Boston, MA
Dec. 5-7, 2016


8:30am - 9:00am
Badge Pick up & Breakfast
Grand Ballroom Foyer

Breakfast will be served in the exhibit area so make sure to stop by the sponsor tables

9:00am - 9:05am
Welcome Remarks
Grand Ballroom

Executive Vice President

9:05am - 10:00am


Cybersecurity: How’d It Get So Bad—and Can We Do Anything About It?
Grand Ballroom

As one of the nation’s preeminent experts on counterintelligence and cybersecurity, Joel Brenner discusses the new security environment and its implications for organizations. Nowadays people can steal information without entering a building, walk out of an office with incredible amounts of information stored in tiny devices, or launch systematic attacks on intellectual property. Personal privacy, business secrets, and government secrets are all vulnerable. Cybersecurity is of the utmost importance to organizations looking to protect themselves. In a presentation that can be tailored to the expertise level of his audience, Brenner discusses internet security and provides insight and practical strategies for businesses on this complex issue.

Former Senior Counsel
National Security Agency (NSA)

10:00am - 10:15am
Security and Privacy by Design
Grand Ballroom

While significant attention has been given to security and privacy concerns surrounding pharmaceutical development, manufacturing, and supply, considerably less has been given to medical devices and diagnostics.  This is perplexing, since for medical devices particularly, the confluence of IoT and mobility represent one of the most attractive areas of cyberattack.  Personal medical records are now valued 10-20 times more highly than financial data.  This information can be used to create online personas, which in turn are used to propagate massive identity theft and other crimes. 

This session will be a call to action to help combat these worrisome emerging trends.

Vice President and Global Lead, Life Sciences and Healthcare

10:15am - 11:00am
Healthcare Security Leadership Panel: State of the Industry
Grand Ballroom

In this kick-off panel, senior security officers from leading healthcare organizations assess the state of the industry. Where are we, and where do we need to go? Where is healthcare falling short when it comes to securing data and protecting patient privacy - and where is it succeeding? What were their biggest initiatives in 2016, and what are their priority projects for 2017? From ransomware to insider threats to selling security to the board to BYOD, healthcare security leaders have their hands full.

In this session, our panelists will discuss how they’re juggling these myriad challenges, and what they see as the keys staying one step ahead of hackers and other threats.

Senior Product Manager
Juniper Networks
Associate CIO of Technology and Infrastructure
Penn Medicine
Christina Care Health System
Johns Hopkins University & Johns Hopkins Medicine
Editor in Chief
Healthcare IT News

11:00am - 11:30am
Networking Break
Grand Ballroom Foyer

Take this opportunity to mingle with your peers in a relaxed setting to build relationships and establish future partnerships. Coffee will be served in the exhibit area so make sure to stop by our sponsor tables.

11:30am - 12:10pm


The Economics of Cyber Attacks on Healthcare Providers
Grand Ballroom

An economic analysis of cyber risks in the healthcare industry can provide a sound basis for decisions about cyber-security budgets, policies, and even specific counter-measures.  It also can provide a window into the new kinds of cyber attacks that are coming, even when they haven’t been seen yet.  The new threats this analysis identifies are more frightening than anything we’ve seen so far, but there is a clear path to dealing with them.

Director and Chief Economist
U.S. Cyber Consequences Unit

12:10pm - 12:25pm
Mitigating Cyber Threats in Healthcare
Grand Ballroom

With each passing day, the frequency and complexity of security threat and breach is expanding. Last year, 170,000,000 identify records were compromised through a series of breaches - 112,000,000 from healthcare alone.  

Managing threat and risk has become convoluted due to many factors such as:

- Traditional data boundaries no longer exist

- The concept of connectivity from any device, anytime, anywhere has expanded access control and business application connectivity challenges

- The concept of open access for today's "connected" devices (IoT), has opened up questions like - what am I actually connecting to, is it authorized and safe, and how am I sure the data exchange is meeting policy?

As a result, information security risk management has become a very difficult task, requiring a detailed understanding of threat and risk, a complete model to determine "real and measurable" risk, and a comprehensive program of risk governance.

We will discuss the current state of the threat, the types of attacks and techniques that are being executed, and review an information security risk management program strategy that can help healthcare organizations meet this threat head on and develop a plan for moving their existing risk into an acceptable range.


Practice Director of Security and Mobility

12:25pm - 1:00pm


How to Build a Security Techology Portfolio: Take Risks to Manage Risks
Grand Ballroom

Aetna CISO Jim Routh leads a global information security team for an organization that serves more than 46 million people. That’s a lot of PHI! In this session, the 20-year security veteran explains how a key component of his approach to safeguarding data is to devote 25% of his budget to purchasing new or emerging technology controls from early-stage companies. It’s the best way he knows to discover game-changing solutions, and because emerging technology is less expensive than more mature solutions, this approach is viable for even smaller healthcare organizations with limited resources. In this session, Routh will discuss his approach to building an effective security technology portfolio. Key discussion points will address his investment philosophy, early stage adoption of less mature solutions (taking risks to reduce risks), when to maintain and/or replace legacy technology, and his vendor evaluation and procurement process.

Chief Information Security Officer

1:00pm - 2:00pm
Networking Luncheon
Grand Ballroom Foyer

Take this opportunity to mingle with your peers in a relaxed setting to build relationships and establish future partnerships. Coffee will be served in the exhibit area so make sure to stop by our sponsor tables.

2:00pm - 2:30pm
An Integrated Approach to Information Security
Grand A/B

Risk analysis is the first step to secure patient data and improve security. Often remediating vulnerabilities is a challenge because it typically requires significant resources. Overcoming it requires aligning security with the rest of the business. This session will describe how infosec leaders can collaborate across the enterprise to improve the program and meet business goals.

VP, Security Strategy
Senior Vice President, Chief Information Officer
Virtua Health

2:00pm - 2:30pm
Mayo's Way: Systematic Anti-Phishing Campaign Pays Dividends
Grand C

Many security breaches at healthcare institutions begin as a result of phishing. Mayo Clinic has initiated an institution wide No Phishing Campaign that includes mandatory education and simulated phishing exercises for all employees. This presentation will discuss the details of the campaign and share data about its effectiveness. Speakers will also share examples of improvement in identifying phishing emails by front line staff as well as the institutional benefits of having end users as phishing monitors. The presentation will also discuss the changing varieties of phishing emails, the increasing use of social engineering, and the importance of continued end-user education in the identification process.

Associate Dean of Clinical Practices
Mayo Clinic
Director of Behaviorial Management in the Office of Information Security
Mayo Clinic

2:00pm - 2:30pm
Security Blueprint: Managing Resources and Prioritizing Risks
Grand D

In this session, attendees will learn how to create a strategic plan for a robust cyber security programs.

Chief Information Security Officer
Texas Children's Hospital

2:40pm - 3:10pm
Threat Intelligence: Head off Attacks Before the Damage is Done
Grand A/B

Attackers often employ a pattern of steps, each of which leaves a distinct trail for security teams in the know. That’s where threat information sharing comes in. Similar to counterterrorism, intelligence of threat activity gives security teams advanced warning and the ability to turn the tables on hackers and prevent or halt an attack before damage occurs.

In fact, many security professionals consider information sharing the gold-standard when it comes to creating a proactive cyber defense. NH-ISAC is the nation’s Healthcare and Public Health Information Sharing and Analysis Center, responsible for making public all-hazards (physical and cyber) to our nation’s critical security infrastructure resilience.

In this session, NH-ISAC Executive Director Denise Anderson will demonstrate through case studies and personal experience why trusted, timely, and actionable cyber intelligence and situational awareness are key to securing your organization's data assets.

Attendees will leave this session understanding:

  • The importance of information sharing
  • The types of information shared
  • The manner in which information is shared
Executive Director

2:40pm - 3:10pm
Guard Patient Privacy with Data Analytics
Grand C

In the face of new and increasing threats to patient data, CRISP, Maryland’s statewide health information exchange (HIE), is tasked with securely sharing health information among approved doctor offices, hospitals, labs, radiology centers, and other health organizations. CRISP opted to take a new and unique approach to data security and protecting patient privacy. Unlike traditional compliance tools available today that rely on simple rules engines, CRISP implemented a new proactive patient privacy analytics platform with clinical context and machine learning to help detect true threats to patient privacy. In this session, attendees will learn how CRISP has used this technology to increase its security posture, is able to zero in on potential threats to the EHR across its network (which includes more than 60 hospitals and healthcare organizations), and can efficiently and effectively resolve investigations that previously may have taken months in a matter of minutes.

Vice President of Operations
Chesapeake Regional Information System for our Patients (CRISP)

2:40pm - 3:10pm
Move Beyond Technology with "Visible Ops Security"
Grand D

The IT Process Institute has studied and benchmarked more than 850 IT organizations to gain deeper insights into what enables high performers to excel. This research shows that high-performing information security and IT teams often achieve their performance breakthroughs using the same approaches and techniques.

In this session, IT Process Institute CEO Scott Alldridge will explain how healthcare organizations might replicate these processes. Specifically, he’ll address the concept of “visible ops security’, which helps organizations move beyond a focus on technology and promote effective teamwork with IT, helping security professionals strengthen relationships with IT and project-development teams to achieve IT, operational, and business goals.

In the predominant healthcare culture, where security is often perceived as the “Department of No,” Alldridge will provide solid advice to how to break down silos and better secure your organization’s assets.

IT Process Institute

3:20pm - 3:50pm
Prepare and Protect: A Multi-Pronged Approach to Thwart Threats
Grand A/B

Cambridge Health Alliance (CHA) is one of many hospitals that have embraced healthcare technology to improve patient care. But as hospitals like CHA go digital, there are growing concerns about the safety and security of patient data. As security breaches grow more prevalent, healthcare organizations need to take steps to prepare for more sophisticated attacks and protect their systems.

CHA has focused on security measures that are seamless and easy to use, including moving away from passwords for user authentication. In this session, CHA’s CISO Art Ream will outline the steps that CHA has taken to successfully secure its systems, including implementing new solutions, exploring new technologies, training providers and staff, and conducting preparedness drills.


Chief Information Security Officer and Director of Information Technology Applications
Cambridge Health Alliance

3:20pm - 3:50pm
Mission Critical: Best Practices in Identity and Access Management
Grand C

Tom Walsh has years of experience developing, improving, and guiding security initiatives for healthcare organizations and businesses in other industries. It’s safe to say he’s seen it all, the good, the bad, and the ugly.

In this session, Tom draws on his years of experience to give attendees a set of critical best practices for effective identity and access management (IAM).

Done correctly, IAM facilitates an organization's business goals, combining process and technology to allow the right individuals access to the right resources for the right reasons. But a faulty approach to IAM opens the door to inappropriate access to sensitive data and increases the risk of a major compliance violation and/or breach.

When it comes to IAM, healthcare organizations must get it right - for their patients and their business - and Tom will help attendees do just that.


3:20pm - 3:50pm
Hackers for Hire Discuss Most Common Security Gaps
Grand D

Just how vulnerable is your organization’s network? In this session, two highly experienced ethical hackers draw upon their years of experience to address that exact question. In what is sure to be an eye-opening 30-minutes, the two “white hats” will discuss the top vulnerabilities they find when penetrating testing computer networks. With healthcare breaches on the rise, this information will give attendees plenty to think about—and provide insight into whether their networks are as safe as they could be.

Secure Ideas
Ethical Hacker/Consultant
Editor in Chief
Healthcare IT News

3:50pm - 4:10pm
Networking Break
Grand Ballroom Foyer

Take this opportunity to mingle with your peers in a relaxed setting to build relationships and establish future partnerships. Coffee will be served in the exhibit area so make sure to stop by our sponsor tables.

4:10pm - 4:45pm


Framing and Communicating Cyber Threats to the CEO & Board
Grand Ballroom

Cybersecurity risks permeate hospital systems and networks. This panel will explore case studies to show how hospital systems can strategically frame cybersecurity risk through the use of evidence-based scenarios. This approach enables hospitals and medical centers to manage and mitigate cyber security risk across the enterprise and communicate cyber risk effectively to the CEO and the board.

Partner-in-Charge Information Assurance Services
Member, Board of Directors
Brant Community Healthcare System
Associate CIO of Technology and Infrastructure
Penn Medicine
Senior Vice President, CIO
University of Maryland Medical System
Data Privacy Board Chair
National Cyber Security Alliance

4:45pm - 5:00pm
Learn How to Protect Yourself from CryptoLocker Ransomware Variants
Grand Ballroom

Recently, attackers employing a CryptoLocker variant have been removing volume shadow copies on systems, disallowing the users from restoring those files and then encrypting the files for ransom. If a user cannot recover from backups, he/she is at the attacker’s mercy.

In this technical session, we’ll discuss the ins and outs of shadow copies, reveal how attackers are using them to encrypt files for ransom and then discuss ways you can quickly, and easily, detect and respond to these kinds of attacks.

Security Operations Lead
Carbon Black

5:30pm - 6:30pm
Networking Reception
Grand Ballroom Foyer

It's more than just meeting people—it's connecting with the right people. Share knowledge and best practices, and make connections with like-minded professionals. Plus, connect with exhibiting companies and uncover innovative approaches to accelerate healthcare transformation in your organization.

Get Updates

Sign up to get the latest information on upcoming events.