ismg summit logo

september 18, 2025

Healthcare Security Summit: New York

9:00 AM ET - 5:00 PM ET

Hosted By

Register Now
View Past Agenda
Overview
Topics
Agenda
Speakers
CPE Credits
Register
Overview
Topics
Agenda
Speakers
CPE Credits
Register

Event Overview

In 2025, healthcare security leaders face unprecedented pressure. With the Change Healthcare breach fallout still looming, adversaries are refining tactics – using ransomware, AI deepfakes and third-party vulnerabilities to exploit gaps in identity systems, medical devices and cloud infrastructure. Meanwhile, states like New York are mandating stronger protections and response requirements, signaling decentralized cybersecurity oversight. The 2025 Healthcare Security Summit unites CISOs, technology leaders and officials to tackle this threat landscape, from digital identity and OT security to continuity planning, AI-driven detection and supply chain defense, equipping leaders to build lasting resilience.

2024 Post Show Report
Download our Summit Brochure
Attendee Snapshot

View our ISMG Event Experience video to see what your peers are saying about their participation. 

Topic Highlights

  • CISA’s Vital Role in Safeguarding Healthcare Infrastructure

  • Generative AI in Cyber Healthcare

  • Essential Considerations for HIPAA Compliance and Data Protection

  • Updates and Enhancements to the HICP Guide

Register

Speakers

Thought Leaders on Stage and Leading Deep Dive Discussions

ISMG Summits bring the foremost thought leaders and educators in the security space to the stage, interactive workshops and networking events. Learn from the “who’s who” in Cybersecurity passionate about the latest tools and technology to defend against threats 

View Faculty

2024 Keynote Speaker

John Riggi, National Advisor for Cybersecurity & Risk, American Hospital Association

Start your day with an enlightening session with Riggi, who will explore the latest cyber threats impacting healthcare, including ransomware and data breaches. Gain insights into managing third-party risks, emerging regulations, and enhancing your incident response strategies to ensure resilient and secure healthcare delivery. Don’t miss this opportunity to hear from an esteemed thought leader during the keynote address. 

Aaron Weismann

CISO, Main Line Health

James Rutt

CIO/CISO, The Dana Foundation

Christine Saxon

Head of Global Identity Security and Access Management, Pfizer

Donald Eckel

CISO, NJ Department of Health

Anthony Candeias

CISO, WeightWatchers

Scott Gee

Deputy National Advisor for Cybersecurity & Risk, American Hospital Association

Sunil Dadlani

Global CIDO & CISO, Atlantic Health System

Frank Sinatra

CISO, University Hospital

Speakers

Thought Leaders Leading Deep-Dive Discussions on Stage

ISMG Summits bring the foremost thought leaders and educators in the security space to the stage, at interactive workshops and networking events. Learn from the who’s who in the cybersecurity industry, passionate about the latest tools and technology to defend against threats.

View Faculty

Agenda

Given the ever-evolving nature of cybersecurity, the agenda will be continually updated to feature the most timely and relevant sessions.

You can now view or download a PDF version of the attendee guide.

Download Agenda

Registration and Breakfast

8:00 am et - 8:45 am et 

Opening Remarks

8:45 AM - 9:00 AM ET
9:00 am - 9:30 am et

Sunil Dadlani

EVP, CIDO, CISO, Chief Innovation & AI Officer, Atlantic Health System

Managing the Explosion of Health Data: Security Challenges and Strategies

Hospitals alone produce an average of 50 petabytes of data each year, encompassing electronic health records, medical imaging, genomic data and information from wearable devices. This rapid expansion presents significant security, privacy and compliance challenges for healthcare organizations. As the volume of health data continues to grow, projected to reach a 36% compound annual growth rate by the end of this year, it becomes imperative to implement robust strategies to manage and protect this sensitive information.

Key Takeaways:

  • Data Security Implications: Understanding the risks associated with large-scale health data storage, including potential breaches and unauthorized access.
  • Leveraging Advanced Technologies: Exploring the role of artificial intelligence and automation in organizing, analyzing and securing vast datasets without compromising patient privacy.
  • Regulatory Compliance: Navigating complex regulations governing health data, particularly concerning cloud storage solutions and hybrid environments.
  • Best Practices in Data Governance: Implementing effective data governance frameworks, including encryption, access controls and regular audits, to ensure data integrity and confidentiality.

Sunil Dadlani, EVP, CIDO, CISO, Chief Innovation & AI Officer, Atlantic

Health System 

9:30 AM - 10:00 AM ET

Christine Saxon

Head of Global Identity Security and Access Management, Pfizer

James Rutt

CIO/CISO, The Dana Foundation

Securing Digital Identity in Healthcare

Unlike other industries, healthcare must balance fraud prevention with seamless access to time-sensitive medical care – a challenge that cybercriminals exploit. Attackers are leveraging AI-generated provider identities, hijacked patient records and compromised remote access credentials to infiltrate electronic health records (EHRs), insurance claims systems and telehealth platforms.
 
Traditional identity proofing and authentication methods are no longer sufficient in the face of AI-enabled adversaries. This session will explore how healthcare security leaders can implement cryptographic defenses, risk-based authentication and continuous identity verification to prevent unauthorized access while ensuring clinicians, patients and staff can securely navigate critical systems without friction.
 
This session will cover:
  • AI-Powered Identity Fraud in Healthcare: How attackers use deepfake-enhanced medical fraud, synthetic patient identities and stolen credentials to exploit healthcare identity systems.
  • Strengthening Identity Proofing and Authentication: The role of digitally signed credentials, biometric verification and risk-based identity scoring in stopping fraudulent access.
  • Beyond Passwords: Phishing-Resistant Authentication for Healthcare: Implementing passkeys, FIDO2 and adaptive MFA to secure EHRs, patient portals and remote provider logins.
  • Creating a Unified Identity Framework: How healthcare organizations can align with HHS-backed identity modernization efforts and build a federated approach to authentication across systems and vendors.
 

Christine Saxon, Head of Global Identity Security and Access

Management, Pfizer

James Rutt, CIO/CISO, The Dana Foundation 

10:00 AM - 10:30 AM ET

Mike Nelson

VP, Digital Trust, DigiCert

The Cryptography Shift: Preventing Outages in the Era of Shorter Lifespans and Quantum Threats

As cryptographic standards evolve rapidly, the healthcare sector must prepare for three urgent shifts: the advent of post-quantum cryptography, the sharp reduction of certificate validity periods (now as short as 90 or even 47 days) and the growing complexity of crypto ecosystems across hybrid and cloud environments.
 
In this session, we’ll explore how these forces are converging to make manual crypto management untenable – and potentially dangerous. We’ll discuss how the healthcare sector must adopt automation to prevent outages in critical systems, ensure compliance and gain real-time visibility into cryptographic assets. Most importantly, we’ll cover how to begin your migration to post-quantum readiness today, even as standards and timelines evolve.
 
Join us to learn how you can transform crypto management from a reactive burden to a resilient, automated strategy – protecting patient care, privacy and trust.

Mike Nelson, VP, Digital Trust, DigiCert

10:30 am - 11:00 am et

Frank Sinatra

CISO, University Hospital

Anthony Candeias

CISO, WeightWatchers

The Necessity of Proactive Threat Detection in a Breach-Filled World

As security leaders continue to grapple with these threats, lessons from the past year remain critical. The 2024 Change Healthcare ransomware attack – one of the largest healthcare breaches in U.S. history – disrupted medical claims processing nationwide, exposed sensitive data of approximately 190 million individuals, and resulted in a $22 million ransom payment that failed to prevent data leaks. Meanwhile, the Texas Tech University Health Sciences Center (TTUHSC) breach compromised the records of 1.46 million patients, disrupting clinical and research operations. These attacks reveal how AI-enhanced threats, supply chain vulnerabilities and stealthy intrusion techniques are outpacing traditional detection methods.
 
This session will equip security leaders with modern approaches to detecting and responding to advanced cyberthreats before they escalate. Attendees will explore how AI-driven threat intelligence, behavioral analytics and real-time monitoring can enhance detection capabilities, reduce false positives and strengthen resilience against cyberattacks.
 
Key Takeaways:
  • AI-Augmented Threat Detection: Leveraging machine learning to identify real-time attack patterns, enhance anomaly detection and reduce response times.
  • Behavior-Based Analytics: Using attack path mapping and behavioral profiling to detect stealthy threats that evade signature – based defenses.
  • Supply Chain and Vendor Monitoring: Strengthening third-party risk assessments, vendor access controls and device monitoring to prevent indirect compromises.
  • Operationalizing Threat Detection: Implementing threat prioritization frameworks to reduce alert fatigue and ensure SOC teams focus on the highest-risk threats.
 
 

Frank Sinatra, CISO, University Hospital

Anthony Candeias, CISO, WeightWatchers

Networking and Exhibition Break

11:00 am et - 11:25 am et 
11:25 am - 11:55 Am et

Scott Gee

Deputy National Advisor for Cybersecurity & Risk, American Hospital Association

Building Resilience and Ensuring Continuity Beyond the Breach

Yet, many healthcare organizations remain ill-prepared for cascading failures, supply chain disruptions and extended outages caused by third-party compromises. When an EHR system, cloud provider or medical device network goes down, the consequences extend far beyond data loss – patient care is on the line.
 
This session will take a tactical approach to cyber resilience in healthcare, focusing on how CISOs can build continuity plans that account for real-world dependencies and operational risks. Experts will share strategies to minimize downtime, strengthen third-party risk management and create redundancy across critical healthcare systems.
 
Key Takeaways:
  • Beyond Ransomware: Cyber Risks That Can Shut Down Healthcare: Addressing third-party outages, IT supply chain failures and cloud dependency risks that threaten care delivery.
  • Maintaining Continuity When EHRs and Critical Systems Go Down: Strategies for ensuring patient access to records, medication tracking and care coordination when digital systems are unavailable.
  • Third-Party and Supply Chain Resilience: How to mitigate vendor failures, reduce reliance on single points of failure and establish redundancy across key service providers.
  • Operationalizing Cyber Resilience Across Healthcare Teams: Strengthening collaboration between security, IT and clinical operations to prepare for disruptions before they happen.
 

Scott Gee, Deputy National Advisor for Cybersecurity & Risk,

American Hospital Association

11:55 AM - 12:25 PM ET

Vince Crisler

Former White House CISO, CISO, Celerium

Third-Party Risk: Cybersecurity Challenges for Healthcare Organizations

Verizon’s latest DBIR report found the share of data breaches involving third-party suppliers doubled in 2024. This session will explore the evolving third-party risk landscape in healthcare and provide actionable strategies to enhance vendor oversight and integrate third-party risk management into your overall cybersecurity program.

 Vince Crisler, Former White House CISO, CISO, Celerium

12:05 pm - 12:45 pm et

Donald Eckel

CISO, NJ Department of Health

State-Led Cybersecurity Initiatives: New York and New Jersey as Models for Healthcare Nationwide

New York’s 10 NYCRR 405.46 requires all licensed hospitals to implement formal cybersecurity programs, appoint a CISO and report cyber incidents within 72 hours, with an October 2025 compliance deadline looming. New Jersey, meanwhile, has held state agencies to similarly high standards since 2021 through its Statewide Information Security Manual, which emphasizes NIST-based controls, incident response readiness and 72-hour breach reporting for public-sector entities.
 
This session will examine how state-level mandates in New York and New Jersey are reshaping expectations for healthcare cybersecurity and may serve as blueprints for broader national adoption. Attendees will gain practical insight into what these policies mean for healthcare organizations today – and how to prepare for increasing variation in state-level compliance requirements.
 
Key Takeaways:
  • Understanding New York’s Cybersecurity Mandate: Key requirements, compliance strategies and the path to readiness ahead of the October 2025 deadline.
  • How State Regulations Influence Healthcare Security Programs: Budgeting, staffing and operational impacts for CISOs and compliance leaders.
  • New Jersey’s Statewide Information Security Manual: How NJ’s framework compares and what healthcare leaders can learn from it.
  • Navigating Multi-State Compliance: Preparing for the complexity of overlapping or divergent mandates across jurisdictions.
 

Donald Eckel, CISO, NJ Department of Health

Lunch

12:45 PM - 1:30 PM ET
1:30 PM - 2:45 PM ET

Healthcare Security Summit: New York

Healthcare Security Summit: New York

Healthcare Security Summit: New York

Healthcare Security Summit: New York

Trust Undermined: An Immersive Simulation of AI-Augmented Insider Threats

This expertly designed session challenges participants to respond to cascading disruptions across IT and operational systems, unraveling the role of AI-augmented tactics in exploiting insider vulnerabilities. With a multi-phase simulation highlighting the cross-industry impact of AI-augmented insider threats on IT and operational systems, attendees will collaborate to develop actionable strategies for containment, detection and long-term defense.
 
What you will gain from this experience:
  • Precision Threat Response: Master techniques for isolating compromised systems, analyzing hybrid network activity and mitigating cascading disruptions caused by insider-enabled AI attacks.
  • Real-World Scenario Insights: Understand how AI-driven insider threats exploit IT-OT vulnerabilities, with lessons applicable to sectors reliant on interconnected systems.
  • Actionable Defense Playbook: Design advanced countermeasures, including micro-segmentation, AI-based anomaly detection and evidence preservation for incident response and regulatory requirements.
 

Karen Habercoss, Chief Privacy Officer, UChicago Medicine

Greg Garcia, Executive Director, Health Sector Coordinating Council

Cybersecurity Working Group

Anahi Santiago, CISO, ChristianaCare

Puja Khare, VP for Legal, Regulatory, and Professional Affairs, Greater New York

Hospital Association

Networking and Exhibition Break

2:45 PM - 3:10 PM ET
3:10 PM - 3:40 PM ET

Aaron Weismann

CISO, Main Line Health

Protecting Healthcare's Operational Technology From Cyber Disruption

But this increasing reliance on operational technology has created a new frontier for cyberattacks – one that many healthcare security teams are struggling to protect. Ransomware groups, nation-state actors and cybercriminals are now exploiting OT vulnerabilities to disrupt patient care, exfiltrate data and even manipulate critical medical equipment.
 
The urgency to secure OT is growing. Healthcare organizations must address thousands of unpatched, legacy and manufacturer-controlled devices, while regulatory pressure continues to push for better visibility, monitoring and segmentation of OT environments. But how can CISOs ensure OT security doesn’t remain healthcare’s weakest link – and do so without disrupting clinical operations?
 
Key Takeaways:
  • The New Era of Healthcare OT Threats: How modern ransomware, extortion tactics and supply chain attacks are increasingly targeting hospital infrastructure and connected medical devices.
  • Regulatory Pressure and Compliance Readiness: What new state-level regulations and HHS cybersecurity initiatives mean for OT security in healthcare.
  • Defensive Strategies for Medical OT: Practical steps for network segmentation, continuous monitoring and risk-based security controls to protect OT assets.
  • From IT to OT: Bridging the Security Gap: How CISOs can integrate OT security into broader enterprise risk management without disrupting clinical operations.
 

Aaron Weismann, CISO, Main Line Health 

Closing Comments

3:40 PM - 3:50 PM ET

Sponsors

Register

RSVP here to attend our events. You can select for multiple or individual tickets. 

NOTE:  All requests to attend will be reviewed by event staff and approved based on professional qualifications and event capacity.

Venue

Well& by Durst - One World Trade Center

285 Fulton Street, 64th Floor 

 

NOTE:  All requests to attend will be reviewed by event staff and approved based on professional qualifications and event capacity.

CPE Credits

Our Summits offer Continuing Professional Education Credits. Learn informative and engaging content created specifically for security professionals.

Claim Credits

The Summit Experience

Upcoming ISMG Events

August 5, 2025

The Hidden Risks of Agentic AI
See Event

August 13, 2025

Threat Exposure Management: How Do You Prioritize Vulnerabilities?
See Event

August 7-8, 2025

Virtual Cybersecurity Summit: Africa
See Event

September 11, 2025

Cybersecurity Summit: London Financial Services
See Event

August 19-20, 2025

Virtual Summit: Cybersecurity Implications of AI, Global
See Event

Upcoming ISMG Events

August 5, 2025

The Hidden Risks of Agentic AI
See Event

August 7-8, 2025

Virtual Cybersecurity Summit: Africa
See Event

August 13, 2025

Threat Exposure Management: How Do You Prioritize Vulnerabilities?
See Event

Subscribe to Stay Updated with Our Events

linkedin icon

@ISMG_News 

EVENTS

About