Healthcare Cybersecurity Summit: New York 2025

september 18, 2025

Healthcare Security Summit: New York

9:00 AM ET - 5:00 PM ET

Hosted By

Event Overview

In 2025, healthcare security leaders face unprecedented pressure. With the Change Healthcare breach fallout still looming, adversaries are refining tactics – using ransomware, AI deepfakes and third-party vulnerabilities to exploit gaps in identity systems, medical devices and cloud infrastructure. Meanwhile, states like New York are mandating stronger protections and response requirements, signaling decentralized cybersecurity oversight. The 2025 Healthcare Security Summit unites CISOs, technology leaders and officials to tackle this threat landscape, from digital identity and OT security to continuity planning, AI-driven detection and supply chain defense, equipping leaders to build lasting resilience.

View our ISMG Event Experience video to see what your peers are saying about their participation.

Venue

The Westin New York Times Square

270 W 43rd St, New York, NY 10036

NOTE: All requests to attend will be reviewed by event staff and approved based on professional qualifications and event capacity.

Topic Highlights

CISA’s Vital Role in Safeguarding Healthcare Infrastructure
Generative AI in Cyber Healthcare
Essential Considerations for HIPAA Compliance and Data Protection
Updates and Enhancements to the HICP Guide

Speakers

Thought Leaders on Stage and Leading Deep Dive Discussions

ISMG Summits bring the foremost thought leaders and educators in the security space to the stage, interactive workshops and networking events. Learn from the “who’s who” in Cybersecurity passionate about the latest tools and technology to defend against threats

2025 Spotlight Speaker

Dr. Suzanne Schwartz, MD. MBA, Director, Office of Strategic Partnerships & Technology Innovation, Center for Devices & Radiological Health, FDA

Dr. Suzanne Schwartz, MD, MBA, is the director of the U.S. Food and Drug Administration’s Office of Strategic Partnerships and Innovation within the agency’s Center for Devices and Radiological Health, which among other responsibilities, is tasked with formulating the FDA’s medical device cybersecurity policy. She also has served as co-chair of the Government Coordinating Council for the healthcare and public health critical infrastructure sector.

Aaron Weismann

CISO, Main Line Health

James Rutt

CIO/CISO, The Dana Foundation

Christine Saxon

Head of Global Identity Security and Access Management, Pfizer

Donald Eckel

CISO, NJ Department of Health

Anthony Candeias

CISO, WeightWatchers

Scott Gee

Deputy National Advisor for Cybersecurity & Risk, American Hospital Association

Theresa Lanowitz

Chief Cybersecurity Evangelist, LevelBlue

Frank Sinatra

CISO, University Hospital

Speakers

Thought Leaders Leading Deep-Dive Discussions on Stage

ISMG Summits bring the foremost thought leaders and educators in the security space to the stage, at interactive workshops and networking events. Learn from the who’s who in the cybersecurity industry, passionate about the latest tools and technology to defend against threats.

Agenda

Given the ever-evolving nature of cybersecurity, the agenda will be continually updated to feature the most timely and relevant sessions.

You can now view or download a PDF version of the attendee guide.

Registration and Breakfast

Opening Remarks

Anirudh Kannan

CISO Advisor, Health Care and Life Sciences, Google Cloud

Rob Suarez

CISO, Carefirst, CareFirst BlueCross BlueShield

Managing the Explosion of Health Data: Security Challenges and Strategies

The healthcare sector is experiencing an unprecedented increase in data generation, accounting for approximately 30% of the world's data volume.

Hospitals alone produce an average of 50 petabytes of data each year, encompassing electronic health records, medical imaging, genomic data and information from wearable devices. This rapid expansion presents significant security, privacy and compliance challenges for healthcare organizations. As the volume of health data continues to grow, projected to reach a 36% compound annual growth rate by the end of this year, it becomes imperative to implement robust strategies to manage and protect this sensitive information.

Key Takeaways:

Data Security Implications: Understanding the risks associated with large-scale health data storage, including potential breaches and unauthorized access.
Leveraging Advanced Technologies: Exploring the role of artificial intelligence and automation in organizing, analyzing and securing vast datasets without compromising patient privacy.
Regulatory Compliance: Navigating complex regulations governing health data, particularly concerning cloud storage solutions and hybrid environments.
Best Practices in Data Governance: Implementing effective data governance frameworks, including encryption, access controls and regular audits, to ensure data integrity and confidentiality.

Anirudh Kannan, CISO Advisor, Health Care and Life Sciences, Google Cloud

Rob Suarez, CISO, CareFirst BlueCross BlueShield

Christine Saxon

Head of Global Identity Security and Access Management, Pfizer

James Rutt

CIO/CISO, The Dana Foundation

Securing Digital Identity in Healthcare

As deepfake-driven fraud, synthetic identities and credential compromise escalate, healthcare organizations face a growing crisis in identity security.

Unlike other industries, healthcare must balance fraud prevention with seamless access to time-sensitive medical care – a challenge that cybercriminals exploit. Attackers are leveraging AI-generated provider identities, hijacked patient records and compromised remote access credentials to infiltrate electronic health records (EHRs), insurance claims systems and telehealth platforms.

Traditional identity proofing and authentication methods are no longer sufficient in the face of AI-enabled adversaries. This session will explore how healthcare security leaders can implement cryptographic defenses, risk-based authentication and continuous identity verification to prevent unauthorized access while ensuring clinicians, patients and staff can securely navigate critical systems without friction.

This session will cover:

AI-Powered Identity Fraud in Healthcare: How attackers use deepfake-enhanced medical fraud, synthetic patient identities and stolen credentials to exploit healthcare identity systems.
Strengthening Identity Proofing and Authentication: The role of digitally signed credentials, biometric verification and risk-based identity scoring in stopping fraudulent access.
Beyond Passwords: Phishing-Resistant Authentication for Healthcare: Implementing passkeys, FIDO2 and adaptive MFA to secure EHRs, patient portals and remote provider logins.
Creating a Unified Identity Framework: How healthcare organizations can align with HHS-backed identity modernization efforts and build a federated approach to authentication across systems and vendors.

Christine Saxon, Head of Global Identity Security and Access

Management, Pfizer

James Rutt, CIO/CISO, The Dana Foundation

Mike Nelson

VP, Digital Trust, DigiCert

The Cryptography Shift: Preventing Outages in the Era of Shorter Lifespans and Quantum Threats

Healthcare organizations operate in one of the most sensitive and high-stakes environments - where the integrity and availability of systems can literally be a matter of life and death.

As cryptographic standards evolve rapidly, the healthcare sector must prepare for three urgent shifts: the advent of post-quantum cryptography, the sharp reduction of certificate validity periods (now as short as 90 or even 47 days) and the growing complexity of crypto ecosystems across hybrid and cloud environments.

In this session, we’ll explore how these forces are converging to make manual crypto management untenable – and potentially dangerous. We’ll discuss how the healthcare sector must adopt automation to prevent outages in critical systems, ensure compliance and gain real-time visibility into cryptographic assets. Most importantly, we’ll cover how to begin your migration to post-quantum readiness today, even as standards and timelines evolve.

Join us to learn how you can transform crypto management from a reactive burden to a resilient, automated strategy – protecting patient care, privacy and trust.

Mike Nelson, VP, Digital Trust, DigiCert

Theresa Lanowitz

Chief Cybersecurity Evangelist, LevelBlue

Cyber Resilience and Business Impact in Healthcare

Cybersecurity is a top priority for healthcare organizations.

Adversaries can strike through any number of endpoints, quishing attacks, or the software supply chain.

These risks play out daily in hospitals, doctor’s offices, and ambulances. Is your organization ready to defend and remediate cyber incidents? Is your incident response plan formalized?

This session explores newly released data from the 2025 LevelBlue Spotlight Report: Cyber Resilience and Business Impact.

Attend this session to learn:

How healthcare organizations are preparing for enhanced AI attack
Why managing the software supply chains is critical
How leading healthcare organizations innovate while managing and mitigating risk

Theresa Lanowitz, Chief Cybersecurity Evangelist, LevelBlue

Networking and Exhibition Break

Scott Gee

Deputy National Advisor for Cybersecurity & Risk, American Hospital Association

Building Resilience and Ensuring Continuity Beyond the Breach

Healthcare security leaders know that it's not just about stopping cyberattacks - it's about ensuring hospitals, clinics and critical services can continue operating even when systems fail.

Yet, many healthcare organizations remain ill-prepared for cascading failures, supply chain disruptions and extended outages caused by third-party compromises. When an EHR system, cloud provider or medical device network goes down, the consequences extend far beyond data loss – patient care is on the line.

This session will take a tactical approach to cyber resilience in healthcare, focusing on how CISOs can build continuity plans that account for real-world dependencies and operational risks. Experts will share strategies to minimize downtime, strengthen third-party risk management and create redundancy across critical healthcare systems.

Key Takeaways:

Beyond Ransomware: Cyber Risks That Can Shut Down Healthcare: Addressing third-party outages, IT supply chain failures and cloud dependency risks that threaten care delivery.
Maintaining Continuity When EHRs and Critical Systems Go Down: Strategies for ensuring patient access to records, medication tracking and care coordination when digital systems are unavailable.
Third-Party and Supply Chain Resilience: How to mitigate vendor failures, reduce reliance on single points of failure and establish redundancy across key service providers.
Operationalizing Cyber Resilience Across Healthcare Teams: Strengthening collaboration between security, IT and clinical operations to prepare for disruptions before they happen.

Scott Gee, Deputy National Advisor for Cybersecurity & Risk,

American Hospital Association

Vince Crisler

Former White House CISO, CISO, Celerium

Third-Party Risk: Cybersecurity Challenges for Healthcare Organizations

Healthcare organizations face two critical challenges related to protecting patient data: strengthening internal cybersecurity and addressing the growing risk of data breaches among third-party vendors.

Verizon’s latest DBIR report found the share of data breaches involving third-party suppliers doubled in 2024. This session will explore the evolving third-party risk landscape in healthcare and provide actionable strategies to enhance vendor oversight and integrate third-party risk management into your overall cybersecurity program.

Vince Crisler, Former White House CISO, CISO, Celerium

Donald Eckel

CISO, NJ Department of Health

State-Led Cybersecurity Initiatives: New York and New Jersey as Models for Healthcare Nationwide

With federal healthcare cybersecurity in flux, states are stepping up to define their own standards.

New York’s 10 NYCRR 405.46 requires all licensed hospitals to implement formal cybersecurity programs, appoint a CISO and report cyber incidents within 72 hours, with an October 2025 compliance deadline looming. New Jersey, meanwhile, has held state agencies to similarly high standards since 2021 through its Statewide Information Security Manual, which emphasizes NIST-based controls, incident response readiness and 72-hour breach reporting for public-sector entities.

This session will examine how state-level mandates in New York and New Jersey are reshaping expectations for healthcare cybersecurity and may serve as blueprints for broader national adoption. Attendees will gain practical insight into what these policies mean for healthcare organizations today – and how to prepare for increasing variation in state-level compliance requirements.

Key Takeaways:

Understanding New York’s Cybersecurity Mandate: Key requirements, compliance strategies and the path to readiness ahead of the October 2025 deadline.
How State Regulations Influence Healthcare Security Programs: Budgeting, staffing and operational impacts for CISOs and compliance leaders.
New Jersey’s Statewide Information Security Manual: How NJ’s framework compares and what healthcare leaders can learn from it.
Navigating Multi-State Compliance: Preparing for the complexity of overlapping or divergent mandates across jurisdictions.

Donald Eckel, CISO, NJ Department of Health

Joel Brandon

VP, EMEA, - GRC, ProcessUnity

Solutions Showcase: Ping Identity

Coming soon! Stay tuned.

Lunch

Dr. Suzanne Schwartz

MD, MBA, Director, Director, Office of Strategic Partnerships & Technology Innovation, Center for Devices & Radiological Health, FDA

FDA: Latest Developments in Medical Device Cybersecurity

Dr. Suzanne Schwartz, Director of the Office of Strategic Partnerships and Technology Innovation at the FDA, will provides a comprehensive update on the latest regulatory developments in medical device cybersecurity.

Key Discussion Points:

Vetting Cybersecurity in Pre-Market Submissions: Attendees will gain insights into the FDA’s expectations for cybersecurity in pre-market medical device submissions to the agency, including what device maker should consider in mitigating cybersecurity risks during the development phase.

Implications for Device Makers and Healthcare Entities: Understand the necessary requirements to meet FDA’s enhanced cybersecurity expectations and ensure patient safety.

Emerging Cyber threats and Challenges: Insights and strategies to address these evolving risks and emerging AI-related issues to empower attendees to proactively protect patient safety, privacy and the integrity of medical devices.

Dr. Suzanne Schwartz, MD, MBA, Director, Director, Office

of Strategic Partnerships & Technology Innovation, Center for Devices & Radiological

Health, FDA

Healthcare Security Summit: New York

Trust Undermined: An Immersive Simulation of AI-Augmented Insider Threats

Join CyberEdBoard for this interacitve tabletop exercise that places you at the center of a sophisticated insider threat scenario, driven by generative AI and psychological manipulation.

This expertly designed session challenges participants to respond to cascading disruptions across IT and operational systems, unraveling the role of AI-augmented tactics in exploiting insider vulnerabilities. With a multi-phase simulation highlighting the cross-industry impact of AI-augmented insider threats on IT and operational systems, attendees will collaborate to develop actionable strategies for containment, detection and long-term defense.

What you will gain from this experience:

Precision Threat Response: Master techniques for isolating compromised systems, analyzing hybrid network activity and mitigating cascading disruptions caused by insider-enabled AI attacks.
Real-World Scenario Insights: Understand how AI-driven insider threats exploit IT-OT vulnerabilities, with lessons applicable to sectors reliant on interconnected systems.
Actionable Defense Playbook: Design advanced countermeasures, including micro-segmentation, AI-based anomaly detection and evidence preservation for incident response and regulatory requirements.

Karen Habercoss, Chief Privacy Officer, UChicago Medicine

Greg Garcia, Executive Director, Health Sector Coordinating Council

Cybersecurity Working Group

Anahi Santiago, CISO, ChristianaCare

Puja Khare, VP for Legal, Regulatory, and Professional Affairs, Greater New York

Hospital Association

Networking and Exhibition Break

Aaron Weismann

CISO, Main Line Health

Protecting Healthcare's Operational Technology From Cyber Disruption

Medical devices and hospital infrastructure are more connected than ever, from networked infusion pumps and MRI machines to smart HVAC and building automation systems.

But this increasing reliance on operational technology has created a new frontier for cyberattacks – one that many healthcare security teams are struggling to protect. Ransomware groups, nation-state actors and cybercriminals are now exploiting OT vulnerabilities to disrupt patient care, exfiltrate data and even manipulate critical medical equipment.

The urgency to secure OT is growing. Healthcare organizations must address thousands of unpatched, legacy and manufacturer-controlled devices, while regulatory pressure continues to push for better visibility, monitoring and segmentation of OT environments. But how can CISOs ensure OT security doesn’t remain healthcare’s weakest link – and do so without disrupting clinical operations?

Key Takeaways:

The New Era of Healthcare OT Threats: How modern ransomware, extortion tactics and supply chain attacks are increasingly targeting hospital infrastructure and connected medical devices.
Regulatory Pressure and Compliance Readiness: What new state-level regulations and HHS cybersecurity initiatives mean for OT security in healthcare.
Defensive Strategies for Medical OT: Practical steps for network segmentation, continuous monitoring and risk-based security controls to protect OT assets.
From IT to OT: Bridging the Security Gap: How CISOs can integrate OT security into broader enterprise risk management without disrupting clinical operations.

Aaron Weismann, CISO, Main Line Health

Frank Sinatra

CISO, University Hospital

The Necessity of Proactive Threat Detection in a Breach-Filled World

2025 has brought a surge in sophisticated attacks against the healthcare sector, with cybercriminals refining their tactics to evade detection and exploit third-party vulnerabilities.

As security leaders continue to grapple with these threats, lessons from the past year remain critical. The 2024 Change Healthcare ransomware attack – one of the largest healthcare breaches in U.S. history – disrupted medical claims processing nationwide, exposed sensitive data of approximately 190 million individuals, and resulted in a $22 million ransom payment that failed to prevent data leaks. Meanwhile, the Texas Tech University Health Sciences Center (TTUHSC) breach compromised the records of 1.46 million patients, disrupting clinical and research operations. These attacks reveal how AI-enhanced threats, supply chain vulnerabilities and stealthy intrusion techniques are outpacing traditional detection methods.

This session will equip security leaders with modern approaches to detecting and responding to advanced cyberthreats before they escalate. Attendees will explore how AI-driven threat intelligence, behavioral analytics and real-time monitoring can enhance detection capabilities, reduce false positives and strengthen resilience against cyberattacks.

Key Takeaways:

AI-Augmented Threat Detection: Leveraging machine learning to identify real-time attack patterns, enhance anomaly detection and reduce response times.
Behavior-Based Analytics: Using attack path mapping and behavioral profiling to detect stealthy threats that evade signature – based defenses.
Supply Chain and Vendor Monitoring: Strengthening third-party risk assessments, vendor access controls and device monitoring to prevent indirect compromises.
Operationalizing Threat Detection: Implementing threat prioritization frameworks to reduce alert fatigue and ensure SOC teams focus on the highest-risk threats.

Frank Sinatra, CISO, University Hospital