ismg summit logo

september 18, 2025

Healthcare Security Summit: New York

9:00 AM ET - 5:00 PM ET

Hosted By

Register Now
View Past Agenda
Overview
Topics
Agenda
Speakers
CPE Credits
Register
Overview
Topics
Agenda
Speakers
CPE Credits
Register

Event Overview

In 2025, healthcare security leaders are under unprecedented pressure. With the fallout from the Change Healthcare breach still reverberating across the industry, adversaries continue to refine their tactics—leveraging ransomware, AI-generated deepfakes, and third-party vulnerabilities to exploit gaps in identity systems, medical devices, and cloud infrastructure. At the same time, regulatory momentum is shifting, with states like New York stepping in to mandate stronger protections and incident response requirements, signaling a new era of decentralized cybersecurity oversight.

The 2025 Healthcare Security Summit will bring together CISOs, technology leaders, and government officials to address the expanding threat environment and reimagine what resilient, secure care looks like in practice. From safeguarding digital identities and operational technology to building continuity plans that ensure patient care during outages, the summit offers a comprehensive look at the challenges—and opportunities—facing the sector. Attendees will explore how to manage the explosive growth of health data, operationalize AI-driven detection, and strengthen supply chain defenses across complex ecosystems. With a focus on pragmatic solutions and cross-functional collaboration, this year’s event equips leaders to move beyond reactive security and build lasting resilience across clinical, operational, and digital domains.

2024 Post Show Report
Download our Summit Brochure
Past Attendee Snapshot

View our ISMG Event Experience video to see what your peers are saying about their participation. 

Topic Highlights

  • CISA’s Vital Role in Safeguarding Healthcare Infrastructure

  • Generative AI in Cyber Healthcare

  • Essential Considerations for HIPAA Compliance and Data Protection

  • Updates and Enhancements to the HICP Guide

Register

Speakers

Thought Leaders on Stage and Leading Deep Dive Discussions

ISMG Summits bring the foremost thought leaders and educators in the security space to the stage, interactive workshops and networking events. Learn from the “who’s who” in Cybersecurity passionate about the latest tools and technology to defend against threats 

View Faculty

2024 Keynote Speaker

John Riggi, National Advisor for Cybersecurity & Risk, American Hospital Association

Start your day with an enlightening session with Riggi, who will explore the latest cyber threats impacting healthcare, including ransomware and data breaches. Gain insights into managing third-party risks, emerging regulations, and enhancing your incident response strategies to ensure resilient and secure healthcare delivery. Don’t miss this opportunity to hear from an esteemed thought leader during the keynote address. 

Aaron Weisman

CISO, Main Line Health

James Rutt

CIO/CISO, The Dana Foundation

Christine Saxon

Head of Global Identity Security and Access Management, Pfizer

Donald Eckel

CISO, NJ Department of Health

Anthony Candeias

CISO, WeightWatchers

Scott Gee

Deputy National Advisor for Cybersecurity & Risk, American Hospital Association

Sunil Dadlani

Global CIDO & CISO, Atlantic Health System

Frank Sinatra

CISO, University Hospital

Speakers

Thought Leaders Leading Deep-Dive Discussions on Stage

ISMG Summits bring the foremost thought leaders and educators in the security space to the stage, at interactive workshops and networking events. Learn from the who’s who in the cybersecurity industry, passionate about the latest tools and technology to defend against threats.

View Faculty

Agenda

Given the ever-evolving nature of cybersecurity, the agenda will be continually updated to feature the most timely and relevant sessions.

You can now view or download a PDF version of the attendee guide.

Download Agenda

Registration and Breakfast

8:00 am et - 8:45 am et 

Opening Remarks

8:45 AM - 9:00 AM ET
9:00 am - 9:40 am et

Sunil Dadlani

EVP, CIDO, CISO, Chief Innovation & AI Officer, Atlantic Healthcare System

Managing the Explosion of Health Data: Security Challenges and Strategies

Hospitals alone produce an average of 50 petabytes of data each year, encompassing electronic health records, medical imaging, genomic data, and information from wearable devices. This rapid expansion presents significant security, privacy, and compliance challenges for healthcare organizations. As the volume of health data continues to grow, projected to reach 36% compound annual growth this year, it becomes imperative to implement robust strategies to manage and protect this sensitive information.

Key Discussion Points:

  • Data Security Implications: Understanding the risks associated with large-scale health data storage, including potential breaches and unauthorized access.
  • Leveraging Advanced Technologies: Exploring the role of artificial intelligence and automation in organizing, analyzing, and securing vast datasets without compromising patient privacy.
  • Regulatory Compliance: Navigating complex regulations governing health data, particularly concerning cloud storage solutions and hybrid environments.
  • Best Practices in Data Governance: Implementing effective data governance frameworks, including encryption, access controls, and regular audits, to ensure data integrity and confidentiality.

Sunil Dadlani, EVP, CIDO, CISO, Chief Innovation & AI Officer, Atlantic

Healthcare System 

9:40 AM - 10:20 AM ET

Christine Saxon

Head of Global Identity Security and Access Management, Pfizer

James Rutt

CIO/CISO, The Dana Foundation

Securing Digital Identity in Healthcare

Unlike other industries, healthcare must balance fraud prevention with seamless access to time-sensitive medical care—a challenge that cybercriminals exploit. Attackers are leveraging AI-generated provider identities, hijacked patient records, and compromised remote access credentials to infiltrate electronic health records (EHRs), insurance claims systems, and telehealth platforms.
 
Traditional identity proofing and authentication methods are no longer sufficient in the face of AI-enabled adversaries. This session will explore how healthcare security leaders can implement cryptographic defenses, risk-based authentication, and continuous identity verification to prevent unauthorized access while ensuring clinicians, patients, and staff can securely navigate critical systems without friction.
 
This Session Will Cover:
  • AI-Powered Identity Fraud in Healthcare: How attackers use deepfake-enhanced medical fraud, synthetic patient identities, and stolen credentials to exploit healthcare identity systems.
  • Strengthening Identity Proofing and Authentication: The role of digitally signed credentials, biometric verification, and risk-based identity scoring in stopping fraudulent access.
  • Beyond Passwords: Phishing-Resistant Authentication for Healthcare – Implementing passkeys, FIDO2, and adaptive MFA to secure EHRs, patient portals, and remote provider logins.
  • Creating a Unified Identity Framework: How healthcare organizations can align with HHS-backed identity modernization efforts and build a federated approach to authentication across systems and vendors.
 

Christine Saxon, Head of Global Identity Security and Access

Management, Pfizer

James Rutt, CIO/CISO, The Dana Foundation 

10:20 AM - 11:00 AM ET

Frank Sinatra

CISO, University Hospital

Anthony Candeias

CISO, WeightWatchers

The Necessity of Proactive Threat Detection in a Breach-Filled World

As security leaders continue to grapple with these threats, lessons from the past year remain critical. The 2024 Change Healthcare ransomware attack—one of the largest healthcare breaches in U.S. history—disrupted medical claims processing nationwide, exposed sensitive data of approximately 190 million individuals, and resulted in a $22 million ransom payment that failed to prevent data leaks. Meanwhile, the Texas Tech University Health Sciences Center (TTUHSC) breach compromised the records of 1.46 million patients, disrupting clinical and research operations. These attacks reveal how AI-enhanced threats, supply chain vulnerabilities, and stealthy intrusion techniques are outpacing traditional detection methods.
 
This session will equip security leaders with modern approaches to detecting and responding to advanced cyber threats before they escalate. Attendees will explore how AI-driven threat intelligence, behavioral analytics, and real-time monitoring can enhance detection capabilities, reduce false positives, and strengthen resilience against cyberattacks.
 
Key Takeaways:
  • AI-Augmented Threat Detection: Leveraging machine learning to identify real-time attack patterns, enhance anomaly detection, and reduce response times.
  • Behavior-Based Analytics: Using attack path mapping and behavioral profiling to detect stealthy threats that evade signature-based defenses.
  • Supply Chain and Vendor Monitoring: Strengthening third-party risk assessments, vendor access controls, and device monitoring to prevent indirect compromises.
  • Operationalizing Threat Detection: Implementing threat prioritization frameworks to reduce alert fatigue and ensure SOC teams focus on the highest-risk threats.
 
 

Frank Sinatra, CISO, University Hospital

Anthony Candeias, CISO, WeightWatchers

Networking and Exhibition Break

11:00 am et - 11:25 am et 
11:25 am - 12:05 pm et

Scott Gee

Deputy National Advisor for Cybersecurity & Risk, American Hospital Association

Building Resilience and Ensuring Continuity Beyond the Breach

Yet, many healthcare organizations remain ill-prepared for cascading failures, supply chain disruptions, and extended outages caused by third-party compromises. When an EHR system, cloud provider, or medical device network goes down, the consequences extend far beyond data loss—patient care is on the line.
 
This session will take a tactical approach to cyber resilience in healthcare, focusing on how CISOs can build continuity plans that account for real-world dependencies and operational risks. Experts will share strategies to minimize downtime, strengthen third-party risk management, and create redundancy across critical healthcare systems.
 
Key Takeaways:
  • Beyond Ransomware: Cyber Risks That Can Shut Down Healthcare: Addressing third-party outages, IT supply chain failures, and cloud dependency risks that threaten care delivery.
  • Maintaining Continuity When EHRs and Critical Systems Go Down: Strategies for ensuring patient access to records, medication tracking, and care coordination when digital systems are unavailable.
  • Third-Party and Supply Chain Resilience: How to mitigate vendor failures, reduce reliance on single points of failure, and establish redundancy across key service providers.
  • Operationalizing Cyber Resilience Across Healthcare Teams: Strengthening collaboration between security, IT, and clinical operations to prepare for disruptions before they happen.
 

Scott Gee, Deputy National Advisor for Cybersecurity & Risk,

American Hospital Association

12:05 pm - 12:45 pm et

Donald Eckel

CISO, NJ Department of Health

State-Led Cybersecurity Initiatives: New York and New Jersey as Models for Healthcare Nationwide

New York’s 10 NYCRR 405.46 requires all licensed hospitals to implement formal cybersecurity programs, appoint a CISO, and report cyber incidents within 72 hours, with an October 2025 compliance deadline looming. New Jersey, meanwhile, has held state agencies to similarly high standards since 2021 through its Statewide Information Security Manual, which emphasizes NIST-based controls, incident response readiness, and 72-hour breach reporting for public-sector entities.
 
This session will examine how state-level mandates in New York and New Jersey are reshaping expectations for healthcare cybersecurity and may serve as blueprints for broader national adoption. Attendees will gain practical insight into what these policies mean for healthcare organizations today—and how to prepare for increasing variation in state-level compliance requirements.
 
Key Discussion Points:
  • Understanding New York’s Cybersecurity Mandate: Key requirements, compliance strategies, and the path to readiness ahead of the October 2025 deadline.
  • How State Regulations Influence Healthcare Security Programs: Budgeting, staffing, and operational impacts for CISOs and compliance leaders.
  • New Jersey’s Statewide Information Security Manual: How NJ’s framework compares and what healthcare leaders can learn from it.
  • Navigating Multi-State Compliance: Preparing for the complexity of overlapping or divergent mandates across jurisdictions.
 

Donald Eckel, CISO, NJ Department of Health

Lunch

12:45 PM - 1:30 PM ET
1:30 PM - 2:45 PM ET

Healthcare Security Summit: New York

Healthcare Security Summit: New York

Healthcare Security Summit: New York

Healthcare Security Summit: New York

Trust Undermined: An Immersive Simulation of AI-Augmented Insider Threats

This expertly designed session challenges participants to respond to cascading disruptions across IT and operational systems, unraveling the role of AI-augmented tactics in exploiting insider vulnerabilities. With a multi-phase simulation highlighting the cross-industry impact of AI-augmented insider threats on IT and operational systems, attendees will collaborate to develop actionable strategies for containment, detection, and long-term defense.
 
What You Will Gain From This Experience:
  • Precision Threat Response: Master techniques for isolating compromised systems, analyzing hybrid network activity, and mitigating cascading disruptions caused by insider-enabled AI attacks.
  • Real-World Scenario Insights: Understand how AI-driven insider threats exploit IT-OT vulnerabilities, with lessons applicable to sectors reliant on interconnected systems.
  • Actionable Defense Playbook: Design advanced countermeasures, including micro-segmentation, AI-based anomaly detection, and evidence preservation for incident response and regulatory requirements.
 

Karen Habercoss, Chief Privacy Officer, UChicago Medicine

Greg Garcia, Executive Director, Health Sector Coordinating Council

Cybersecurity Working Group

Anahi Santiago, CISO, ChristianaCare

Puja Khare, VP for Legal, Regulatory, and Professional Affairs, Greater New York

Hospital Association

Networking and Exhibition Break

2:45 PM - 3:10 PM
3:10 PM - 3:40 PM ET

Aaron Weisman

CISO, Main Line Health

Protecting Healthcare's Operational Technology from Cyber Disruption

But this increasing reliance on operational technology has created a new frontier for cyberattacks—one that many healthcare security teams are struggling to protect. Ransomware groups, nation-state actors, and cybercriminals are now exploiting OT vulnerabilities to disrupt patient care, exfiltrate data, and even manipulate critical medical equipment.
 
The urgency to secure OT is growing. Healthcare organizations must address thousands of unpatched, legacy, and manufacturer-controlled devices, while regulatory pressure continues to push for better visibility, monitoring, and segmentation of OT environments. But how can CISOs ensure OT security doesn’t remain healthcare’s weakest link—and do so without disrupting clinical operations?
 
Key Discussion Points:
  • The New Era of Healthcare OT Threats: How modern ransomware, extortion tactics, and supply chain attacks are increasingly targeting hospital infrastructure and connected medical devices.
  • Regulatory Pressure and Compliance Readiness: What new state-level regulations and HHS cybersecurity initiatives mean for OT security in healthcare.
  • Defensive Strategies for Medical OT: Practical steps for network segmentation, continuous monitoring, and risk-based security controls to protect OT assets.
  • From IT to OT: Bridging the Security Gap – How CISOs can integrate OT security into broader enterprise risk management without disrupting clinical operations.
 

Aaron Weisman, CISO, Main Line Health 

Closing Comments

3:40 PM - 3:50 PM ET

Sponsors

Register

RSVP here to attend our events. You can select for multiple or individual tickets. 

NOTE:  All requests to attend will be reviewed by event staff and approved based on professional qualifications and event capacity.

Venue

Well& by Durst - One World Trade Center

285 Fulton Street, 64th Floor 

 

NOTE:  All requests to attend will be reviewed by event staff and approved based on professional qualifications and event capacity.

CPE Credits

Our Summits offer Continuing Education Credits. Learn informative and engaging content created specifically for security professionals.

Claim Credits

The Summit Experience

Upcoming ISMG Events

June 18, 2025

Threat Exposure Management: How Do You Prioritize Vulnerabilities?
See Event

June 24, 2025

Agentic AI and the Access-Trust Gap
See Event

June 19, 2025

Building Next-Gen Applications with Severless: Accelerating Development for Data-Intensive Workloads
See Event

August 19-20

Virtual Summit: Cybersecurity Implications of AI, Global
See Event

June 25, 2025

The Critical Role of the SOC in Modern Defense
See Event

Upcoming ISMG Events

June 18, 2025

Threat Exposure Management: How Do You Prioritize Vulnerabilities?
See Event

June 19, 2025

Building Next-Gen Applications with Severless: Accelerating Development for Data-Intensive Workloads
See Event

June 24, 2025

Agentic AI and the Access-Trust Gap
See Event

EVENT

About

SUBSCRIBE TO STAY UPDATED WITH OUR EVENTS

linkedin icon

@ISMG_News