ismg summit logo

september 18, 2025

Healthcare Security Summit: New York

9:00 AM ET - 5:00 PM ET

Hosted By

Event Overview

In 2025, healthcare security leaders face unprecedented pressure. With the Change Healthcare breach fallout still looming, adversaries are refining tactics – using ransomware, AI deepfakes and third-party vulnerabilities to exploit gaps in identity systems, medical devices and cloud infrastructure. Meanwhile, states like New York are mandating stronger protections and response requirements, signaling decentralized cybersecurity oversight. The 2025 Healthcare Security Summit unites CISOs, technology leaders and officials to tackle this threat landscape, from digital identity and OT security to continuity planning, AI-driven detection and supply chain defense, equipping leaders to build lasting resilience.

View our ISMG Event Experience video to see what your peers are saying about their participation. 

Venue

The Westin New York Times Square

270 W 43rd St, New York, NY 10036

 

NOTE:  All requests to attend will be reviewed by event staff and approved based on professional qualifications and event capacity.

2025 Spotlight Speaker

Dr. Suzanne Schwartz, MD. MBA, Director, Office of Strategic Partnerships & Technology Innovation, Center for Devices & Radiological Health, FDA

Dr. Suzanne Schwartz, MD, MBA, is the director of the U.S. Food and Drug Administration’s Office of Strategic Partnerships and Innovation within the agency’s Center for Devices and Radiological Health, which among other responsibilities, is tasked with formulating the FDA’s medical device cybersecurity policy. She also has served as co-chair of the Government Coordinating Council for the healthcare and public health critical infrastructure sector. 

Aaron Weismann

CISO, Main Line Health

James Rutt

CIO/CISO, The Dana Foundation

Christine Saxon

Head of Global Identity Security and Access Management, Pfizer

Donald Eckel

CISO, NJ Department of Health

Anthony Candeias

CISO, WeightWatchers

Scott Gee

Deputy National Advisor for Cybersecurity & Risk, American Hospital Association

Theresa Lanowitz

Chief Cybersecurity Evangelist, LevelBlue

Frank Sinatra

CISO, University Hospital

Speakers

Thought Leaders Leading Deep-Dive Discussions on Stage

ISMG Summits bring the foremost thought leaders and educators in the security space to the stage, at interactive workshops and networking events. Learn from the who’s who in the cybersecurity industry, passionate about the latest tools and technology to defend against threats.

Agenda

Given the ever-evolving nature of cybersecurity, the agenda will be continually updated to feature the most timely and relevant sessions.

You can now view or download a PDF version of the attendee guide.

Registration and Breakfast

Opening Remarks

Anirudh Kannan

CISO Advisor, Health Care and Life Sciences, Google Cloud

Rob Suarez

CISO, Carefirst, CareFirst BlueCross BlueShield

Managing the Explosion of Health Data: Security Challenges and Strategies

Hospitals alone produce an average of 50 petabytes of data each year, encompassing electronic health records, medical imaging, genomic data and information from wearable devices. This rapid expansion presents significant security, privacy and compliance challenges for healthcare organizations. As the volume of health data continues to grow, projected to reach a 36% compound annual growth rate by the end of this year, it becomes imperative to implement robust strategies to manage and protect this sensitive information.

Key Takeaways:

  • Data Security Implications: Understanding the risks associated with large-scale health data storage, including potential breaches and unauthorized access.
  • Leveraging Advanced Technologies: Exploring the role of artificial intelligence and automation in organizing, analyzing and securing vast datasets without compromising patient privacy.
  • Regulatory Compliance: Navigating complex regulations governing health data, particularly concerning cloud storage solutions and hybrid environments.
  • Best Practices in Data Governance: Implementing effective data governance frameworks, including encryption, access controls and regular audits, to ensure data integrity and confidentiality.

Anirudh Kannan, CISO Advisor, Health Care and Life Sciences, Google Cloud

Rob Suarez, CISO, CareFirst BlueCross BlueShield

Jigar Kadakia

CISO, GeneDX

James Rutt

CIO/CISO, The Dana Foundation

Securing Digital Identity in Healthcare

Unlike other industries, healthcare must balance fraud prevention with seamless access to time-sensitive medical care – a challenge that cybercriminals exploit. Attackers are leveraging AI-generated provider identities, hijacked patient records and compromised remote access credentials to infiltrate electronic health records (EHRs), insurance claims systems and telehealth platforms.
 
Traditional identity proofing and authentication methods are no longer sufficient in the face of AI-enabled adversaries. This session will explore how healthcare security leaders can implement cryptographic defenses, risk-based authentication and continuous identity verification to prevent unauthorized access while ensuring clinicians, patients and staff can securely navigate critical systems without friction.
 
This session will cover:
  • AI-Powered Identity Fraud in Healthcare: How attackers use deepfake-enhanced medical fraud, synthetic patient identities and stolen credentials to exploit healthcare identity systems.
  • Strengthening Identity Proofing and Authentication: The role of digitally signed credentials, biometric verification and risk-based identity scoring in stopping fraudulent access.
  • Beyond Passwords: Phishing-Resistant Authentication for Healthcare: Implementing passkeys, FIDO2 and adaptive MFA to secure EHRs, patient portals and remote provider logins.
  • Creating a Unified Identity Framework: How healthcare organizations can align with HHS-backed identity modernization efforts and build a federated approach to authentication across systems and vendors.
 

Jigar Kadakia, CISO, GeneDX

James Rutt, CIO/CISO, The Dana Foundation 

Mike Nelson

VP, Digital Trust, DigiCert

The Cryptography Shift: Preventing Outages in the Era of Shorter Lifespans and Quantum Threats

As cryptographic standards evolve rapidly, the healthcare sector must prepare for three urgent shifts: the advent of post-quantum cryptography, the sharp reduction of certificate validity periods (now as short as 90 or even 47 days) and the growing complexity of crypto ecosystems across hybrid and cloud environments.
 
In this session, we’ll explore how these forces are converging to make manual crypto management untenable – and potentially dangerous. We’ll discuss how the healthcare sector must adopt automation to prevent outages in critical systems, ensure compliance and gain real-time visibility into cryptographic assets. Most importantly, we’ll cover how to begin your migration to post-quantum readiness today, even as standards and timelines evolve.
 
Join us to learn how you can transform crypto management from a reactive burden to a resilient, automated strategy – protecting patient care, privacy and trust.

Mike Nelson, VP, Digital Trust, DigiCert

Theresa Lanowitz

Chief Cybersecurity Evangelist, LevelBlue

Cyber Resilience and Business Impact in Healthcare

Adversaries can strike through any number of endpoints, quishing attacks, or the software supply chain.

These risks play out daily in hospitals, doctor’s offices, and ambulances. Is your organization ready to defend and remediate cyber incidents? Is your incident response plan formalized?

This session explores newly released data from the 2025 LevelBlue Spotlight Report: Cyber Resilience and Business Impact.

Attend this session to learn:

  • How healthcare organizations are preparing for enhanced AI attack
  • Why managing the software supply chains is critical
  • How leading healthcare organizations innovate while managing and mitigating risk

Theresa Lanowitz, Chief Cybersecurity Evangelist, LevelBlue

Networking and Exhibition Break

Scott Gee

Deputy National Advisor for Cybersecurity & Risk, American Hospital Association

Building Resilience and Ensuring Continuity Beyond the Breach

Yet, many healthcare organizations remain ill-prepared for cascading failures, supply chain disruptions and extended outages caused by third-party compromises. When an EHR system, cloud provider or medical device network goes down, the consequences extend far beyond data loss – patient care is on the line.
 
This session will take a tactical approach to cyber resilience in healthcare, focusing on how CISOs can build continuity plans that account for real-world dependencies and operational risks. Experts will share strategies to minimize downtime, strengthen third-party risk management and create redundancy across critical healthcare systems.
 
Key Takeaways:
  • Beyond Ransomware: Cyber Risks That Can Shut Down Healthcare: Addressing third-party outages, IT supply chain failures and cloud dependency risks that threaten care delivery.
  • Maintaining Continuity When EHRs and Critical Systems Go Down: Strategies for ensuring patient access to records, medication tracking and care coordination when digital systems are unavailable.
  • Third-Party and Supply Chain Resilience: How to mitigate vendor failures, reduce reliance on single points of failure and establish redundancy across key service providers.
  • Operationalizing Cyber Resilience Across Healthcare Teams: Strengthening collaboration between security, IT and clinical operations to prepare for disruptions before they happen.
 

Scott Gee, Deputy National Advisor for Cybersecurity & Risk,

American Hospital Association

Vince Crisler

Former White House CISO, CISO, Celerium

Third-Party Risk: Cybersecurity Challenges for Healthcare Organizations

Verizon’s latest DBIR report found the share of data breaches involving third-party suppliers doubled in 2024. This session will explore the evolving third-party risk landscape in healthcare and provide actionable strategies to enhance vendor oversight and integrate third-party risk management into your overall cybersecurity program.

 Vince Crisler, Former White House CISO, CISO, Celerium

Chip Whitt

Principal Security Evangelist, Radware

Silent Intrusions: How Modern Threats Are Rewriting the Rules of Healthcare Security

Attackers are increasingly using AI-driven automation and advanced evasion techniques to bypass traditional defenses, with account takeover and business logic abuse becoming key tactics. This session delivers timely insights from Radware’s Cyber Threat Intelligence data, offering a focused look at how threat actors are adapting their methods to exploit healthcare-specific technologies. CISOs and security leaders will walk away with actionable strategies to strengthen defenses, protect critical services, and stay ahead of emerging attack trends.


Learning Objectives:

  1. Gain insights from Radware’s Cyber Threat Intelligence data on emerging threats impacting healthcare organizations.
  2. Understand how attackers are evolving account takeover techniques to bypass app-layer defenses and exploit identity systems.
  3. Explore advanced business logic attack patterns that target healthcare workflows, APIs, and third-party integrations.
  4. Identify and prioritize defense strategies to protect patient data, applications, and medical devices while ensuring operational continuity.
 
 

 Chip Whitt, Principal Security Evangelist, Radware

Jamey Doherty

Senior Sales Engineer, Ping Identity

Securing Autonomy: An Identity Playbook for the Agentic Era

Agentic AI is poised to become your largest digital workforce, operating autonomously, and introducing unique challenges to traditional cybersecurity paradigms. The only way to deploy AI agents safely is to make identity the control plane, giving you the confidence to scale, enforce governance by design, and prove business value fast. Join us to hear a vendor-neutral blueprint, pragmatic guardrails, and best practices for safely implementing Agentic AI.

Jamey Doherty, Senior Sales Engineer, Ping Identity

Dr. Suzanne Schwartz

MD, MBA, Director, Director, Office of Strategic Partnerships & Technology Innovation, Center for Devices & Radiological Health, FDA

FDA: Latest Developments in Medical Device Cybersecurity

Key Discussion Points:

Vetting Cybersecurity in Pre-Market Submissions: Attendees will gain insights into the FDA’s expectations for cybersecurity in pre-market medical device submissions to the agency, including what device maker should consider in mitigating cybersecurity risks during the development phase.

Implications for Device Makers and Healthcare Entities: Understand the necessary requirements to meet FDA’s enhanced cybersecurity expectations and ensure patient safety.

Emerging Cyber threats and Challenges: Insights and strategies to address these evolving risks and emerging AI-related issues to empower attendees to proactively protect patient safety, privacy and the integrity of medical devices.

Dr. Suzanne Schwartz, MD, MBA, Director, Director, Office of Strategic Partnerships & Technology Innovation, Center for Devices & Radiological Health, FDA

Tom Davis

VP of Industry Solutions, Aviatrix Systems

Navigating the Cloud Security Crisis: Building Lasting Resilience with a Cloud Native Security Fabric

As adversaries refine tactics—using sophisticated, AI-driven attacks and exploiting third-party vulnerabilities—the traditional, reactive security model is no longer sufficient to secure a decentralized, multi-cloud threat landscape.

In this 30-minute session, we will demonstrate how to move beyond fragmented, siloed security to a unified, strategic fabric. Drawing on proven examples from within the healthcare sector, we will present a new point of view on cloud security. We will show how the Aviatrix Cloud Native Security Fabric (CNSF) provides a foundational network and security layer designed to build lasting resilience across your entire cloud footprint. You will learn how to:

  • Enforce Zero Trust: Implement a pervasive segmentation fabric to contain threats and secure critical PHI and workloads, mitigating third-party and supply chain risks.
  • Centralize Visibility: Gain a single, comprehensive view of all network traffic for faster, AI-driven threat detection and streamlined compliance auditing.
  • Accelerate Innovation: Automate secure network and security deployments, enabling your teams to accelerate the launch of new digital health services without compromising your security posture.

 

Discover how to take control of your cloud environment, transforming fragmented security into a unified, resilient, and compliant foundation for the future of healthcare.

 
 

Tom Davis, VP of Industry Solutions, Aviatrix Systems

Russell Teague

CISO, Fortified Health Security

Fireside Chat: Rethinking Cybersecurity Budgets in Tight Times

Drawing on peer insights from healthcare leaders, Russell shares lessons learned, low-cost strategies, and practical steps to protect patients and strengthen programs. Walk away with real-world ideas you can apply immediately. 

Russell Teague, CISO, Fortified Health Security

Anthony Pillitiere

Co-Founder, Horizon3.ai

Go Hack Yourself: More War Stories from over 150,000 Pentests

TonyP will challenge conventional risk assessment practices and unveil how emphasizing real-world exploitability and impact can revolutionize your security approach. Drawing from over 150,000 autonomous pentests, he’ll share compelling stories and actionable insights that reveal how viewing your cyber terrain through an attacker’s lens can uncover hidden vulnerabilities, optimize resource allocation, and fortify your defenses against advanced threats. Don’t miss this chance to learn from a leading industry trailblazer on why it’s time to “go hack yourself” to build resilience in today’s borderless threat environment.

Anthony Pillitiere, Co-Founder, Horizon3.ai

Networking and Exhibition Break

Donald Eckel

CISO, NJ Department of Health

State-Led Cybersecurity Initiatives: New York and New Jersey as Models for Healthcare Nationwide

New York’s 10 NYCRR 405.46 requires all licensed hospitals to implement formal cybersecurity programs, appoint a CISO and report cyber incidents within 72 hours, with an October 2025 compliance deadline looming. New Jersey, meanwhile, has held state agencies to similarly high standards since 2021 through its Statewide Information Security Manual, which emphasizes NIST-based controls, incident response readiness and 72-hour breach reporting for public-sector entities.
 
This session will examine how state-level mandates in New York and New Jersey are reshaping expectations for healthcare cybersecurity and may serve as blueprints for broader national adoption. Attendees will gain practical insight into what these policies mean for healthcare organizations today – and how to prepare for increasing variation in state-level compliance requirements.
 
Key Takeaways:
  • Understanding New York’s Cybersecurity Mandate: Key requirements, compliance strategies and the path to readiness ahead of the October 2025 deadline.
  • How State Regulations Influence Healthcare Security Programs: Budgeting, staffing and operational impacts for CISOs and compliance leaders.
  • New Jersey’s Statewide Information Security Manual: How NJ’s framework compares and what healthcare leaders can learn from it.
  • Navigating Multi-State Compliance: Preparing for the complexity of overlapping or divergent mandates across jurisdictions.
 

Donald Eckel, CISO, NJ Department of Health

Peter Halprin

Partner, Hayes Boone

Sara Goldstein

Partner, BakerHostetler

Jennifer Kreick

Partner, Haynes Boone

Top Federal Health Data Privacy, Cyber Regulatory Issues: Expert Outlook

Our panel of regulatory and legal experts will dive into these issues:

  • Will the government’s proposed overhaul to the 20-year-old HIPAA Security Rule move forward? What will this mean for covered entities, their business associates and subcontractors?
  • How might new federal cyber requirements impact expectations from cyber insurers about the security practices of their healthcare sector clients?
  • What steps should healthcare sector entities take to comply with the U.S. Department of Health and Human Services’ push for secure interoperability and patient access?
  • What are the critical lessons emerging from the latest federal enforcement trends?

Peter Halprin, Partner, Haynes Boone

Sara Goldstein, Partner, BakerHostetler

Jennifer Kreick, Partner, Haynes Boone

 

Closing Comments

Sponsors

Register

RSVP here to attend our events. You can select for multiple or individual tickets. 

NOTE:  All requests to attend will be reviewed by event staff and approved based on professional qualifications and event capacity.

CPE Credits

Our Summits offer Continuing Professional Education Credits. Learn informative and engaging content created specifically for security professionals.

The Summit Experience

Upcoming ISMG Events

September 11, 2025

Cybersecurity Summit: London Financial Services

September 17, 2025

CNAPP: Secure Gen AI and Cloud Innovation Without Slowing the Business

September 11, 2025

Building Trust at Speed: DevSecOps for the Modern Enterprise

October 23, 2025

Cybersecurity Summit: Financial Services Toronto

September 18, 2025

Cybersecurity Summit: Healthcare New York

Upcoming ISMG Events

September 11, 2025

Cybersecurity Summit: London Financial Services

September 11, 2025

Building Trust at Speed: DevSecOps for the Modern Enterprise

September 17, 2025

CNAPP: Secure Gen AI and Cloud Innovation Without Slowing the Business