Healthcare Summit
Hybrid Summit July 12 - 13, 2022
ISMG's 2022 Healthcare Security Summit will address the top threats, risks and security needs facing the healthcare sector, including the most critical cybersecurity challenges and lessons emerging from the global pandemic. Join more than 400 attendees and subject matter experts to learn more about strategies and tactics to defend against and respond to ransomware and other disruptive cyberattacks; bolster medical device security; prevent and detect privacy breaches; tackle identity and access issues; address telehealth challenges, and manage other leading cybersecurity concerns. Besides an opportunity to interact with peers and top industry experts, the event will also provide an avenue to stay abreast of pertinent health data security and privacy regulatory developments and related issues.
ISMG's agendas provide actionable education and exclusive networking opportunities with your peers and our subject matter expert speakers.
Convene
Name :
Convene
Address :
117 West 46th Street, New York, NY, USA
Anna Delaney
Executive Editor
ISMG
Jennings Aske
CISO
New York-Presbyterian
Aske is the CISO for New York-Presbyterian. Prior to this he was VP Information Security & Chief Security Officer of Nuance Communications as well as Chief Information Security and Privacy Officer of Partners HealthCare. Prior to Partners, Aske was the...
Christopher Frenz
AVP of IT Security
Mount Sinai South Nassau
Frenz currently serves as the assistant vice president of information security at Mount Sinai South Nassau, where he develops the hospital's information security program and infrastructure. Under his leadership, the hospital has been one of the first in the country...
Thad Phillips
CISO
Baptist health
Phillips has more than 20 years of experience in healthcare IT security. He is enterprise CISO at Baptist Health Care, which includes three hospitals, four medical parks, a behavioral health network and an institute for orthopedics and sports medicine. He...
Greg Smith
Solutions Architect
Radiant Logic
Smith is a solutions architect with Radiant Logic. He has been implementing Identity and Access Management solutions for over 35 years. Smith began his professional career at Bucknell University before moving into the pharmaceutical industry in 1996. Following a 25-year...
Bill Thorn
Senior Security Architect
Trellix
Thorn is a leader in security innovation, risk reduction and program management with more than 20 years of cybersecurity experience. He is an expert in the planning and execution of complex security initiatives, building of global security operations capabilities, and...
Jonathan Baker
Director, Center for Threat-Informed Defense
MITRE Engenuity
Jon Baker is the founding Director of Research for MITRE Engenuity’s Center for Threat-Informed Defense. In addition to co-founding the Center, he is the Adversary Emulation and SOC Orchestration Department Head in The MITRE Corporation’s Cyber Operations and Effect Technology...
Rob Suarez
VP & CISO
BD (Becton, Dickinson & Company)
Roberto (Rob) Suárez is a cybersecurity and privacy professional in the medical device and healthcare IT industry. At BD, Rob serves as Chief Information Security Officer and strategic leader for information security. In this role Rob is responsible for developing...
Mitch Parker
CISO
Indiana University Health System
Parker is CISO at University of Indiana Health, based in Indianapolis. He formerly served as CISO at the four-hospital Temple University Health System as well as CISO for Temple's clinical faculty practice plan, Temple University Physicians. Previously, he was an...
Sethu Raman
Executive Director of Risk Management & Compliance
Organon
Sethu Raman is the Executive Director of Risk management & Compliance at Organon. Seasoned leader with 20+ years of industry experience across varied domains that include Cyber Operations, Risk Management, Compliance & Privacy. In his current role, Sethu leads Cyber...
Tom Field
SVP of Editorial
ISMG
Field is responsible for all of ISMG's 28 global media properties and its team of journalists. He also helped to develop and lead ISMG's award-winning summit series that has brought together security practitioners and industry influencers from around the world,...
Sandeep Bhide
VP of Product Management
ProcessUnity
Bhide has spent over 15 years in enterprise B2B SaaS software companies and has deep and broad experience in product management and software engineering. He is responsible for keeping the pulse on current and emerging needs in the third-party management...
Jim Mandelbaum
Field CTO
Gigamon
Mandelbaum is a veteran security professional with Gigamon and has worked with some of the largest companies pre- and post-breach. He has provided guidance to organizations on methods to build out secure access and visibility plans during these times of...
Anahi Santiago
CISO
ChristianaCare
Santiago is CISO at ChristianaCare, the largest healthcare provider in the state of Delaware. Prior to ChristianaCare, she spent over 10 years as the information security and privacy officer at Einstein Healthcare Network. She is an active contributor and member...
Errol Weiss
CSO
Health Information Sharing and Analysis Center
Weiss, who has over 20 years of experience in information security, is an executive vice president with Citigroup's IT risk and program management. Previously, he was a senior network security analyst for the National Security Agency, responsible for conducting vulnerability...
Scott Nichols
Global Product Security Leader
Danaher Corporation
Mr. Nichols has over 25 years of experience in the Information Security and Healthcare Technology industries. Mr. Nichols leads the Global Product Security program at Danaher Corporation, representing over 30 companies, including 4 medical device manufactures and 8 life sciences...
Joshua Corman
Former Chief Strategist
CISA COVID Task Force
Corman, is a founder of the grassroots advocacy group I Am The Cavalry. Most recently, he was the healthcare sector chief strategist at DHS CISA on matters relating to COVID-19 and public safety. He previously served as chief security officer...
Peter Halprin
Partner
Pasich LLP
Halprin is a partner in Pasich LLP’s New York office. He represents commercial policyholders with a focus on recovery strategies in relation to cyber breaches and cybercrime, COVID-19 and natural disasters, professional services, regulatory investigations and technology disputes.
Ankit Patel
BISO
Humana
Ankit is an experienced information security and privacy leader with experience in information technology, third party risk management, governance, enterprise risk management, and compliance. Ankit has experience working with various healthcare organizations (health plans, physician groups, and fortune 500 companies)...
Nina Alli
Executive Director
Biohacking Village
Nina Alli has over 16 years of experience in biotechnology, biomedical, and security with a focus of healthcare. Her work in healthcare has seen her deal with the complexities of modernization of complex legacy systems within the healthcare industry, this...
Rich Boscovich
Senior Attorney
Microsoft
Jason Cook
Technical Sales Director
Rubrik
As technical sales director, Cook is responsible for major accounts at Rubrik. He has been with the company for over four years and has experience in consulting, sales, project management and information technology.
Chris Bowen
Founder & Chief Information Security Officer
ClearDATA
Bowen is founder and chief information security officer at ClearDATA, leading the internal privacy, security and compliance strategies and advising on the security and privacy risks faced by customers, which include global healthcare organizations, health insurance companies, providers, life science...
Michael McNeil
Global CISO
McKesson
McNeil is responsible for enhancing and overseeing McKesson’s information and operational technology security strategy program, as well managing information security governance. He will also ensure the execution of McKesson’s cybersecurity strategy across the enterprise. McNeil has an extensive background in...
Suzanne Schwartz
Director for Strategic Partnerships & Technology Innovation at the Center for Devices and Radiological Health
FDA
Suzanne B. Schwartz, MD, MBA is the Director of the Office of Strategic Partnerships and Technology Innovation (OST) at FDA’s Center for Devices & Radiological Health (CDRH). Suzanne’s work in medical device cybersecurity includes raising awareness, educating, outreach, partnering and...
Gorka Sadowski
Former Gartner analyst and Chief Strategy Officer
Exabeam
Gorka is Chief Strategy Officer at Exabeam. In his role, he assists the executive team and functional leaders across the company with developing, communicating, executing and sustaining corporate strategic initiatives. Gorka has spent the last 30 years in security with...
Scott Gillis
Regional Director
Exabeam
Gillis is a cybersecurity industry leader with over 20 years of experience in the IT industry, specializing in creating and leading hyper-performing teams to achieve key company metrics and KPIs. He is widely known across the industry as a successful...
Vikrant Arora
VP & CISO
Hospital for Special Surgery
Arora, CISO at the Hospital for Special Surgery in New York, is a credentialed business leader with nearly 20 years of experience in developing enterprise security and risk management programs in the healthcare, government and education sectors in North America...
Erik Weinick
Partner and Co-Founder, Data Privacy and Cybersecurity Practice Group
Otterbourg P.C.
Weinick is a co-founder of law firm Otterbourg's privacy and cybersecurity practice. He also serves on the U.S. Secret Service's New York Field Office's Cyber Fraud Task Force Steering Committee, whose mission is to combat threats to information security through...
Vivek Delhikar
Technical Product Manager
Keysight Technoligies
15 years of experience in the industry: • Application Development • Systems Engineering • Solutions Engineering • Cybersecurity
Nicholas Heesters
Attorney, Senior Advisor For Cybersecurity
HHS Office For Civil Rights
Nicholas Heesters is a certified information privacy professional with over 25 years of experience supporting technology and information security efforts in many diverse industries including financial services, government, defense, education and healthcare. He earned a Master of Engineering in Computer...
Anahi Santiago
Chief Information Security Officer
ChristianaCare
View Agenda
A View from the Field - A Reality Check on the State of Security in Healthcare
Jim Mandelbaum, Field CTO, Gigamon

Healthcare providers are under pressure like never before. With the recent news bombarding us with breaches and bad stories, how do we understand what’s really happening out in the wild? In this conversation, we will speak about what we are seeing and experiencing in the real world. We will talk about recent findings from analysts, cloud providers and plain old firsthand account knowledge. We will understand what the bad guys are doing in the wild and discuss how to prevent yourself from becoming another statistic - or worse, a news story.

Jim Mandelbaum
  • 09:00 AM
  • 09:39 AM
A Call to Action for Healthcare
Joshua Corman, Former Chief Strategist, CISA COVID Task Force

An analysis of the state of healthcare sector cybersecurity - including where progress is being made, but why the urgency to address the industry's top security weaknesses is growing more serious.

This session will cover:

  • How and why the pandemic has set back healthcare sector cybersecurity efforts
  • Lessons from devastating ransomware attacks on the healthcare sector
  • What healthcare sector players can and should do better - sooner rather than later.
Joshua Corman
  • 09:45 AM
  • 10:14 AM
  • 10:20 AM
  • 10:49 AM
Track A
Michael McNeil
Rob Suarez
Anahi Santiago
Track A: Conquering Third-Party Security Risk
Michael McNeil, Global CISO, McKesson
Rob Suarez, VP & CISO, BD (Becton, Dickinson & Company)
Anahi Santiago, CISO, ChristianaCare

Vendors and other third-parties have been at the heart of some of the largest breaches and security incidents we’ve ever seen. That includes mishaps involving business associates, as well as vulnerabilities and exploits involving third-party software and supply chain partners. What can entities do to reduce this vendor risk?

This session will examine:

  • Assessing third-party risk
  • The latest and most important tools in the vendor risk arsenal
  • Steps vendors are taking to address the risks they pose
  • Software bill of materials
  • 10:20 AM
  • 10:49 AM
Track B
Errol Weiss
Rich Boscovich
Track B: Microsoft and Health-ISAC Disrupt Ransomware Botnet
Errol Weiss, CSO, Health Information Sharing and Analysis Center
Rich Boscovich, Senior Attorney, Microsoft

A case study: In April 2022, Microsoft, Health-ISAC and FS-ISAC took legal and technical actions to disrupt operators of the Zloader botnet and to stop criminals from distributing Ryuk ransomware used to attack hundreds of hospitals.

This session details:

  • What was involved in the project's effort
  • Lessons learned
  • Insights for the healthcare sector's participation in future actions.
Exhibit & Networking Break

Enhance your Summit experience by visiting the Sponsors’ Interactive Booths. Chat with Representatives at each Booth, access valuable resources, schedule a demo and more!

  • 10:50 AM
  • 11:04 AM
  • 11:05 AM
  • 11:19 AM
Track A
Scott Gillis
Track A: Why SOCs Fail - The Maturity Model Required for Cyber Resilience
Scott Gillis, Regional Director, Exabeam

Billions of dollars are spent annually to set up security programs and operation centers across every industry and yet, according to Risk Based Security, 3,932 breaches were publicly reported in 2020 alone. Why are security programs failing? Learn how the current operating model contributes to that failure and how a simple maturity model based on outcomes and use cases can make your organization more cyber resilient.

  • 11:05 AM
  • 11:19 AM
Track B
Vivek Delhikar
Track B: Breach and Attack Simulation: Trust Keysight to Validate Your Cybersecurity Posture
Vivek Delhikar, Technical Product Manager, Keysight Technoligies

Security is never static. New threats are constantly emerging, and misconfigurations are rampant. How do you take control of an ever-changing threat landscape? Attack yourself before hackers do. A SaaS-based breach and attack simulation - or BAS - platform, Threat Simulator continuously tests your defenses by simulating attacks across your production network and endpoints. With over 20 years of leadership in network security testing, Threat Simulator helps you identify and fix vulnerable gaps in coverage before attackers can exploit them.

  • 11:25 AM
  • 11:54 AM
Track A
Chris Bowen
Track A: Fortify Healthcare: Scaling Defenses in the Age of Globalization
Chris Bowen, Founder & Chief Information Security Officer, ClearDATA

It’s no secret that public cloud has provided the technical catalyst to the healthcare industry’s long-overdue modernization and the keys to the kingdom in terms of its globalization. The resulting access to usable swaths of data is invaluable – and high-risk. This session explores the unimaginable potential of global data sets and applications, the complexities of addressing multiple compliance frameworks, and the critical strategies security teams must embrace to ensure success.

  • 11:25 AM
  • 11:54 AM
Track B
Bill Thorn
Track B: XDR: What it is, What it's not, and How it’s Increasing SecOps Efficiency in Healthcare
Bill Thorn, Senior Security Architect , Trellix

Every healthcare entity needs to increase its SecOps team’s capacity to stay ahead of emerging threats. Consolidating your security tools into a holistic ecosystem that’s always learning and adapting is key. Begin your journey toward quick, reliable, simplified security as we review the genesis of XDR and how it’s breathing new life into our healthcare industry and new biomedical devices.

  • 12:00 PM
  • 12:29 PM
Track A
Peter  Halprin
Anahi Santiago
Vikrant Arora
Track A: Cyber Insurance: The Latest Hurdles to Jump Through
Peter Halprin, Partner, Pasich LLP
Anahi Santiago, CISO, ChristianaCare
Vikrant Arora, VP & CISO, Hospital for Special Surgery

A look at the latest demands cyber insurers are making on healthcare sector entities in order to renew policies or obtain new coverage.

This session will examine:

  • What is driving operational investment decisions
  • The growing influence of insurers on the security programs of healthcare providers
  • If cyber policy payouts are guaranteed in the wake of major incidents
  • The fine print in what cyber insurers expect from their healthcare clients
  • 12:00 PM
  • 12:29 PM
Track B
Erik Weinick
Sethu Raman
Track B: Combatting Fraud and Cybercrime in Healthcare
Erik Weinick, Partner and Co-Founder, Data Privacy and Cybersecurity Practice Group, Otterbourg P.C.
Sethu Raman, Executive Director of Risk Management & Compliance, Organon

What are the most disturbing fraud trends in healthcare and what can security professionals and CISOs do to help prevent and detect these schemes in their organizations, ranging from incidents involving malicious insiders, external bad actors, pandemic scams, intellectual property theft and more?

This session will explore:

  • How the attack surface and threat landscape has evolved over the past 2.5 years
  • Most concerning cybercrime and fraud threats and scams
  • Where healthcare organizations are most vulnerable
Thank you to our sponsors!
  • 12:30 PM
  • 12:44 PM
What’s the Best Overall Security Lesson You Think Healthcare Sector Entities Can Learn from the Pandemic, So Far?
Errol Weiss, CSO, Health Information Sharing and Analysis Center
Errol Weiss
  • 01:15 PM
  • 01:29 PM
The Role of Identity Data in a Healthcare Setting
Vikrant Arora, VP & CISO, Hospital for Special Surgery
Christopher Frenz, AVP of IT Security, Mount Sinai South Nassau
Greg Smith, Solutions Architect, Radiant Logic

All of the rapid changes in healthcare trends right now (shift to telemedicine, the consolidation of providers, record system modernization) hinge on the ability to have accurate identity information dispatched when needed–with no down time. The user experience of providers and patients alike must be held to the highest standard, while respecting sensitive PII data. This session will address why simplifying identity management is a strategic step for any modern healthcare system.

Vikrant Arora
Christopher Frenz
Greg Smith
  • 01:35 PM
  • 02:04 PM
How to Manage Your Two Biggest Risks: Cybersecurity & Third Parties
Sandeep Bhide, VP of Product Management, ProcessUnity
Christopher Frenz, AVP of IT Security, Mount Sinai South Nassau
Ankit Patel, BISO, Humana
Sandeep Bhide
Christopher Frenz
Ankit Patel
  • 02:10 PM
  • 02:39 PM
Medical Device Cybersecurity – The Latest Challenges
Suzanne Schwartz, Director for Strategic Partnerships & Technology Innovation at the Center for Devices and Radiological Health, FDA
Jennings Aske, CISO, New York-Presbyterian
Scott Nichols, Global Product Security Leader, Danaher Corporation

The FDA in April issued new, detailed draft guidance for the cybersecurity of pre-market medical devices. The document included proposals for how manufacturers should address security risk as part of their submissions for the FDA to give market approval for new products. What is the FDA expecting from manufacturers when it comes to enhancing medical device cybersecurity?

This session will examine:

  • Changes in FDA 's cyber expectations from medical device vendors, and why
  • Cybersecurity improvements some medical device manufacturers are already making
  • What do healthcare entities expect from medical device vendors and want from regulators
Suzanne Schwartz
Jennings Aske
Scott Nichols
  • 02:45 PM
  • 03:14 PM
Exhibit & Networking Break

Enhance your Summit experience by visiting the Sponsors’ Interactive Booths. Chat with Representatives at each Booth, access valuable resources, schedule a demo and more!

  • 03:15 PM
  • 03:29 PM
Taking an Evidence-Based Approach in Healthcare Security
Christopher Frenz, AVP of IT Security, Mount Sinai South Nassau
Jonathan Baker, Director, Center for Threat-Informed Defense , MITRE Engenuity
Vikrant Arora, VP & CISO, Hospital for Special Surgery

Healthcare tends to be a very compliance-minded sector. But healthcare delivery organizations need to adopt a more threat-informed defense approach to securing their entities. For instance, most compliance frameworks will check for the existence of a security control but do nothing to assess or measure the efficacy of the deployed control.

This session will explore:

  • How health delivery organizations can begin to take a more evidence-based approach to security
  • Measuring and quantifying the efficacy of security controls
  • Overcoming challenges in the transition from compliance-mindedness to evidence-based security
Christopher Frenz
Jonathan  Baker
Vikrant Arora
  • 03:30 PM
  • 03:59 PM
Incorporating Medical Ethics into Healthcare Security Decision Making
Christopher Frenz, AVP of IT Security, Mount Sinai South Nassau
Nina Alli, Executive Director, Biohacking Village

Cybersecurity is increasingly becoming a patient safety issue, and even a potential life and death concern. For instance: What happens when malware affects a networked medical or other device critical to patient care, with signs that the malware may be spreading. Should the IT or security team pull the device off the network, safeguarding some patients while potentially other patients dependent on the device?

This session will tackle:

  • Where medical ethics and cybersecurity intertwine
  • Risks that should be weighed
  • How cybersecurity and other healthcare leaders should address these issues
  • Developing a plan of action
Christopher Frenz
Nina Alli
  • 04:05 PM
  • 04:34 PM
HHS OCR HIPAA Regulatory Update
Nicholas Heesters, Attorney, Senior Advisor For Cybersecurity, HHS Office For Civil Rights

An update on several important HIPAA rulemaking, regulatory and enforcement efforts in the works at the agency, and an analysis of evolving breach trends

This session will examine:

  • HHS OCR's consideration of “recognized” security practices in HIPAA enforcement determinations
  • Proposed changes to the HIPAA privacy rule
  • Top enforcement priorities
  • The most critical compliance trends from a regulator's standpoint
Nicholas Heesters
  • 04:40 PM
  • 05:09 PM
Cocktail Reception
  • 05:15 PM
  • 06:14 PM
Day 2 Agenda

All content from Day 1 will be available on demand from 9 AM - 5 PM EST on Day 2, Wednesday, July 13. Don’t miss the chance to log-in and consume any content you may not have had the chance to see at your own convenience.

  • 09:00 AM
  • 04:59 PM

ISMG's 2022 Healthcare Security Summit will address the top threats, risks and security needs facing the healthcare sector, including the most critical cybersecurity challenges and lessons emerging from the global pandemic. Join more than 400 attendees and subject matter experts to learn more about strategies and tactics to defend against and respond to ransomware and other disruptive cyberattacks; bolster medical device security; prevent and detect privacy breaches; tackle identity and access issues; address telehealth challenges, and manage other leading cybersecurity concerns. Besides an opportunity to interact with peers and top industry experts, the event will also provide an avenue to stay abreast of pertinent health data security and privacy regulatory developments and related issues.
ISMG's agendas provide actionable education and exclusive networking opportunities with your peers and our subject matter expert speakers.

Convene
Name :
Convene
Address :
117 West 46th Street, New York, NY, USA

Anna Delaney
Executive Editor
ISMG
Jennings Aske
CISO
New York-Presbyterian
Aske is the CISO for New York-Presbyterian. Prior to this he was VP Information Security & Chief Security Officer of Nuance Communications as well as Chief Information Security and Privacy Officer of Partners HealthCare. Prior to Partners, Aske was the...
Christopher Frenz
AVP of IT Security
Mount Sinai South Nassau
Frenz currently serves as the assistant vice president of information security at Mount Sinai South Nassau, where he develops the hospital's information security program and infrastructure. Under his leadership, the hospital has been one of the first in the country...
Thad Phillips
CISO
Baptist health
Phillips has more than 20 years of experience in healthcare IT security. He is enterprise CISO at Baptist Health Care, which includes three hospitals, four medical parks, a behavioral health network and an institute for orthopedics and sports medicine. He...
Greg Smith
Solutions Architect
Radiant Logic
Smith is a solutions architect with Radiant Logic. He has been implementing Identity and Access Management solutions for over 35 years. Smith began his professional career at Bucknell University before moving into the pharmaceutical industry in 1996. Following a 25-year...
Bill Thorn
Senior Security Architect
Trellix
Thorn is a leader in security innovation, risk reduction and program management with more than 20 years of cybersecurity experience. He is an expert in the planning and execution of complex security initiatives, building of global security operations capabilities, and...
Jonathan Baker
Director, Center for Threat-Informed Defense
MITRE Engenuity
Jon Baker is the founding Director of Research for MITRE Engenuity’s Center for Threat-Informed Defense. In addition to co-founding the Center, he is the Adversary Emulation and SOC Orchestration Department Head in The MITRE Corporation’s Cyber Operations and Effect Technology...
Rob Suarez
VP & CISO
BD (Becton, Dickinson & Company)
Roberto (Rob) Suárez is a cybersecurity and privacy professional in the medical device and healthcare IT industry. At BD, Rob serves as Chief Information Security Officer and strategic leader for information security. In this role Rob is responsible for developing...
Mitch Parker
CISO
Indiana University Health System
Parker is CISO at University of Indiana Health, based in Indianapolis. He formerly served as CISO at the four-hospital Temple University Health System as well as CISO for Temple's clinical faculty practice plan, Temple University Physicians. Previously, he was an...
Sethu Raman
Executive Director of Risk Management & Compliance
Organon
Sethu Raman is the Executive Director of Risk management & Compliance at Organon. Seasoned leader with 20+ years of industry experience across varied domains that include Cyber Operations, Risk Management, Compliance & Privacy. In his current role, Sethu leads Cyber...
Tom Field
SVP of Editorial
ISMG
Field is responsible for all of ISMG's 28 global media properties and its team of journalists. He also helped to develop and lead ISMG's award-winning summit series that has brought together security practitioners and industry influencers from around the world,...
Sandeep Bhide
VP of Product Management
ProcessUnity
Bhide has spent over 15 years in enterprise B2B SaaS software companies and has deep and broad experience in product management and software engineering. He is responsible for keeping the pulse on current and emerging needs in the third-party management...
Jim Mandelbaum
Field CTO
Gigamon
Mandelbaum is a veteran security professional with Gigamon and has worked with some of the largest companies pre- and post-breach. He has provided guidance to organizations on methods to build out secure access and visibility plans during these times of...
Anahi Santiago
CISO
ChristianaCare
Santiago is CISO at ChristianaCare, the largest healthcare provider in the state of Delaware. Prior to ChristianaCare, she spent over 10 years as the information security and privacy officer at Einstein Healthcare Network. She is an active contributor and member...
Errol Weiss
CSO
Health Information Sharing and Analysis Center
Weiss, who has over 20 years of experience in information security, is an executive vice president with Citigroup's IT risk and program management. Previously, he was a senior network security analyst for the National Security Agency, responsible for conducting vulnerability...
Scott Nichols
Global Product Security Leader
Danaher Corporation
Mr. Nichols has over 25 years of experience in the Information Security and Healthcare Technology industries. Mr. Nichols leads the Global Product Security program at Danaher Corporation, representing over 30 companies, including 4 medical device manufactures and 8 life sciences...
Joshua Corman
Former Chief Strategist
CISA COVID Task Force
Corman, is a founder of the grassroots advocacy group I Am The Cavalry. Most recently, he was the healthcare sector chief strategist at DHS CISA on matters relating to COVID-19 and public safety. He previously served as chief security officer...
Peter Halprin
Partner
Pasich LLP
Halprin is a partner in Pasich LLP’s New York office. He represents commercial policyholders with a focus on recovery strategies in relation to cyber breaches and cybercrime, COVID-19 and natural disasters, professional services, regulatory investigations and technology disputes.
Ankit Patel
BISO
Humana
Ankit is an experienced information security and privacy leader with experience in information technology, third party risk management, governance, enterprise risk management, and compliance. Ankit has experience working with various healthcare organizations (health plans, physician groups, and fortune 500 companies)...
Nina Alli
Executive Director
Biohacking Village
Nina Alli has over 16 years of experience in biotechnology, biomedical, and security with a focus of healthcare. Her work in healthcare has seen her deal with the complexities of modernization of complex legacy systems within the healthcare industry, this...
Rich Boscovich
Senior Attorney
Microsoft
Jason Cook
Technical Sales Director
Rubrik
As technical sales director, Cook is responsible for major accounts at Rubrik. He has been with the company for over four years and has experience in consulting, sales, project management and information technology.
Chris Bowen
Founder & Chief Information Security Officer
ClearDATA
Bowen is founder and chief information security officer at ClearDATA, leading the internal privacy, security and compliance strategies and advising on the security and privacy risks faced by customers, which include global healthcare organizations, health insurance companies, providers, life science...
Michael McNeil
Global CISO
McKesson
McNeil is responsible for enhancing and overseeing McKesson’s information and operational technology security strategy program, as well managing information security governance. He will also ensure the execution of McKesson’s cybersecurity strategy across the enterprise. McNeil has an extensive background in...
Suzanne Schwartz
Director for Strategic Partnerships & Technology Innovation at the Center for Devices and Radiological Health
FDA
Suzanne B. Schwartz, MD, MBA is the Director of the Office of Strategic Partnerships and Technology Innovation (OST) at FDA’s Center for Devices & Radiological Health (CDRH). Suzanne’s work in medical device cybersecurity includes raising awareness, educating, outreach, partnering and...
Gorka Sadowski
Former Gartner analyst and Chief Strategy Officer
Exabeam
Gorka is Chief Strategy Officer at Exabeam. In his role, he assists the executive team and functional leaders across the company with developing, communicating, executing and sustaining corporate strategic initiatives. Gorka has spent the last 30 years in security with...
Scott Gillis
Regional Director
Exabeam
Gillis is a cybersecurity industry leader with over 20 years of experience in the IT industry, specializing in creating and leading hyper-performing teams to achieve key company metrics and KPIs. He is widely known across the industry as a successful...
Vikrant Arora
VP & CISO
Hospital for Special Surgery
Arora, CISO at the Hospital for Special Surgery in New York, is a credentialed business leader with nearly 20 years of experience in developing enterprise security and risk management programs in the healthcare, government and education sectors in North America...
Erik Weinick
Partner and Co-Founder, Data Privacy and Cybersecurity Practice Group
Otterbourg P.C.
Weinick is a co-founder of law firm Otterbourg's privacy and cybersecurity practice. He also serves on the U.S. Secret Service's New York Field Office's Cyber Fraud Task Force Steering Committee, whose mission is to combat threats to information security through...
Vivek Delhikar
Technical Product Manager
Keysight Technoligies
15 years of experience in the industry: • Application Development • Systems Engineering • Solutions Engineering • Cybersecurity
Nicholas Heesters
Attorney, Senior Advisor For Cybersecurity
HHS Office For Civil Rights
Nicholas Heesters is a certified information privacy professional with over 25 years of experience supporting technology and information security efforts in many diverse industries including financial services, government, defense, education and healthcare. He earned a Master of Engineering in Computer...
Anahi Santiago
Chief Information Security Officer
ChristianaCare

View Agenda
A View from the Field - A Reality Check on the State of Security in Healthcare
Jim Mandelbaum, Field CTO, Gigamon

Healthcare providers are under pressure like never before. With the recent news bombarding us with breaches and bad stories, how do we understand what’s really happening out in the wild? In this conversation, we will speak about what we are seeing and experiencing in the real world. We will talk about recent findings from analysts, cloud providers and plain old firsthand account knowledge. We will understand what the bad guys are doing in the wild and discuss how to prevent yourself from becoming another statistic - or worse, a news story.

Jim Mandelbaum
  • 09:00 AM
  • 09:39 AM
A Call to Action for Healthcare
Joshua Corman, Former Chief Strategist, CISA COVID Task Force

An analysis of the state of healthcare sector cybersecurity - including where progress is being made, but why the urgency to address the industry's top security weaknesses is growing more serious.

This session will cover:

  • How and why the pandemic has set back healthcare sector cybersecurity efforts
  • Lessons from devastating ransomware attacks on the healthcare sector
  • What healthcare sector players can and should do better - sooner rather than later.
Joshua Corman
  • 09:45 AM
  • 10:14 AM
  • 10:20 AM
  • 10:49 AM
Track A
Michael McNeil
Rob Suarez
Anahi Santiago
Track A: Conquering Third-Party Security Risk
Michael McNeil, Global CISO, McKesson
Rob Suarez, VP & CISO, BD (Becton, Dickinson & Company)
Anahi Santiago, CISO, ChristianaCare

Vendors and other third-parties have been at the heart of some of the largest breaches and security incidents we’ve ever seen. That includes mishaps involving business associates, as well as vulnerabilities and exploits involving third-party software and supply chain partners. What can entities do to reduce this vendor risk?

This session will examine:

  • Assessing third-party risk
  • The latest and most important tools in the vendor risk arsenal
  • Steps vendors are taking to address the risks they pose
  • Software bill of materials
  • 10:20 AM
  • 10:49 AM
Track B
Errol Weiss
Rich Boscovich
Track B: Microsoft and Health-ISAC Disrupt Ransomware Botnet
Errol Weiss, CSO, Health Information Sharing and Analysis Center
Rich Boscovich, Senior Attorney, Microsoft

A case study: In April 2022, Microsoft, Health-ISAC and FS-ISAC took legal and technical actions to disrupt operators of the Zloader botnet and to stop criminals from distributing Ryuk ransomware used to attack hundreds of hospitals.

This session details:

  • What was involved in the project's effort
  • Lessons learned
  • Insights for the healthcare sector's participation in future actions.
Exhibit & Networking Break

Enhance your Summit experience by visiting the Sponsors’ Interactive Booths. Chat with Representatives at each Booth, access valuable resources, schedule a demo and more!

  • 10:50 AM
  • 11:04 AM
  • 11:05 AM
  • 11:19 AM
Track A
Scott Gillis
Track A: Why SOCs Fail - The Maturity Model Required for Cyber Resilience
Scott Gillis, Regional Director, Exabeam

Billions of dollars are spent annually to set up security programs and operation centers across every industry and yet, according to Risk Based Security, 3,932 breaches were publicly reported in 2020 alone. Why are security programs failing? Learn how the current operating model contributes to that failure and how a simple maturity model based on outcomes and use cases can make your organization more cyber resilient.

  • 11:05 AM
  • 11:19 AM
Track B
Vivek Delhikar
Track B: Breach and Attack Simulation: Trust Keysight to Validate Your Cybersecurity Posture
Vivek Delhikar, Technical Product Manager, Keysight Technoligies

Security is never static. New threats are constantly emerging, and misconfigurations are rampant. How do you take control of an ever-changing threat landscape? Attack yourself before hackers do. A SaaS-based breach and attack simulation - or BAS - platform, Threat Simulator continuously tests your defenses by simulating attacks across your production network and endpoints. With over 20 years of leadership in network security testing, Threat Simulator helps you identify and fix vulnerable gaps in coverage before attackers can exploit them.

  • 11:25 AM
  • 11:54 AM
Track A
Chris Bowen
Track A: Fortify Healthcare: Scaling Defenses in the Age of Globalization
Chris Bowen, Founder & Chief Information Security Officer, ClearDATA

It’s no secret that public cloud has provided the technical catalyst to the healthcare industry’s long-overdue modernization and the keys to the kingdom in terms of its globalization. The resulting access to usable swaths of data is invaluable – and high-risk. This session explores the unimaginable potential of global data sets and applications, the complexities of addressing multiple compliance frameworks, and the critical strategies security teams must embrace to ensure success.

  • 11:25 AM
  • 11:54 AM
Track B
Bill Thorn
Track B: XDR: What it is, What it's not, and How it’s Increasing SecOps Efficiency in Healthcare
Bill Thorn, Senior Security Architect , Trellix

Every healthcare entity needs to increase its SecOps team’s capacity to stay ahead of emerging threats. Consolidating your security tools into a holistic ecosystem that’s always learning and adapting is key. Begin your journey toward quick, reliable, simplified security as we review the genesis of XDR and how it’s breathing new life into our healthcare industry and new biomedical devices.

  • 12:00 PM
  • 12:29 PM
Track A
Peter  Halprin
Anahi Santiago
Vikrant Arora
Track A: Cyber Insurance: The Latest Hurdles to Jump Through
Peter Halprin, Partner, Pasich LLP
Anahi Santiago, CISO, ChristianaCare
Vikrant Arora, VP & CISO, Hospital for Special Surgery

A look at the latest demands cyber insurers are making on healthcare sector entities in order to renew policies or obtain new coverage.

This session will examine:

  • What is driving operational investment decisions
  • The growing influence of insurers on the security programs of healthcare providers
  • If cyber policy payouts are guaranteed in the wake of major incidents
  • The fine print in what cyber insurers expect from their healthcare clients
  • 12:00 PM
  • 12:29 PM
Track B
Erik Weinick
Sethu Raman
Track B: Combatting Fraud and Cybercrime in Healthcare
Erik Weinick, Partner and Co-Founder, Data Privacy and Cybersecurity Practice Group, Otterbourg P.C.
Sethu Raman, Executive Director of Risk Management & Compliance, Organon

What are the most disturbing fraud trends in healthcare and what can security professionals and CISOs do to help prevent and detect these schemes in their organizations, ranging from incidents involving malicious insiders, external bad actors, pandemic scams, intellectual property theft and more?

This session will explore:

  • How the attack surface and threat landscape has evolved over the past 2.5 years
  • Most concerning cybercrime and fraud threats and scams
  • Where healthcare organizations are most vulnerable
Thank you to our sponsors!
  • 12:30 PM
  • 12:44 PM
What’s the Best Overall Security Lesson You Think Healthcare Sector Entities Can Learn from the Pandemic, So Far?
Errol Weiss, CSO, Health Information Sharing and Analysis Center
Errol Weiss
  • 01:15 PM
  • 01:29 PM
The Role of Identity Data in a Healthcare Setting
Vikrant Arora, VP & CISO, Hospital for Special Surgery
Christopher Frenz, AVP of IT Security, Mount Sinai South Nassau
Greg Smith, Solutions Architect, Radiant Logic

All of the rapid changes in healthcare trends right now (shift to telemedicine, the consolidation of providers, record system modernization) hinge on the ability to have accurate identity information dispatched when needed–with no down time. The user experience of providers and patients alike must be held to the highest standard, while respecting sensitive PII data. This session will address why simplifying identity management is a strategic step for any modern healthcare system.

Vikrant Arora
Christopher Frenz
Greg Smith
  • 01:35 PM
  • 02:04 PM
How to Manage Your Two Biggest Risks: Cybersecurity & Third Parties
Sandeep Bhide, VP of Product Management, ProcessUnity
Christopher Frenz, AVP of IT Security, Mount Sinai South Nassau
Ankit Patel, BISO, Humana
Sandeep Bhide
Christopher Frenz
Ankit Patel
  • 02:10 PM
  • 02:39 PM
Medical Device Cybersecurity – The Latest Challenges
Suzanne Schwartz, Director for Strategic Partnerships & Technology Innovation at the Center for Devices and Radiological Health, FDA
Jennings Aske, CISO, New York-Presbyterian
Scott Nichols, Global Product Security Leader, Danaher Corporation

The FDA in April issued new, detailed draft guidance for the cybersecurity of pre-market medical devices. The document included proposals for how manufacturers should address security risk as part of their submissions for the FDA to give market approval for new products. What is the FDA expecting from manufacturers when it comes to enhancing medical device cybersecurity?

This session will examine:

  • Changes in FDA 's cyber expectations from medical device vendors, and why
  • Cybersecurity improvements some medical device manufacturers are already making
  • What do healthcare entities expect from medical device vendors and want from regulators
Suzanne Schwartz
Jennings Aske
Scott Nichols
  • 02:45 PM
  • 03:14 PM
Exhibit & Networking Break

Enhance your Summit experience by visiting the Sponsors’ Interactive Booths. Chat with Representatives at each Booth, access valuable resources, schedule a demo and more!

  • 03:15 PM
  • 03:29 PM
Taking an Evidence-Based Approach in Healthcare Security
Christopher Frenz, AVP of IT Security, Mount Sinai South Nassau
Jonathan Baker, Director, Center for Threat-Informed Defense , MITRE Engenuity
Vikrant Arora, VP & CISO, Hospital for Special Surgery

Healthcare tends to be a very compliance-minded sector. But healthcare delivery organizations need to adopt a more threat-informed defense approach to securing their entities. For instance, most compliance frameworks will check for the existence of a security control but do nothing to assess or measure the efficacy of the deployed control.

This session will explore:

  • How health delivery organizations can begin to take a more evidence-based approach to security
  • Measuring and quantifying the efficacy of security controls
  • Overcoming challenges in the transition from compliance-mindedness to evidence-based security
Christopher Frenz
Jonathan  Baker
Vikrant Arora
  • 03:30 PM
  • 03:59 PM
Incorporating Medical Ethics into Healthcare Security Decision Making
Christopher Frenz, AVP of IT Security, Mount Sinai South Nassau
Nina Alli, Executive Director, Biohacking Village

Cybersecurity is increasingly becoming a patient safety issue, and even a potential life and death concern. For instance: What happens when malware affects a networked medical or other device critical to patient care, with signs that the malware may be spreading. Should the IT or security team pull the device off the network, safeguarding some patients while potentially other patients dependent on the device?

This session will tackle:

  • Where medical ethics and cybersecurity intertwine
  • Risks that should be weighed
  • How cybersecurity and other healthcare leaders should address these issues
  • Developing a plan of action
Christopher Frenz
Nina Alli
  • 04:05 PM
  • 04:34 PM
HHS OCR HIPAA Regulatory Update
Nicholas Heesters, Attorney, Senior Advisor For Cybersecurity, HHS Office For Civil Rights

An update on several important HIPAA rulemaking, regulatory and enforcement efforts in the works at the agency, and an analysis of evolving breach trends

This session will examine:

  • HHS OCR's consideration of “recognized” security practices in HIPAA enforcement determinations
  • Proposed changes to the HIPAA privacy rule
  • Top enforcement priorities
  • The most critical compliance trends from a regulator's standpoint
Nicholas Heesters
  • 04:40 PM
  • 05:09 PM
Cocktail Reception
  • 05:15 PM
  • 06:14 PM
Day 2 Agenda

All content from Day 1 will be available on demand from 9 AM - 5 PM EST on Day 2, Wednesday, July 13. Don’t miss the chance to log-in and consume any content you may not have had the chance to see at your own convenience.

  • 09:00 AM
  • 04:59 PM

Speaker Interviews

July 12 - 13, 2022

Healthcare Summit