San Francisco, CA
May 11-12, 2017


8:30am - 9:00am
Breakfast and Badge Pickup
Grand Ballroom

Breakfast will be served in the Grand Ballroom so make sure to stop by the sponsor tables.

9:00am - 9:05am
Welcome Remarks
Grand Ballroom

Healthcare IT News

9:05am - 9:50am


The Evolving Healthcare Information Security Organization
Grand Ballroom

When it comes to healthcare information security, few have a bigger threat landscape to secure than George DeCesare, senior vice president and chief technology risk officer for Kaiser Permanent. As of 2016, Kaiser had had 10.2 million health plan health members, 186,497 employees, 18,652 physicians, 51,010 nurses, 38 medical centers, 622 medical offices, and $60.7 billion in operating revenue.

DeCesare leads the healthcare giant’s cyber security, technology risk and compliance, and identity and access management initiatives. He makes sure that as healthcare grows increasingly dependent on technology and digital information, Kaiser Permanente remains innovative, proactive, and agile in managing its information technology risks.

In his opening keynote, DeCesare will explain how he leads the charge to do just that. In a talk peppered with best practices and practical advice, DeCesare will examine healthcare’s current threat landscape and give a high-level overview of how Kaiser approaches cyber security, manages risk and communicates those risks to board members in business terms they understand.

Senior Vice President, Chief Technology Risk Officer
Kaiser Permanente

9:50am - 10:05am

Security and Privacy by Design

Medical Devices as a Gateway to Cybercrime
Grand Ballroom

While significant attention has been given to security and privacy concerns surrounding pharmaceutical development, manufacturing, and supply, considerably less has been given to medical devices and diagnostics. This is perplexing, since for medical devices particularly, the confluence of IoT and mobility represent one of the most attractive areas of cyberattack. Personal medical records are now valued 10-20 times more highly than financial data. This information can be used to create online personas, which in turn are used to propagate massive identity theft and other crimes. This session will be a call to action to help combat these worrisome emerging trends.

Global Director, Life Sciences and Healthcare

10:05am - 10:45am

State of the Industry

Ransomware, IoT, and Confronting New and Emerging Threats
Grand Ballroom

The threat landscape is changing and hackers have become much more dangerous and disruptive to healthcare. New and emerging attacks are more impactful because they interrupt services and communications. They can cripple an organization by taking down its infrastructure and internet connections, and, most alarmingly, this poses a major risk to patient care.

Whether its identity theft, ransomware (extortion), targeting employees through increasingly creative phishing emails, or myriad other attacks, hackers have healthcare squarely in their sights.

In this opening state-of-the-industry discussion, our panel of seasoned healthcare security veterans survey the threat landscape and explain what they are doing to counter hackers.

Key discussion points:

  • Enhancing network integrity.
  • Increasing threat awareness through better detection.
  • Strengthening data loss prevention and other solutions to stop data exfiltration.
  • More

Attendees will also have ample opportunity to ask questions.


Vice President of Premier Accounts
Sungard Availability Services
Senior Healthcare Business Strategist
Director of Information Security
Cancer Treatment Centers of America
Chief Information Security Officer
Christiana Care Health System

10:45am - 11:15am
Networking Break
Grand Ballroom

Take this opportunity to mingle with your peers in a relaxed setting to build relationships and establish future partnerships. Coffee will be served in the Grand Ballroom so make sure to stop by our sponsor tables.

11:15am - 11:45pm

Securing the Weakest Link

A Tested and Proven Approach to Defeating Phishing Attacks
Grand Ballroom

When it comes to thwarting cyber criminals, healthcare organizations devote significant resources to deploying products and services, but often they do not pay nearly as much attention to what is widely considered the weakest link: the human element.

In this session, Fernando Martinez, a veteran security expert and chief data officer for the 500-member Texas Hospital Association, shares with attendees the organization’s new and highly effective cybersecurity awareness program.

At the core of the program, THA works with member hospitals to execute two waves of phishing attacks and, after each wave, provides follow-up employee awareness training. Hospitals participating in the program averaged a 60% reduction in click rates.

Best off all, Martinez says, any healthcare organization can adopt this customizable approach and significantly improve its security posture – and he’s going to explain how.

“It’s a valuable and easy way to manage the biggest risk an organization faces,” he said. “If you have people falling for those things, all the money you spend on tech will not help.”

Key takeaways:

  • Gain awareness of a successful cybersecurity training and awareness programs.
  • Learn a targeted approach to reduce organizational risk from cybersecurity threats.
  • Learn how to develop and and promote incident response preparedness for cyber security incidents.
Chief Digital Officer
Texas Hospital Association

11:45am - 12:00pm

Identity & Access Management - Part 1

Assessing Your Identity Management Maturity
Grand Ballroom

All healthcare organizations, including health insurers, medical practices, hospitals, labs, and government agencies, process and store huge volumes of sensitive information – from medical records to payment information to personal identifiers, like social security numbers and birthdates. Inadequate controls in IAM processes and technology can lead to exposure of this data and HIPAA and PHI non-compliance issues.

IAM failure rates are high for healthcare organizations because many practices rely on individuals to manage complex processes completely by hand. Often organizations neglect to deal with faulty processes and bad data. They make the mistake of acquiring technology to mitigate the risks without taking the time to correct any known or perceived gaps in the process or data. The result of this approach is that governance is ad hoc and informal, tools are put in place on a piecemeal basis, and responsibilities are poorly defined.

IAM assessments identify these gaps and provide an organization with a roadmap to better Identity & Access Management and stronger security of their data and applications.


CEO & Chief Strategist

12:00pm - 12:40pm

Humans and Machines

Projecting the Future of Cybersecurity
Grand Ballroom

The UC Berkeley Center for Long-Term Cybersecurity (CLTC) is developing and shaping cybersecurity research and practice based on a long-term vision of the internet and its future. Cybersecurity is quickly becoming the master problem of the Internet era, and the center conducts research into the socio-economic, technology and policy issues that will bear on security wherever humans and digital machines interact.

In this session, researchers will give an engaging and provocative presentation, discussing the security implications of three or four core transformative technological trends related to identity and authentication on the internet. Some of these technological trends include machine learning and artificial intelligence, the proliferation of bio-sensors, and the expansion of affective (emotional) computing.

The researchers will discuss the implications for the health industry from these trends, and give attendees a fascinating and informative look into the future of cybersecurity.

Faculty Director, Center for Long Term Cybersecurity
University of California, Berkeley
Executive Director, Center for Long-Term Cybersecurity
University of California, Berkeley

12:40pm - 1:40pm
Networking Lunch
Grand Ballroom

Take this opportunity to mingle with your peers in a relaxed setting to build relationships and establish future partnerships. Coffee will be served in the exhibit area so make sure to stop by our sponsor tables.

1:40pm - 2:20pm

Game Changer

Why You Can't Afford to Be Wrong About Risk Management
Grand Ballroom

Consumerism has created a brave new world for healthcare. People have choices. That means if bad news surfaces in public, it could generate a calamitous loss of revenue as consumers seek care from other providers. The problem is, when it comes to risk management, healthcare is behind the curve, and only those organizations that can identify, quantify and operationalize risk will emerge as victors.

So, how do you get risk management right?

In this session, Jane Harper, the director of privacy and security risk management at Henry Ford Health System, addresses that question head-on and gives attendees information they can bank on.

She’ll cover:

  • Techniques for risk management.
  • Key changes in healthcare that affect risk environment.
  • The impact of consumerism on risk management.

Bad risk management can doom an organization just as surely as good risk management can help it succeed. Jane will separate the good from the bad and help attendees lead their organizations forward.

Director Privacy & Security Risk Management
Henry Ford Health System

2:20pm - 3:00pm

Identity & Access Management - Part 2

Intermountain's Way - Making Consumer IAM and Legacy IAM Play Nice
Grand Ballroom

Healthcare organizations typically use multiple information systems, and the technology deployed to manage identity and access management can be diverse. Additionally, ensuring the minimum necessary access to these systems, proper audit and attestation can include weighty or overbearing processes and configuration activities.

Intermountain Healthcare addressed these challenges by using identity technologies and a data security administrator model that has proven effective over many years. Also, as the organization’s focus has turned to providing an improved patient experience with information systems, consumer identity and access management (CIAM) is quickly becoming an important area of focus.

In this session, attendees will get an inside look at Intermountain’s approach to IAM as well as the methods and technology the organization uses to address the challenges CIAM poses to legacy IAM systems.

Director, Cybersecurity Architecture
Intermountain Healthcare

3:00pm - 3:30pm
Networking Break
Grand Ballroom

Take this opportunity to mingle with your peers in a relaxed setting to build relationships and establish future partnerships. Coffee will be served in the Grand Ballroom so make sure to stop by our sponsor tables.

3:30pm - 4:05pm

Vendor Management

How to Create Compliant Security Relationships
Grand Ballroom

The HITECH Act’s expansion of the HIPAA Privacy and Security Rule requirements to any contractor or vendor that handles the protected health information of a covered entity profoundly changed the dynamic between healthcare providers and their business associates. In this new environment, providers must hold their vendors more accountable for information assurance.

This presentation will review these regulatory changes and shed light on what must change in the relationship between covered entities and business associates. It will review strategies and highlight best practices to ensure that these business partners understand how to develop an effective, compliant relationship that ultimately improves the security of patient information. Attendees will learn how to establish a lifecycle vendor management system to create a successful partnership with business associates.

Key takeaways:

  • Explain regulatory changes that impact the dynamic between healthcare providers and business associates.
  • Identify strategies providers can use to improve vendor selection and management for compliance.
  • Describe a five-step life cycle approach for managing vendor security requirements.
Technology Director - ISO
Inspira Health Network
Vice President, Corporate Compliance
Inspira Health Network

4:05pm - 4:20pm
How Navy SEAL Methodologies Can Be Successfully Applied to Strengthen IT Security Posture
Grand Ballroom

Most breaches are caused by basic hygiene issues that could have easily been identified and corrected with the proper visibility and remediation tactics. The SEAL Teams have a documented history of success in responding to incidents due to three pillars of execution focus: Simple Execution Plans, Unparalleled Speed to Take Action and Mission First. In this session, retired Senior Chief Chuck McGraw will discuss his 20-year career as a Navy SEAL and how SEAL methodologies can be applied to building an elite team and managing organizations to achieve better security posture.

  • KISS Planning Principle
  • Speed is Paramount
  • Mission Focused
Director of Sales Enablement & Training

4:20pm - 5:00pm

Storied Leadership

A CISO's Guide to Effective Strategic Communication
Grand Ballroom


As CISOs have evolved beyond security practitioners into business leaders, the required aptitudes and skills have changed as well. Security leaders must now be able to eliminate the geek-speak and articulate their program mission, vision and goals in a clear and meaningful way. Effective communication is key to fostering an organizational culture of security and ensure program buy-in and support from leaders and staff.

In this session, Terry Ziemniak, CISO at Carolinas Healthcare System, one of the largest not-for-profit systems in the country, draws on 20+ years of overseeing cybersecurity programs to share with attendees his proven success in vocalizing, building, executing, and improving security programs.

AVP, Chief Information Security Officer
Carolinas Healthcare System

5:00pm - 6:00pm
Networking Reception
Grand Ballroom

Get Updates

Sign up to get the latest information on upcoming events.