Topic Highlights
CISA’s Vital Role in Safeguarding Healthcare Infrastructure
Generative AI in Cyber Healthcare
Essential Considerations for HIPAA Compliance and Data Protection
Updates and Enhancements to the HICP Guide
In 2025, healthcare security leaders are under unprecedented pressure. With the fallout from the Change Healthcare breach still reverberating across the industry, adversaries continue to refine their tactics—leveraging ransomware, AI-generated deepfakes, and third-party vulnerabilities to exploit gaps in identity systems, medical devices, and cloud infrastructure. At the same time, regulatory momentum is shifting, with states like New York stepping in to mandate stronger protections and incident response requirements, signaling a new era of decentralized cybersecurity oversight.
The 2025 Healthcare Security Summit will bring together CISOs, technology leaders, and government officials to address the expanding threat environment and reimagine what resilient, secure care looks like in practice. From safeguarding digital identities and operational technology to building continuity plans that ensure patient care during outages, the summit offers a comprehensive look at the challenges—and opportunities—facing the sector. Attendees will explore how to manage the explosive growth of health data, operationalize AI-driven detection, and strengthen supply chain defenses across complex ecosystems. With a focus on pragmatic solutions and cross-functional collaboration, this year’s event equips leaders to move beyond reactive security and build lasting resilience across clinical, operational, and digital domains.
View our ISMG Event Experience video to see what your peers are saying about their participation.
CISA’s Vital Role in Safeguarding Healthcare Infrastructure
Generative AI in Cyber Healthcare
Essential Considerations for HIPAA Compliance and Data Protection
Updates and Enhancements to the HICP Guide
ISMG Summits bring the foremost thought leaders and educators in the security space to the stage, interactive workshops and networking events. Learn from the “who’s who” in Cybersecurity passionate about the latest tools and technology to defend against threats
Start your day with an enlightening session with Riggi, who will explore the latest cyber threats impacting healthcare, including ransomware and data breaches. Gain insights into managing third-party risks, emerging regulations, and enhancing your incident response strategies to ensure resilient and secure healthcare delivery. Don’t miss this opportunity to hear from an esteemed thought leader during the keynote address.
ISMG Summits bring the foremost thought leaders and educators in the security space to the stage, at interactive workshops and networking events. Learn from the who’s who in the cybersecurity industry, passionate about the latest tools and technology to defend against threats.
Hospitals alone produce an average of 50 petabytes of data each year, encompassing electronic health records, medical imaging, genomic data, and information from wearable devices. This rapid expansion presents significant security, privacy, and compliance challenges for healthcare organizations. As the volume of health data continues to grow, projected to reach 36% compound annual growth this year, it becomes imperative to implement robust strategies to manage and protect this sensitive information.
Key Discussion Points:
John Riggi, National Advisor for Cybersecurity & Risk, American Hospital
Association
As security leaders continue to grapple with these threats, lessons from the past year remain critical. The 2024 Change Healthcare ransomware attack—one of the largest healthcare breaches in U.S. history—disrupted medical claims processing nationwide, exposed sensitive data of approximately 190 million individuals, and resulted in a $22 million ransom payment that failed to prevent data leaks. Meanwhile, the Texas Tech University Health Sciences Center (TTUHSC) breach compromised the records of 1.46 million patients, disrupting clinical and research operations. These attacks reveal how AI-enhanced threats, supply chain vulnerabilities, and stealthy intrusion techniques are outpacing traditional detection methods.
This session will equip security leaders with modern approaches to detecting and responding to advanced cyber threats before they escalate. Attendees will explore how AI-driven threat intelligence, behavioral analytics, and real-time monitoring can enhance detection capabilities, reduce false positives, and strengthen resilience against cyberattacks.
Key Takeaways:
Theresa Lanowitz, Chief Evangelist, LevelBlue
New York has taken the boldest step yet with 10 NYCRR 405.46, a sweeping cybersecurity mandate requiring all licensed hospitals to implement robust security programs, appoint a Chief Information Security Officer, and report cyber incidents within 72 hours.
As the October 2025 compliance deadline rapidly approaches, this summit offers a final opportunity for security leaders to ensure readiness, address implementation challenges, and assess the broader implications of New York’s regulation as a potential model for other states.
For healthcare security leaders, the implications are clear: even if federal regulations remain unchanged, organizations may soon face a complex patchwork of state-driven mandates. This session will explore how New York’s regulations could shape the future of healthcare cybersecurity nationwide, what organizations can learn from this model, and how to proactively prepare for new compliance considerations.
Key Discussion Points:
Lynette Sherrill, Deputy Assistant Secretary of Information Security
& Chief Information Security Officer, U.S. Department of Veterans Affairs
A year later, what has actually changed? Have security postures improved, or are healthcare organizations still at risk of the same weaknesses?
Meanwhile, ransomware tactics have become more sophisticated, going beyond traditional encryption attacks. Healthcare organizations now face double extortion, persistent network access, and destructive wiper malware designed to cause lasting damage. This session will examine the lasting lessons of Change Healthcare while equipping CISOs with strategies to detect, prevent, and recover from ransomware’s latest threats.
Key Discussion Points:
Neal Quinn, Head of Cloud Security Services Business, Radware
But this increasing reliance on operational technology has created a new frontier for cyberattacks—one that many healthcare security teams are struggling to protect. Ransomware groups, nation-state actors, and cybercriminals are now exploiting OT vulnerabilities to disrupt patient care, exfiltrate data, and even manipulate critical medical equipment.
The urgency to secure OT is growing. Healthcare organizations must address thousands of unpatched, legacy, and manufacturer-controlled devices, while regulatory pressure continues to push for better visibility, monitoring, and segmentation of OT environments. But how can CISOs ensure OT security doesn’t remain healthcare’s weakest link—and do so without disrupting clinical operations?
Key Discussion Points:
Shasta Turney, Director of Solution Marketing, Ping Identity
Unlike other industries, healthcare must balance fraud prevention with seamless access to time-sensitive medical care—a challenge that cybercriminals exploit. Attackers are leveraging AI-generated provider identities, hijacked patient records, and compromised remote access credentials to infiltrate electronic health records (EHRs), insurance claims systems, and telehealth platforms.
Traditional identity proofing and authentication methods are no longer sufficient in the face of AI-enabled adversaries. This session will explore how healthcare security leaders can implement cryptographic defenses, risk-based authentication, and continuous identity verification to prevent unauthorized access while ensuring clinicians, patients, and staff can securely navigate critical systems without friction.
This Session Will Cover:
Karen Habercoss, Chief Privacy Officer, UChicago Medicine
Greg Garcia, Executive Director, Health Sector Coordinating Council
Cybersecurity Working Group
Anahi Santiago, CISO, ChristianaCare
Puja Khare, VP for Legal, Regulatory, and Professional Affairs, Greater New York
Hospital Association
Yet, many healthcare organizations remain ill-prepared for cascading failures, supply chain disruptions, and extended outages caused by third-party compromises. When an EHR system, cloud provider, or medical device network goes down, the consequences extend far beyond data loss—patient care is on the line.
This session will take a tactical approach to cyber resilience in healthcare, focusing on how CISOs can build continuity plans that account for real-world dependencies and operational risks. Experts will share strategies to minimize downtime, strengthen third-party risk management, and create redundancy across critical healthcare systems.
Key Takeaways:
Shane Hasert, Director, Threat Research & Cybersecurity Standards, ProcessUnity
Recent attacks have shown that healthcare networks, insurers, cloud providers, and medical device manufacturers all represent potential entry points for adversaries—often compromising entire ecosystems rather than just individual organizations.
This session will explore how healthcare CISOs can assess, mitigate, and plan for supply chain risks that extend far beyond their own walls, ensuring resilience even when the weakest link in their network isn’t under their direct control.
Key Discussion Points:
Sumant Mauskar, Senior Vice President, Sales and Global Partnerships, Pindrop
As threats against the industry intensify, many healthcare organizations lack the in-house expertise needed to manage complex security challenges, respond to incidents, and implement advanced threat defenses. While financial services and tech firms attract cybersecurity professionals with high salaries and cutting-edge tools, how can healthcare organizations recruit and retain the talent they need to defend patient data and critical systems?
To build sustainable cybersecurity programs, healthcare leaders must rethink hiring strategies, internal training initiatives, and workforce augmentation through automation and outsourcing. This discussion will explore how organizations can compete for skilled professionals, upskill internal teams, and adapt to ongoing staffing shortages without compromising security.
Our Panel of Experts Will Discuss:
Josh Wasserman, Northeast Area Vice President, Semperis
From vulnerabilities in medical devices, to securing legacy systems and managing third-party risk, a single vulnerable link in your supply chain can compromise the security of your entire organization, posing significant risks to patient safety and data integrity. Recent cyberattacks against Change Healthcare, Philips and others exemplify the critical need for robust supply chain security measures, including comprehensive vendor risk assessments, securing medical devices and software, and the necessity of continuous monitoring and rigorous security protocols.
Recognition that each interaction and transaction within the supply chain can introduce potential risks is crucial for maintaining a comprehensive security framework. This session will take a deep dive into the many aspects of supply chain security, emphasizing a holistic approach to preventing, detecting, and mitigating threats to critical operations and delivery of care.
Key strategies to be explored include:
Hugo Lai, CISO, Temple University Health System
Errol Weiss, CSO, Health-ISAC
Christopher Frenz, AVP of IT Security, Mount Sinai South Nassau
John Banghart, Senior Director for Cybersecurity Services, Venable LLP
What You Will Gain From This Experience
Randy Guerette, HC Solutions Engineer, Claroty
Todd Felker, Executive Strategist, Healthcare, CrowdStrike
Matthew Oelsner, Network Intrusion Forensic Analyst, United States Secret Service
That briefing will be followed by discussion with our esteemed panel of experts, including Phil Englert, vice president of medical devices security at the Heath Information Sharing and Analysis Center.
This session will explore:
Aftin Ross, Deputy Director, Office of Readiness and Response, Office of Strategic
Partnerships & Technology Innovation, Center for Devices and Radiological Health
Phil Englert, VP, Medical Device Security, Health-ISAC
In this exclusive session, attendees will:
Melanie Fontes Rainer, Director, Department of Health and Human Services’ Office
for Civil Rights
However, as AI algorithms increasingly influence medical decision-making, concerns about bias and discrimination have become increasingly apparent. These biases can arise from inherent issues in AI datasets, algorithmic design, and implementation, potentially perpetuating disparities in healthcare delivery and outcomes.
This session will delve into the ethical, legal, and security implications of healthcare discrimination facilitated by AI, including the erosion of trust, patient harm, and legal challenges. We will explore how AI’s blind spots can inadvertently reinforce existing biases and how representative datasets can help mitigate these challenges.
Join us to examine the following key areas:
• Biases in AI Datasets: Understand how biases in training data can lead to unequal healthcare outcomes and discuss the importance of using diverse and representative datasets.
• Algorithmic Design, Implementation, and Security: Analyze how design choices and system vulnerabilities can influence the fairness and safety of AI applications.
• Mitigation and Protection Strategies: Discuss effective strategies to mitigate bias in AI healthcare applications, emphasizing the need for ongoing oversight, ethical standards, and robust security measures to ensure equitable and ethical use of AI in healthcare.
Cory Brennan, Associate Senior Counsel of Technology & Commercial Transactions,
Johns Hopkins Medicine
Aaron Weismann, CISO, Main Line Health
David Hoffman, Assistant Professor of Bioethics, Columbia University
RSVP here to attend our events. You can select for multiple or individual tickets.
NOTE: All requests to attend will be reviewed by event staff and approved based on professional qualifications and event capacity.
285 Fulton Street, 64th Floor
NOTE: All requests to attend will be reviewed by event staff and approved based on professional qualifications and event capacity.
Our Summits offer Continuing Education Credits. Learn informative and engaging content created specifically for security professionals.
Upcoming ISMG Events
@ISMG_News