PRIVACY & SECURITY FORUM: A HIMSS EVENT

Boston, MA
Dec. 5-7, 2016

Schedule

The forum will take place in the Grand Ballroom—Concourse Level at the Westin Boston Waterfront

8:30am - 9:00am
Badge Pick up & Breakfast
Grand Ballroom Foyer

Breakfast will be served in the exhibit area so make sure to stop by the sponsor tables

9:00am - 9:05am
Welcome Remarks
Grand Ballroom

John
Whelan
Executive Vice President
HIMSS Media
Download ps_no_slide_template.pdf (99.49 KB)

9:05am - 10:00am

KEYNOTE

Cybersecurity: How’d It Get So Bad—and Can We Do Anything About It?
Grand Ballroom

As one of the nation’s preeminent experts on counterintelligence and cybersecurity, Joel Brenner discusses the new security environment and its implications for organizations. Nowadays people can steal information without entering a building, walk out of an office with incredible amounts of information stored in tiny devices, or launch systematic attacks on intellectual property. Personal privacy, business secrets, and government secrets are all vulnerable. Cybersecurity is of the utmost importance to organizations looking to protect themselves. In a presentation that can be tailored to the expertise level of his audience, Brenner discusses internet security and provides insight and practical strategies for businesses on this complex issue.

Joel
Brenner
Former Senior Counsel
National Security Agency (NSA)
Download security_and_privacy_by_design.pdf (2.08 MB)

10:00am - 10:15am
Security and Privacy by Design
Grand Ballroom

While significant attention has been given to security and privacy concerns surrounding pharmaceutical development, manufacturing, and supply, considerably less has been given to medical devices and diagnostics.  This is perplexing, since for medical devices particularly, the confluence of IoT and mobility represent one of the most attractive areas of cyberattack.  Personal medical records are now valued 10-20 times more highly than financial data.  This information can be used to create online personas, which in turn are used to propagate massive identity theft and other crimes. 

This session will be a call to action to help combat these worrisome emerging trends.

Jeff
Livingstone
Vice President and Global Lead, Life Sciences and Healthcare
Unisys

10:15am - 11:00am
Healthcare Security Leadership Panel: State of the Industry
Grand Ballroom

In this kick-off panel, senior security officers from leading healthcare organizations assess the state of the industry. Where are we, and where do we need to go? Where is healthcare falling short when it comes to securing data and protecting patient privacy - and where is it succeeding? What were their biggest initiatives in 2016, and what are their priority projects for 2017? From ransomware to insider threats to selling security to the board to BYOD, healthcare security leaders have their hands full.

In this session, our panelists will discuss how they’re juggling these myriad challenges, and what they see as the keys staying one step ahead of hackers and other threats.

Albert
Lew
Senior Product Manager
Juniper Networks
John
Donohue
Associate CIO of Technology and Infrastructure
Penn Medicine
Anahi
Santiago
Christina Care Health System
CISO
Darren
Lacey
Johns Hopkins University & Johns Hopkins Medicine
CISO
Tom
Sullivan
Editor in Chief
Healthcare IT News

11:00am - 11:30am
Networking Break
Grand Ballroom Foyer

Take this opportunity to mingle with your peers in a relaxed setting to build relationships and establish future partnerships. Coffee will be served in the exhibit area so make sure to stop by our sponsor tables.

11:30am - 12:10pm

FEATURED SPEAKER

The Economics of Cyber Attacks on Healthcare Providers
Grand Ballroom

An economic analysis of cyber risks in the healthcare industry can provide a sound basis for decisions about cyber-security budgets, policies, and even specific counter-measures.  It also can provide a window into the new kinds of cyber attacks that are coming, even when they haven’t been seen yet.  The new threats this analysis identifies are more frightening than anything we’ve seen so far, but there is a clear path to dealing with them.

Scott
Borg
Director and Chief Economist
U.S. Cyber Consequences Unit

12:10pm - 12:25pm
Mitigating Cyber Threats in Healthcare
Grand Ballroom

With each passing day, the frequency and complexity of security threat and breach is expanding. Last year, 170,000,000 identify records were compromised through a series of breaches - 112,000,000 from healthcare alone.  

Managing threat and risk has become convoluted due to many factors such as:

- Traditional data boundaries no longer exist

- The concept of connectivity from any device, anytime, anywhere has expanded access control and business application connectivity challenges

- The concept of open access for today's "connected" devices (IoT), has opened up questions like - what am I actually connecting to, is it authorized and safe, and how am I sure the data exchange is meeting policy?

As a result, information security risk management has become a very difficult task, requiring a detailed understanding of threat and risk, a complete model to determine "real and measurable" risk, and a comprehensive program of risk governance.

We will discuss the current state of the threat, the types of attacks and techniques that are being executed, and review an information security risk management program strategy that can help healthcare organizations meet this threat head on and develop a plan for moving their existing risk into an acceptable range.

 

Stephen
Nardone
Practice Director of Security and Mobility
Connection
Download privacy_security_forum_boston_jmr_handout.pdf (1.95 MB)

12:25pm - 1:00pm

CISO SPOTLIGHT

How to Build a Security Techology Portfolio: Take Risks to Manage Risks
Grand Ballroom

Aetna CISO Jim Routh leads a global information security team for an organization that serves more than 46 million people. That’s a lot of PHI! In this session, the 20-year security veteran explains how a key component of his approach to safeguarding data is to devote 25% of his budget to purchasing new or emerging technology controls from early-stage companies. It’s the best way he knows to discover game-changing solutions, and because emerging technology is less expensive than more mature solutions, this approach is viable for even smaller healthcare organizations with limited resources. In this session, Routh will discuss his approach to building an effective security technology portfolio. Key discussion points will address his investment philosophy, early stage adoption of less mature solutions (taking risks to reduce risks), when to maintain and/or replace legacy technology, and his vendor evaluation and procurement process.

Jim
Routh
Chief Information Security Officer
Aetna

1:00pm - 2:00pm
Networking Luncheon
Grand Ballroom Foyer

Take this opportunity to mingle with your peers in a relaxed setting to build relationships and establish future partnerships. Coffee will be served in the exhibit area so make sure to stop by our sponsor tables.

2:00pm

2:00pm - 2:30pm
An Integrated Approach to Information Security
Grand A/B

Risk analysis is the first step to secure patient data and improve security. Often remediating vulnerabilities is a challenge because it typically requires significant resources. Overcoming it requires aligning security with the rest of the business. This session will describe how infosec leaders can collaborate across the enterprise to improve the program and meet business goals.

Clyde
Hewitt
VP, Security Strategy
CynergisTek
Tom
Gordon
Senior Vice President, Chief Information Officer
Virtua Health
Download mayos_way_systematic_anti-phishing_campaign_pays_dividends.pdf (3.78 MB)

2:00pm - 2:30pm
Mayo's Way: Systematic Anti-Phishing Campaign Pays Dividends
Grand C

Many security breaches at healthcare institutions begin as a result of phishing. Mayo Clinic has initiated an institution wide No Phishing Campaign that includes mandatory education and simulated phishing exercises for all employees. This presentation will discuss the details of the campaign and share data about its effectiveness. Speakers will also share examples of improvement in identifying phishing emails by front line staff as well as the institutional benefits of having end users as phishing monitors. The presentation will also discuss the changing varieties of phishing emails, the increasing use of social engineering, and the importance of continued end-user education in the identification process.

Mark
Parkulo
Associate Dean of Clinical Practices
Mayo Clinic
JoEllen
Frain
Director of Behaviorial Management in the Office of Information Security
Mayo Clinic

2:00pm - 2:30pm
Security Blueprint: Managing Resources and Prioritizing Risks
Grand D

In this session, attendees will learn how to create a strategic plan for a robust cyber security programs.

Sanjeev
Sah
Chief Information Security Officer
Texas Children's Hospital
2:40pm

2:40pm - 3:10pm
Threat Intelligence: Head off Attacks Before the Damage is Done
Grand A/B

Attackers often employ a pattern of steps, each of which leaves a distinct trail for security teams in the know. That’s where threat information sharing comes in. Similar to counterterrorism, intelligence of threat activity gives security teams advanced warning and the ability to turn the tables on hackers and prevent or halt an attack before damage occurs.

In fact, many security professionals consider information sharing the gold-standard when it comes to creating a proactive cyber defense. NH-ISAC is the nation’s Healthcare and Public Health Information Sharing and Analysis Center, responsible for making public all-hazards (physical and cyber) to our nation’s critical security infrastructure resilience.

In this session, NH-ISAC Executive Director Denise Anderson will demonstrate through case studies and personal experience why trusted, timely, and actionable cyber intelligence and situational awareness are key to securing your organization's data assets.

Attendees will leave this session understanding:

  • The importance of information sharing
  • The types of information shared
  • The manner in which information is shared
Denise
Anderson
Executive Director
NH-ISAC
Download guard_patient_privacy_with_data_analytics.pdf (936.23 KB)

2:40pm - 3:10pm
Guard Patient Privacy with Data Analytics
Grand C

In the face of new and increasing threats to patient data, CRISP, Maryland’s statewide health information exchange (HIE), is tasked with securely sharing health information among approved doctor offices, hospitals, labs, radiology centers, and other health organizations. CRISP opted to take a new and unique approach to data security and protecting patient privacy. Unlike traditional compliance tools available today that rely on simple rules engines, CRISP implemented a new proactive patient privacy analytics platform with clinical context and machine learning to help detect true threats to patient privacy. In this session, attendees will learn how CRISP has used this technology to increase its security posture, is able to zero in on potential threats to the EHR across its network (which includes more than 60 hospitals and healthcare organizations), and can efficiently and effectively resolve investigations that previously may have taken months in a matter of minutes.

Brandon
Neiswender
Vice President of Operations
Chesapeake Regional Information System for our Patients (CRISP)
Download move_beyond_technology_with_visible_ops_security.pdf (860.98 KB)

2:40pm - 3:10pm
Move Beyond Technology with "Visible Ops Security"
Grand D

The IT Process Institute has studied and benchmarked more than 850 IT organizations to gain deeper insights into what enables high performers to excel. This research shows that high-performing information security and IT teams often achieve their performance breakthroughs using the same approaches and techniques.

In this session, IT Process Institute CEO Scott Alldridge will explain how healthcare organizations might replicate these processes. Specifically, he’ll address the concept of “visible ops security’, which helps organizations move beyond a focus on technology and promote effective teamwork with IT, helping security professionals strengthen relationships with IT and project-development teams to achieve IT, operational, and business goals.

In the predominant healthcare culture, where security is often perceived as the “Department of No,” Alldridge will provide solid advice to how to break down silos and better secure your organization’s assets.

Scott
Alldridge
CEO
IT Process Institute
3:20pm
Download prepare_and_protect-_a_multi-pronged_approach_to_thwart_threats_.pdf (732.7 KB)

3:20pm - 3:50pm
Prepare and Protect: A Multi-Pronged Approach to Thwart Threats
Grand A/B

Cambridge Health Alliance (CHA) is one of many hospitals that have embraced healthcare technology to improve patient care. But as hospitals like CHA go digital, there are growing concerns about the safety and security of patient data. As security breaches grow more prevalent, healthcare organizations need to take steps to prepare for more sophisticated attacks and protect their systems.

CHA has focused on security measures that are seamless and easy to use, including moving away from passwords for user authentication. In this session, CHA’s CISO Art Ream will outline the steps that CHA has taken to successfully secure its systems, including implementing new solutions, exploring new technologies, training providers and staff, and conducting preparedness drills.

 

Arthur
Ream
Chief Information Security Officer and Director of Information Technology Applications
Cambridge Health Alliance
Download mission_critical_-_best_practices_in_identity_and_access_management.pdf (921.39 KB)

3:20pm - 3:50pm
Mission Critical: Best Practices in Identity and Access Management
Grand C

Tom Walsh has years of experience developing, improving, and guiding security initiatives for healthcare organizations and businesses in other industries. It’s safe to say he’s seen it all, the good, the bad, and the ugly.

In this session, Tom draws on his years of experience to give attendees a set of critical best practices for effective identity and access management (IAM).

Done correctly, IAM facilitates an organization's business goals, combining process and technology to allow the right individuals access to the right resources for the right reasons. But a faulty approach to IAM opens the door to inappropriate access to sensitive data and increases the risk of a major compliance violation and/or breach.

When it comes to IAM, healthcare organizations must get it right - for their patients and their business - and Tom will help attendees do just that.

Tom
Walsh
President
tw-Security

3:20pm - 3:50pm
Hackers for Hire Discuss Most Common Security Gaps
Grand D

Just how vulnerable is your organization’s network? In this session, two highly experienced ethical hackers draw upon their years of experience to address that exact question. In what is sure to be an eye-opening 30-minutes, the two “white hats” will discuss the top vulnerabilities they find when penetrating testing computer networks. With healthcare breaches on the rise, this information will give attendees plenty to think about—and provide insight into whether their networks are as safe as they could be.

Kevin
Johnson
CEO
Secure Ideas
Chris
Crowley
Ethical Hacker/Consultant
Montance
Tom
Sullivan
Editor in Chief
Healthcare IT News

3:50pm - 4:10pm
Networking Break
Grand Ballroom Foyer

Take this opportunity to mingle with your peers in a relaxed setting to build relationships and establish future partnerships. Coffee will be served in the exhibit area so make sure to stop by our sponsor tables.

4:10pm - 4:45pm

CYBERSECURITY LEADERSHIP

Framing and Communicating Cyber Threats to the CEO & Board
Grand Ballroom

Cybersecurity risks permeate hospital systems and networks. This panel will explore case studies to show how hospital systems can strategically frame cybersecurity risk through the use of evidence-based scenarios. This approach enables hospitals and medical centers to manage and mitigate cyber security risk across the enterprise and communicate cyber risk effectively to the CEO and the board.

Dan
Schroeder
Partner-in-Charge Information Assurance Services
HA&W
Kevin
Magee
Member, Board of Directors
Brant Community Healthcare System
John
Donohue
Associate CIO of Technology and Infrastructure
Penn Medicine
Jon
Burns
Senior Vice President, CIO
University of Maryland Medical System
Dan
Caprio
Data Privacy Board Chair
National Cyber Security Alliance
Download learn_how_to_protect_yourself_from_cryptolocker_ransomware_variants.pdf (3.48 MB)

4:45pm - 5:00pm
Learn How to Protect Yourself from CryptoLocker Ransomware Variants
Grand Ballroom

Recently, attackers employing a CryptoLocker variant have been removing volume shadow copies on systems, disallowing the users from restoring those files and then encrypting the files for ransom. If a user cannot recover from backups, he/she is at the attacker’s mercy.

In this technical session, we’ll discuss the ins and outs of shadow copies, reveal how attackers are using them to encrypt files for ransom and then discuss ways you can quickly, and easily, detect and respond to these kinds of attacks.

Ryan
Nolette
Security Operations Lead
Carbon Black
Download powering_the_modern_healthcare_organization.pdf (4.08 MB)

5:00pm - 5:30pm

CYBERSECURITY LEADERSHIP

Powering the Modern Healthcare Organization
Grand Ballroom

We have recently seen some of the most sensational data breaches ever, and more and more healthcare organizations must grapple with extortion in the form of ransomware. What’s going on and what can be done about it?

In this final presentation of the day, join cybersecurity author and educator Mansur Hasib in this highly interactive session, as he shares his views and analysis on the importance of people, leadership, and culture in cybersecurity.

Mansur has strong views on this. Healthcare security has suffered the effects of having no leadership or no strategy or trying to make it all about technology, and, he says, it’s time to change.

Mansur
Hasib
Program Chair, Cybersecurity Technology
University of Maryland University College

5:30pm - 6:30pm
Networking Reception
Grand Ballroom Foyer

It's more than just meeting people—it's connecting with the right people. Share knowledge and best practices, and make connections with like-minded professionals. Plus, connect with exhibiting companies and uncover innovative approaches to accelerate healthcare transformation in your organization.

Get Updates

Sign up to get the latest information on upcoming events.

 

Subscribe