Healthcare Summit
Hybrid Summit July 12 - 13, 2022
ISMG's 2022 Healthcare Security Summit will address the top threats, risks and security needs facing the healthcare sector, including the most critical cybersecurity challenges and lessons emerging from the global pandemic. Join more than 400 attendees and subject matter experts to learn more about strategies and tactics to defend against and respond to ransomware and other disruptive cyberattacks; bolster medical device security; prevent and detect privacy breaches; tackle identity and access issues; address telehealth challenges, and manage other leading cybersecurity concerns. Besides an opportunity to interact with peers and top industry experts, the event will also provide an avenue to stay abreast of pertinent health data security and privacy regulatory developments and related issues.
ISMG's agendas provide actionable education and exclusive networking opportunities with your peers and our subject matter expert speakers.
Christopher Frenz
AVP of IT Security
Mount Sinai South Nassau
Frenz currently serves as the assistant vice president of information security at Mount Sinai South Nassau, where he develops the hospital's information security program and infrastructure. Under his leadership, the hospital has been one of the first in the country...
Tom Field
Senior Vice President of Editorial
ISMG
Thad Phillips
CISO
Baptist health
James Blake
Field CTO EMEA, Security
Rubrik
With over three decades of operational experience, James Blake is the Field CTO for Security for Rubrik where he assists customers in designing & delivering transformation programs around their cyber resiliency capabilities. James was formerly the Advisory CISO for ServiceNow,...
Sandeep Bhide
VP of Product Management
ProcessUnity
Sandeep has spent over 15 years in enterprise B2B SaaS software companies with deep and broad experience in product management and software engineering. He is responsible for keeping the pulse on current and emerging needs in the third-party management market...
Errol Weiss
CSO
H-ISAC
Anna Delaney
Director of Productions
ISMG
Michael McNeill
Global CISO
McKesson
Suzanne Schwartz
Director for Strategic Partnerships & Technology Innovation at the Center for Devices and Radiological Health
FDA
Suzanne B. Schwartz, MD, MBA is the Director of the Office of Strategic Partnerships and Technology Innovation (OST) at FDA’s Center for Devices & Radiological Health (CDRH). Suzanne’s work in medical device cybersecurity includes raising awareness, educating, outreach, partnering and...
Greg Smith
Solutions Architect
Radiant Logic
Greg Smith is a Solutions Architect with Radiant Logic. He has been implementing Identity & Access Management solutions for over 35 years. He holds BSEG and MSBA degrees from Bucknell University, where he also began his professional career before moving...
Chris Bowen
Founder & Chief Information Security Officer
ClearDATA
Chris is Founder and Chief Information Security Officer at ClearDATA. He leads ClearDATA’s internal privacy, security and compliance strategies as well as advises on the security and privacy risks faced by customers, which include global healthcare organizations, health insurance companies,...
Sharat Chander
Director of Java Product Management
Oracle
Anahi Santiago
CISO
ChristianaCare
Gorka Sadowski
Former Gartner analyst and Chief Strategy Officer
Exabeam
Gorka is Chief Strategy Officer at Exabeam. In his role, he assists the executive team and functional leaders across the company with developing, communicating, executing and sustaining corporate strategic initiatives. Gorka has spent the last 30 years in security with...
Jennings Aske
CISO
New York-Presbyterian
Aske is the CISO for New York-Presbyterian. Prior to this he was VP Information Security & Chief Security Officer of Nuance Communications as well as Chief Information Security and Privacy Officer of Partners HealthCare. Prior to Partners, Aske was the...
Jim Mandelbaum
Field CTO
Gigamon
James is a veteran security professional with Gigamon and has worked with some of the largest companies pre and post breach. He has provided guidance to organizations on methods to build out secure Access and Visibility plans during these times...
View Agenda
Addressing Cyber Attacks During a Global Pandemic

COVID-19 Cybersecurity attacks: Cybersecurity technologies to identify, protect, detect, respond and recover are extremely important, but not sufficient. HumanOS upgrade is required to safely use the Internet and it is not only about training and awareness. It is about the way users must behave online and the IT community must openly acknowledge system vulnerabilities. Humans are the weakest and strongest links in Cybersecurity.

  • 09:10 AM
  • 09:39 AM
Zero Trust and the Dangers of the Implicit Trust

The tenets of zero trust are well defined in NIST SP 800-207, but have many architects truly taken them on-board? Are we exhibiting a familiarity bias: over-trusting certain mechanisms and failing to properly ascertain their trustability, as we are required to?  Are we ignoring others, which provide useful evidence of trustability?  Are we looking too much at the actual network we are trying to protect, and disregarding unmanaged devices, IoT/OT/ICS, BYOD?  Is EDR, as is mandated by EO M-22-01, the right approach, or an initial step on the road?  How do we expect our adversaries to behave, and how do we counter that threat in the way we architect our zero trust environments?

  • 09:45 AM
  • 10:14 AM
Fortify Healthcare: Scaling Defenses in the Age of Globalization
Chris Bowen, Founder & Chief Information Security Officer, ClearDATA

It’s no secret that public cloud has provided the technical catalyst to the healthcare industry’s long-overdue modernization and the keys to the kingdom in terms of its globalization. The resulting access to usable swaths of data is invaluable – and high risk. In this talk, I will explore the unimaginable potential of global data sets and applications, the complexities of addressing multiple compliance frameworks, and the critical strategies security teams must embrace to ensure success.

Chris Bowen
  • 10:20 AM
  • 10:49 AM
IT Leader’s Guide for Modern Application Development in Healthcare
Sharat Chander, Director of Java Product Management , Oracle

The need for agility has never been more important as healthcare organizations revise their processes and applications at an unprecedented pace, and that, in turn, has underscored the need for business-critical application performance, stability and security. As IT leaders guide their teams through ongoing business transformation demands to meet business needs and customer expectations, it is critical to examine how the essential applications are managed and how risk is calculated to drive improvement. Join Sharat Chander, Senior Director of Java Product Management at Oracle, for an insightful discussion to learn how to modernize Java applications while mitigating risk.

Sharat Chander
  • 10:55 AM
  • 11:09 AM
Exhibit & Networking Break
  • 11:10 AM
  • 11:24 AM
Cyber Resiliency: Achievable Goal or Flight-of-Fancy?
James Blake, Field CTO EMEA, Security, Rubrik

Most organisation’s IT infrastructures remain fragile to cyber attacks, especially the current scourge of ransomware operators sweeping across all verticals and all countries across the globe.  Becoming cyber resilient to these kinds of attack is an emergent property, not a collection of products you can buy.  In this session James will discuss those emergent properties and how he has seen organisations best achieve them using best-practice frameworks and solid engineering principles.

James Blake
  • 11:25 AM
  • 11:54 AM
First Responders and the Response to Cybersecurity Concerns

Washington State was the first U.S. epicenter of the COVID-19 pandemic, and as CISO of UW Medicine Cris Ewell was supporting the first responders. How is his security organization most different today than it was a year ago? Hear his approach to:

  • Work from anywhere
  • Supply chain risk
  • Medical device security
  • 12:00 PM
  • 12:29 PM
Lunch
  • 12:30 PM
  • 01:14 PM
Why SOCs Fail
Gorka Sadowski, Former Gartner analyst and Chief Strategy Officer, Exabeam

Millions of dollars are spent annually to set up SOCs in the healthcare industry and yet, in just the last two years alone, 89% of healthcare organizations have experienced a data breach. Why are SOCs failing? Listen as ISMG’s Tom Field interviews Exabeam’s Chief Strategy Officer Gorka Sadowski to learn more about why SOCs always fail when built under the current operating model. And what to do to make SOCs successful using a simple maturity model based on outcomes and use cases.  

Gorka Sadowski
  • 01:15 PM
  • 01:44 PM
Building a Business-Focused, Customer-Centric Security Program: A Case Study


Omar Khawaja, CISO of Highmark Health, describes his organization’s journey to enhance its security program while serving the needs of the business and providing internal customers with ease-of-use.

In this exclusive interview Khawaja will discuss:

  • How security programs must serve the business;
  • The goals of a business-centric security program;
  • How security leaders must avoid saying “no,” and instead demonstrate “here’s how”;
  • Treating the business like a paying client.
  • 01:50 PM
  • 02:19 PM
Defending Against the Surge in Healthcare Cyberattacks During the COVID Crisis
Anahi Santiago, CISO, ChristianaCare

Not only are cybercriminals installing ransomware to encrypt data and freeze up systems, some attacks have evolved with the exfiltration of sensitive patient data and double extortion schemes. In some cases, backup systems are being hit as well, hampering recovery efforts from these attacks. But what are the critical steps and latest  strategies that healthcare sector entities can take to prevent falling victim to these highly disruptive and dangerous attacks, especially as they escalate during the COVID-19 pandemic?

Anahi Santiago
  • 02:25 PM
  • 02:54 PM
Exhibits & Networking Break
  • 02:55 PM
  • 03:09 PM
Digital Supply Chain Security: It’s a Matter of Trust
Michael McNeill, Global CISO , McKesson

After the SolarWinds attack, how can an entity ever trust that any vendor’s security incident won’t become their own next crisis? Healthcare sector entities in particular deal with a complex digital supply chain that range from critical IT vendors to suppliers of life-saving network-connected patient gear, and all the other players – known and maybe unknown – in-between. Our panel will discuss:

  • Digital supply chain challenges spotlighted during COVID-19;
  • Healthcare sector lessons emerging from the SolarWinds and other major vendor attacks;
  • Lessons from the Urgent/11 IPnet vulnerabilities;
  • Cloud vendors and change management issues; 
  • Vetting and trusting third-parties – including their software patches.
Michael McNeill
  • 03:10 PM
  • 03:39 PM
Medical Device Cybersecurity: The Latest Challenges

What’s the status of FDA’s latest guidance and other efforts to help strengthen the cybersecurity of medical devices – especially amid the surge in COVID-19 remote patient monitoring and shortages of certain critical medical equipment? How are medical device makers implementing better security controls and best practices, and what are healthcare delivery organizations doing to keep their patients and data safe from the latest threats facing devices? Our panel will discuss these issues, plus:

  • The ongoing challenges involving legacy devices issues and outdated third-party software;
  • Vulnerability disclosures and patching;
  • Third-party components and a “Cybersecurity Bill of Materials”;
  • What the SolarWinds attack and connected medical devices have in common.
  • 03:45 PM
  • 04:14 PM
Day 2 Agenda

All content from Day 1 will be available on demand from 9 AM - 5 PM ET on Day 2, Wednesday, July 13th. Don’t miss the chance to log-in and consume any content you may not have had the chance to see at your own convenience.

  • 09:00 AM
  • 04:59 PM

ISMG's 2022 Healthcare Security Summit will address the top threats, risks and security needs facing the healthcare sector, including the most critical cybersecurity challenges and lessons emerging from the global pandemic. Join more than 400 attendees and subject matter experts to learn more about strategies and tactics to defend against and respond to ransomware and other disruptive cyberattacks; bolster medical device security; prevent and detect privacy breaches; tackle identity and access issues; address telehealth challenges, and manage other leading cybersecurity concerns. Besides an opportunity to interact with peers and top industry experts, the event will also provide an avenue to stay abreast of pertinent health data security and privacy regulatory developments and related issues.
ISMG's agendas provide actionable education and exclusive networking opportunities with your peers and our subject matter expert speakers.

Christopher Frenz
AVP of IT Security
Mount Sinai South Nassau
Frenz currently serves as the assistant vice president of information security at Mount Sinai South Nassau, where he develops the hospital's information security program and infrastructure. Under his leadership, the hospital has been one of the first in the country...
Tom Field
Senior Vice President of Editorial
ISMG
Thad Phillips
CISO
Baptist health
James Blake
Field CTO EMEA, Security
Rubrik
With over three decades of operational experience, James Blake is the Field CTO for Security for Rubrik where he assists customers in designing & delivering transformation programs around their cyber resiliency capabilities. James was formerly the Advisory CISO for ServiceNow,...
Sandeep Bhide
VP of Product Management
ProcessUnity
Sandeep has spent over 15 years in enterprise B2B SaaS software companies with deep and broad experience in product management and software engineering. He is responsible for keeping the pulse on current and emerging needs in the third-party management market...
Errol Weiss
CSO
H-ISAC
Anna Delaney
Director of Productions
ISMG
Michael McNeill
Global CISO
McKesson
Suzanne Schwartz
Director for Strategic Partnerships & Technology Innovation at the Center for Devices and Radiological Health
FDA
Suzanne B. Schwartz, MD, MBA is the Director of the Office of Strategic Partnerships and Technology Innovation (OST) at FDA’s Center for Devices & Radiological Health (CDRH). Suzanne’s work in medical device cybersecurity includes raising awareness, educating, outreach, partnering and...
Greg Smith
Solutions Architect
Radiant Logic
Greg Smith is a Solutions Architect with Radiant Logic. He has been implementing Identity & Access Management solutions for over 35 years. He holds BSEG and MSBA degrees from Bucknell University, where he also began his professional career before moving...
Chris Bowen
Founder & Chief Information Security Officer
ClearDATA
Chris is Founder and Chief Information Security Officer at ClearDATA. He leads ClearDATA’s internal privacy, security and compliance strategies as well as advises on the security and privacy risks faced by customers, which include global healthcare organizations, health insurance companies,...
Sharat Chander
Director of Java Product Management
Oracle
Anahi Santiago
CISO
ChristianaCare
Gorka Sadowski
Former Gartner analyst and Chief Strategy Officer
Exabeam
Gorka is Chief Strategy Officer at Exabeam. In his role, he assists the executive team and functional leaders across the company with developing, communicating, executing and sustaining corporate strategic initiatives. Gorka has spent the last 30 years in security with...
Jennings Aske
CISO
New York-Presbyterian
Aske is the CISO for New York-Presbyterian. Prior to this he was VP Information Security & Chief Security Officer of Nuance Communications as well as Chief Information Security and Privacy Officer of Partners HealthCare. Prior to Partners, Aske was the...
Jim Mandelbaum
Field CTO
Gigamon
James is a veteran security professional with Gigamon and has worked with some of the largest companies pre and post breach. He has provided guidance to organizations on methods to build out secure Access and Visibility plans during these times...

View Agenda
Addressing Cyber Attacks During a Global Pandemic

COVID-19 Cybersecurity attacks: Cybersecurity technologies to identify, protect, detect, respond and recover are extremely important, but not sufficient. HumanOS upgrade is required to safely use the Internet and it is not only about training and awareness. It is about the way users must behave online and the IT community must openly acknowledge system vulnerabilities. Humans are the weakest and strongest links in Cybersecurity.

  • 09:10 AM
  • 09:39 AM
Zero Trust and the Dangers of the Implicit Trust

The tenets of zero trust are well defined in NIST SP 800-207, but have many architects truly taken them on-board? Are we exhibiting a familiarity bias: over-trusting certain mechanisms and failing to properly ascertain their trustability, as we are required to?  Are we ignoring others, which provide useful evidence of trustability?  Are we looking too much at the actual network we are trying to protect, and disregarding unmanaged devices, IoT/OT/ICS, BYOD?  Is EDR, as is mandated by EO M-22-01, the right approach, or an initial step on the road?  How do we expect our adversaries to behave, and how do we counter that threat in the way we architect our zero trust environments?

  • 09:45 AM
  • 10:14 AM
Fortify Healthcare: Scaling Defenses in the Age of Globalization
Chris Bowen, Founder & Chief Information Security Officer, ClearDATA

It’s no secret that public cloud has provided the technical catalyst to the healthcare industry’s long-overdue modernization and the keys to the kingdom in terms of its globalization. The resulting access to usable swaths of data is invaluable – and high risk. In this talk, I will explore the unimaginable potential of global data sets and applications, the complexities of addressing multiple compliance frameworks, and the critical strategies security teams must embrace to ensure success.

Chris Bowen
  • 10:20 AM
  • 10:49 AM
IT Leader’s Guide for Modern Application Development in Healthcare
Sharat Chander, Director of Java Product Management , Oracle

The need for agility has never been more important as healthcare organizations revise their processes and applications at an unprecedented pace, and that, in turn, has underscored the need for business-critical application performance, stability and security. As IT leaders guide their teams through ongoing business transformation demands to meet business needs and customer expectations, it is critical to examine how the essential applications are managed and how risk is calculated to drive improvement. Join Sharat Chander, Senior Director of Java Product Management at Oracle, for an insightful discussion to learn how to modernize Java applications while mitigating risk.

Sharat Chander
  • 10:55 AM
  • 11:09 AM
Exhibit & Networking Break
  • 11:10 AM
  • 11:24 AM
Cyber Resiliency: Achievable Goal or Flight-of-Fancy?
James Blake, Field CTO EMEA, Security, Rubrik

Most organisation’s IT infrastructures remain fragile to cyber attacks, especially the current scourge of ransomware operators sweeping across all verticals and all countries across the globe.  Becoming cyber resilient to these kinds of attack is an emergent property, not a collection of products you can buy.  In this session James will discuss those emergent properties and how he has seen organisations best achieve them using best-practice frameworks and solid engineering principles.

James Blake
  • 11:25 AM
  • 11:54 AM
First Responders and the Response to Cybersecurity Concerns

Washington State was the first U.S. epicenter of the COVID-19 pandemic, and as CISO of UW Medicine Cris Ewell was supporting the first responders. How is his security organization most different today than it was a year ago? Hear his approach to:

  • Work from anywhere
  • Supply chain risk
  • Medical device security
  • 12:00 PM
  • 12:29 PM
Lunch
  • 12:30 PM
  • 01:14 PM
Why SOCs Fail
Gorka Sadowski, Former Gartner analyst and Chief Strategy Officer, Exabeam

Millions of dollars are spent annually to set up SOCs in the healthcare industry and yet, in just the last two years alone, 89% of healthcare organizations have experienced a data breach. Why are SOCs failing? Listen as ISMG’s Tom Field interviews Exabeam’s Chief Strategy Officer Gorka Sadowski to learn more about why SOCs always fail when built under the current operating model. And what to do to make SOCs successful using a simple maturity model based on outcomes and use cases.  

Gorka Sadowski
  • 01:15 PM
  • 01:44 PM
Building a Business-Focused, Customer-Centric Security Program: A Case Study


Omar Khawaja, CISO of Highmark Health, describes his organization’s journey to enhance its security program while serving the needs of the business and providing internal customers with ease-of-use.

In this exclusive interview Khawaja will discuss:

  • How security programs must serve the business;
  • The goals of a business-centric security program;
  • How security leaders must avoid saying “no,” and instead demonstrate “here’s how”;
  • Treating the business like a paying client.
  • 01:50 PM
  • 02:19 PM
Defending Against the Surge in Healthcare Cyberattacks During the COVID Crisis
Anahi Santiago, CISO, ChristianaCare

Not only are cybercriminals installing ransomware to encrypt data and freeze up systems, some attacks have evolved with the exfiltration of sensitive patient data and double extortion schemes. In some cases, backup systems are being hit as well, hampering recovery efforts from these attacks. But what are the critical steps and latest  strategies that healthcare sector entities can take to prevent falling victim to these highly disruptive and dangerous attacks, especially as they escalate during the COVID-19 pandemic?

Anahi Santiago
  • 02:25 PM
  • 02:54 PM
Exhibits & Networking Break
  • 02:55 PM
  • 03:09 PM
Digital Supply Chain Security: It’s a Matter of Trust
Michael McNeill, Global CISO , McKesson

After the SolarWinds attack, how can an entity ever trust that any vendor’s security incident won’t become their own next crisis? Healthcare sector entities in particular deal with a complex digital supply chain that range from critical IT vendors to suppliers of life-saving network-connected patient gear, and all the other players – known and maybe unknown – in-between. Our panel will discuss:

  • Digital supply chain challenges spotlighted during COVID-19;
  • Healthcare sector lessons emerging from the SolarWinds and other major vendor attacks;
  • Lessons from the Urgent/11 IPnet vulnerabilities;
  • Cloud vendors and change management issues; 
  • Vetting and trusting third-parties – including their software patches.
Michael McNeill
  • 03:10 PM
  • 03:39 PM
Medical Device Cybersecurity: The Latest Challenges

What’s the status of FDA’s latest guidance and other efforts to help strengthen the cybersecurity of medical devices – especially amid the surge in COVID-19 remote patient monitoring and shortages of certain critical medical equipment? How are medical device makers implementing better security controls and best practices, and what are healthcare delivery organizations doing to keep their patients and data safe from the latest threats facing devices? Our panel will discuss these issues, plus:

  • The ongoing challenges involving legacy devices issues and outdated third-party software;
  • Vulnerability disclosures and patching;
  • Third-party components and a “Cybersecurity Bill of Materials”;
  • What the SolarWinds attack and connected medical devices have in common.
  • 03:45 PM
  • 04:14 PM
Day 2 Agenda

All content from Day 1 will be available on demand from 9 AM - 5 PM ET on Day 2, Wednesday, July 13th. Don’t miss the chance to log-in and consume any content you may not have had the chance to see at your own convenience.

  • 09:00 AM
  • 04:59 PM

Speaker Interviews

July 12 - 13, 2022

Healthcare Summit