, Director, Office of Strategic Partnerships & Technology Innovation, Center for Devices & Radiological Health, FDA

Dr. Suzanne Schwartz, MD, MBA, is the director of the U.S. Food and Drug Administration’s Office of Strategic Partnerships and Innovation within the agency’s Center for Devices and Radiological Health, which among other responsibilities, is tasked with formulating the FDA’s medical device cybersecurity policy. She also has served as co-chair of the Government Coordinating Council for the healthcare and public health critical infrastructure sector.

Keynote Speaker

Moriah Hara

AI Risk & Security Expert, 3x CISO, Board Advisor, Author, CISSP, CISM, AWS Security, PCI QSA

Moriah is a 3x Fortune 500 Award Winning CISO at Wells Fargo Capital Markets,...

Interpublic Group and Bank of Montreal. She is a Board Advisor to several startups and a Cybersecurity Co-Author for the book, “The Perfect Scorecard: Getting An ‘A’ in Cybersecurity From Your Board Of Directors.”

She was named by Cybercrime Magazine as one of top 100 Fascinating Women Fighting Cyber, and has multiple, industry recognized security certifications such as the CISSP, CISM, CSSLP, PCI QSA and AWS Security and graduated from Harvard’s inaugural executive cybersecurity program.

Keynote Speaker

Hardik Mehta

Global Head of Risk and Regulatory Compliance, JPMorganChase

Security, Risk, and Compliance leader with 20+ years of global experience across Uber, Microsoft, and more. ..

Expert in building high-performing risk teams, aligning engineering and regulatory goals, and embedding risk into product development. Pioneered the world’s first cloud-native self-service compliance platform on Azure, automating 450+ controls with AI/ML. Skilled in FAIR, SOX, NIST, GDPR, and large-scale program delivery. Known for translating complex risk into actionable frameworks and driving cultural change across global teams.

2025 Agenda

Given the ever-evolving nature of cybersecurity, the agenda will be continually updated to feature the most timely and relevant sessions.

7:30 AM - 8:30 AM ET

Registration & Breakfast

8:30 am - 8:35 am et

Opening Comments

9:00 AM - 9:30 AM ET

Managing the Explosion of Health Data: Security Challenges and Strategies

The healthcare sector is experiencing an unprecedented increase in data generation, accounting for approximately 30% of the world's data volume.

Hospitals alone produce an average of 50 petabytes of data each year, encompassing electronic health records, medical imaging, genomic data and information from wearable devices. This rapid expansion presents significant security, privacy and compliance challenges for healthcare organizations. As the volume of health data continues to grow, projected to reach a 36% compound annual growth rate by the end of this year, it becomes imperative to implement robust strategies to manage and protect this sensitive information.

Key Takeaways:

Data Security Implications: Understanding the risks associated with large-scale health data storage, including potential breaches and unauthorized access.
Leveraging Advanced Technologies: Exploring the role of artificial intelligence and automation in organizing, analyzing and securing vast datasets without compromising patient privacy.
Regulatory Compliance: Navigating complex regulations governing health data, particularly concerning cloud storage solutions and hybrid environments.
Best Practices in Data Governance: Implementing effective data governance frameworks, including encryption, access controls and regular audits, to ensure data integrity and confidentiality.

9:30 AM - 10:00 AM ET

Securing Digital Identity in Healthcare

As deepfake-driven fraud, synthetic identities and credential compromise escalate, healthcare organizations face a growing crisis in identity security.

Unlike other industries, healthcare must balance fraud prevention with seamless access to time-sensitive medical care – a challenge that cybercriminals exploit. Attackers are leveraging AI-generated provider identities, hijacked patient records and compromised remote access credentials to infiltrate electronic health records (EHRs), insurance claims systems and telehealth platforms.

Traditional identity proofing and authentication methods are no longer sufficient in the face of AI-enabled adversaries. This session will explore how healthcare security leaders can implement cryptographic defenses, risk-based authentication and continuous identity verification to prevent unauthorized access while ensuring clinicians, patients and staff can securely navigate critical systems without friction.

This session will cover:

AI-Powered Identity Fraud in Healthcare: How attackers use deepfake-enhanced medical fraud, synthetic patient identities and stolen credentials to exploit healthcare identity systems.
Strengthening Identity Proofing and Authentication: The role of digitally signed credentials, biometric verification and risk-based identity scoring in stopping fraudulent access.
Beyond Passwords: Phishing-Resistant Authentication for Healthcare: Implementing passkeys, FIDO2 and adaptive MFA to secure EHRs, patient portals and remote provider logins.
Creating a Unified Identity Framework: How healthcare organizations can align with HHS-backed identity modernization efforts and build a federated approach to authentication across systems and vendors.

10:00 AM - 10:30 AM ET

The Cryptography Shift: Preventing Outages in the Era of Shorter Lifespans and Quantum Threats

Healthcare organizations operate in one of the most sensitive and high-stakes environments - where the integrity and availability of systems can literally be a matter of life and death.

As cryptographic standards evolve rapidly, the healthcare sector must prepare for three urgent shifts: the advent of post-quantum cryptography, the sharp reduction of certificate validity periods (now as short as 90 or even 47 days) and the growing complexity of crypto ecosystems across hybrid and cloud environments.

In this session, we’ll explore how these forces are converging to make manual crypto management untenable – and potentially dangerous. We’ll discuss how the healthcare sector must adopt automation to prevent outages in critical systems, ensure compliance and gain real-time visibility into cryptographic assets. Most importantly, we’ll cover how to begin your migration to post-quantum readiness today, even as standards and timelines evolve.

Join us to learn how you can transform crypto management from a reactive burden to a resilient, automated strategy – protecting patient care, privacy and trust.

10:30 AM - 10:40 AM ET

Cyber Resilience and Business Impact in Healthcare

Cybersecurity is a top priority for healthcare organizations.

Adversaries can strike through any number of endpoints, quishing attacks, or the software supply chain.

These risks play out daily in hospitals, doctor’s offices, and ambulances. Is your organization ready to defend and remediate cyber incidents? Is your incident response plan formalized?

This session explores newly released data from the 2025 LevelBlue Spotlight Report: Cyber Resilience and Business Impact.

Attend this session to learn:

How healthcare organizations are preparing for enhanced AI attack
Why managing the software supply chains is critical
How leading healthcare organizations innovate while managing and mitigating risk

10:40 AM - 11:05 AM ET

Networking Break

11:05 AM - 11:35 AM ET

Building Resilience and Ensuring Continuity Beyond the Breach

Healthcare security leaders know that it's not just about stopping cyberattacks - it's about ensuring hospitals, clinics and critical services can continue operating even when systems fail.

Yet, many healthcare organizations remain ill-prepared for cascading failures, supply chain disruptions and extended outages caused by third-party compromises. When an EHR system, cloud provider or medical device network goes down, the consequences extend far beyond data loss – patient care is on the line.

This session will take a tactical approach to cyber resilience in healthcare, focusing on how CISOs can build continuity plans that account for real-world dependencies and operational risks. Experts will share strategies to minimize downtime, strengthen third-party risk management and create redundancy across critical healthcare systems.

Key Takeaways:

Beyond Ransomware: Cyber Risks That Can Shut Down Healthcare: Addressing third-party outages, IT supply chain failures and cloud dependency risks that threaten care delivery.
Maintaining Continuity When EHRs and Critical Systems Go Down: Strategies for ensuring patient access to records, medication tracking and care coordination when digital systems are unavailable.
Third-Party and Supply Chain Resilience: How to mitigate vendor failures, reduce reliance on single points of failure and establish redundancy across key service providers.
Operationalizing Cyber Resilience Across Healthcare Teams: Strengthening collaboration between security, IT and clinical operations to prepare for disruptions before they happen.

11:40 AM - 11:50 AM ET

Third-Party Risk: Cybersecurity Challenges for Healthcare Organizations

Healthcare organizations face two critical challenges related to protecting patient data: strengthening internal cybersecurity and addressing the growing risk of data breaches among third-party vendors.

Verizon’s latest DBIR report found the share of data breaches involving third-party suppliers doubled in 2024. This session will explore the evolving third-party risk landscape in healthcare and provide actionable strategies to enhance vendor oversight and integrate third-party risk management into your overall cybersecurity program.

11:55 Am - 12:25 pm et

Silent Intrusions: How Modern Threats Are Rewriting the Rules of Healthcare Security

Healthcare organizations are facing a surge in sophisticated cyber threats targeting applications, APIs, and patient data.

Attackers are increasingly using AI-driven automation and advanced evasion techniques to bypass traditional defenses, with account takeover and business logic abuse becoming key tactics. This session delivers timely insights from Radware’s Cyber Threat Intelligence data, offering a focused look at how threat actors are adapting their methods to exploit healthcare-specific technologies. CISOs and security leaders will walk away with actionable strategies to strengthen defenses, protect critical services, and stay ahead of emerging attack trends.

Learning Objectives:

Gain insights from Radware’s Cyber Threat Intelligence data on emerging threats impacting healthcare organizations.
Understand how attackers are evolving account takeover techniques to bypass app-layer defenses and exploit identity systems.
Explore advanced business logic attack patterns that target healthcare workflows, APIs, and third-party integrations.
Identify and prioritize defense strategies to protect patient data, applications, and medical devices while ensuring operational continuity.

12:25 Pm - 12:55 Pm et

Securing Autonomy: An Identity Playbook for the Agentic Era

Your next "user" isn't human, it's an AI agent.

Agentic AI is poised to become your largest digital workforce, operating autonomously, and introducing unique challenges to traditional cybersecurity paradigms. The only way to deploy AI agents safely is to make identity the control plane, giving you the confidence to scale, enforce governance by design, and prove business value fast. Join us to hear a vendor-neutral blueprint, pragmatic guardrails, and best practices for safely implementing Agentic AI.

12:55 PM - 1:40 PM ET

Lunch

1:40 Pm - 2:10 Pm et

FDA: Latest Developments in Medical Device Cybersecurity

Dr. Suzanne Schwartz, Director of the Office of Strategic Partnerships and Technology Innovation at the FDA, will provides a comprehensive update on the latest regulatory developments in medical device cybersecurity.

Key Discussion Points:

Vetting Cybersecurity in Pre-Market Submissions: Attendees will gain insights into the FDA’s expectations for cybersecurity in pre-market medical device submissions to the agency, including what device maker should consider in mitigating cybersecurity risks during the development phase.

Implications for Device Makers and Healthcare Entities: Understand the necessary requirements to meet FDA’s enhanced cybersecurity expectations and ensure patient safety.

Emerging Cyber threats and Challenges: Insights and strategies to address these evolving risks and emerging AI-related issues to empower attendees to proactively protect patient safety, privacy and the integrity of medical devices.

2:10 PM - 2:40 PM ET

Navigating the Cloud Security Crisis: Building Lasting Resilience with a Cloud Native Security Fabric

In 2025, healthcare security leaders are under unprecedented pressure.

As adversaries refine tactics—using sophisticated, AI-driven attacks and exploiting third-party vulnerabilities—the traditional, reactive security model is no longer sufficient to secure a decentralized, multi-cloud threat landscape.

In this 30-minute session, we will demonstrate how to move beyond fragmented, siloed security to a unified, strategic fabric. Drawing on proven examples from within the healthcare sector, we will present a new point of view on cloud security. We will show how the Aviatrix Cloud Native Security Fabric (CNSF) provides a foundational network and security layer designed to build lasting resilience across your entire cloud footprint. You will learn how to:

Enforce Zero Trust: Implement a pervasive segmentation fabric to contain threats and secure critical PHI and workloads, mitigating third-party and supply chain risks.
Centralize Visibility: Gain a single, comprehensive view of all network traffic for faster, AI-driven threat detection and streamlined compliance auditing.
Accelerate Innovation: Automate secure network and security deployments, enabling your teams to accelerate the launch of new digital health services without compromising your security posture.

Discover how to take control of your cloud environment, transforming fragmented security into a unified, resilient, and compliant foundation for the future of healthcare.

2:40 PM - 3:40 PM ET

Fireside Chat: Rethinking Cybersecurity Budgets in Tight Times

Join Fortified's Russell Teague for a candid fireside chat on navigating cybersecurity when budgets are tight.

Drawing on peer insights from healthcare leaders, Russell shares lessons learned, low-cost strategies, and practical steps to protect patients and strengthen programs. Walk away with real-world ideas you can apply immediately.

4:00 PM - 4:10 PM ET

Go Hack Yourself: More War Stories from over 150,000 Pentests

Join Anthony "TonyP" Pillitiere, Co-Founder of Horizon3.ai, for an engaging session on "Offense-Driven Defense."

TonyP will challenge conventional risk assessment practices and unveil how emphasizing real-world exploitability and impact can revolutionize your security approach. Drawing from over 150,000 autonomous pentests, he’ll share compelling stories and actionable insights that reveal how viewing your cyber terrain through an attacker’s lens can uncover hidden vulnerabilities, optimize resource allocation, and fortify your defenses against advanced threats. Don’t miss this chance to learn from a leading industry trailblazer on why it’s time to “go hack yourself” to build resilience in today’s borderless threat environment.

4:10 PM - 4:40 PM ET

State-Led Cybersecurity Initiatives: New York and New Jersey as Models for Healthcare Nationwide

With federal healthcare cybersecurity in flux, states are stepping up to define their own standards.

New York’s 10 NYCRR 405.46 requires all licensed hospitals to implement formal cybersecurity programs, appoint a CISO and report cyber incidents within 72 hours, with an October 2025 compliance deadline looming. New Jersey, meanwhile, has held state agencies to similarly high standards since 2021 through its Statewide Information Security Manual, which emphasizes NIST-based controls, incident response readiness and 72-hour breach reporting for public-sector entities.

This session will examine how state-level mandates in New York and New Jersey are reshaping expectations for healthcare cybersecurity and may serve as blueprints for broader national adoption. Attendees will gain practical insight into what these policies mean for healthcare organizations today – and how to prepare for increasing variation in state-level compliance requirements.

Key Takeaways:

Understanding New York’s Cybersecurity Mandate: Key requirements, compliance strategies and the path to readiness ahead of the October 2025 deadline.
How State Regulations Influence Healthcare Security Programs: Budgeting, staffing and operational impacts for CISOs and compliance leaders.
New Jersey’s Statewide Information Security Manual: How NJ’s framework compares and what healthcare leaders can learn from it.
Navigating Multi-State Compliance: Preparing for the complexity of overlapping or divergent mandates across jurisdictions.

4:40 Pm - 5:05 pm et

Top Federal Health Data Privacy, Cyber Regulatory Issues: Expert Outlook

What's in store on the federal regulatory scene for the healthcare sector when it comes to cybersecurity and data privacy in the months and years ahead?

Our panel of regulatory and legal experts will dive into these issues:

Will the government’s proposed overhaul to the 20-year-old HIPAA Security Rule move forward? What will this mean for covered entities, their business associates and subcontractors?
How might new federal cyber requirements impact expectations from cyber insurers about the security practices of their healthcare sector clients?
What steps should healthcare sector entities take to comply with the U.S. Department of Health and Human Services’ push for secure interoperability and patient access?
What are the critical lessons emerging from the latest federal enforcement trends?

5:05 PM ET

Closing Comments

2025 Agenda