California Healthcare Cybersecurity Forum Agenda

Friday, September 20, 2019
7:30 AM
8:15 AM
8:30 AM
Framing Cybersecurity During Budget Discussions - Selling Cyber to Your Leadership as Part of Business in the Technology Age 
As technology becomes seamlessly integrated into businesses, the strategy and risk management of that technology needs to be just as seamlessly integrated into business discussions. Join Sara Hall for a discussion on how cyber leadership can sell this integration to top leadership as part of doing business in the technology age. 
9:00 AM
Provider Spotlight
Eric Nielsen will provide the key strategies to rapidly and effectively deploy and implement your information security program and increase your maturity scores.
Have you joined an organization without an information security program? Do you know where start? Do you know what initiatives you need to prioritize? Seeking to enhance an existing information security program? Do you need organizational buy-in? How do you get it?
10:00 AM
Industry Partner Spotlight
Visibility is great, but what Visibility by itself. It’s not enough to just know about the devices and the risks they pose. You also need to automate the processes to mitigate the risks and orchestrate the appropriate controls. In this session, Ellen Sundra, Forescout VP of Worldwide Systems Engineering will explore how Asset Intelligence from Forescout enables robust automated restrictions and orchestrated workflows.
10:30 AM
10:45 AM
Program Sponsor Update
Fighting new threats with more tools just adds complexity. It’s time to rethink your approach to cybersecurity. Prepare today for cyberthreats of tomorrow.
Through the intersection of AI, intelligent orchestration, the agility of the cloud, and collaboration with each other, we can tackle the cybersecurity challenges ahead of us.
11:00 AM
Tailboard Talk
Healthcare IoT (HIoT) now extends from one side of healthcare delivery to the other and today that includes an increasing number of medical devices, robots, health automation systems and building management systems none of which hospitals can easily do without.

Most of these connected devices however are not traditionally managed by IT, many don’t appear in any asset management database, most are not patched against vulnerabilities regularly (if ever), and a many are highly vulnerable to cyber-attack and extortion with no current compensating security controls to protect patients. 

In fact, a large number of network and implantable devices are pose a significant patient safety risk if not secured and could cause patient harm or even fatalities.  

This panel of esteemed biomedical and security leaders discusses what can be done to redress the balance, mitigate security risks and protect patient safety.
Learning Objectives:
  • Understand the security challenges of managing medical devices and other HIoT systems
  • Understand the need to Identify, Risk Assess and Manage devices across healthcare networks and the need to implement compensating security controls
  • Describe new technologies to assist healthcare in medical device discovery, risk management and automated remediation of security risk
11:45 AM
Dr. Christian Dameff, a practicing emergency medicine physician and leading cybersecurity researched for an in-depth discussion on how cyber professionals can engage clinicians and make them cyber champions for your organization.
12:15 PM
Join your fellow attendees during this lunch featuring engaging, passionate speakers whose talks expose new ideas in healthcare that are supported by concrete evidence and are relevant to current and future industry trends. Presentations will explore novel and counterintuitive approaches to solving the many complex problems facing our health system.
1:15 PM
1:30 PM
Industry Partner Spotlight
Network blind spots are one of the biggest reasons insider threats are not detected soon enough.  Bad actors are leveraging this weakness to move through the kill chain undetected, until it’s too late. 68% of healthcare breaches involve internal actors.  What steps can you take to cure network blindness?
2:00 PM
Tailboard Talk
Our panelists will address cyber issues faced in large, complex institutions. The discussion topics include leadership, staffing, cloud security and more.
2:45 PM
3:00 PM
Industry Partner Spotlight
Back in 2005, Marcus Ranum wrote in his “The Six Dumbest Ideas in Computer Security” article that, “sometime around 1992 the amount of Badness in the Internet began to vastly outweigh the amount of Goodness”. So why are we still focused on chasing “badness”? This approach might have been sufficient in the 1990s and arming ourselves with just an antivirus and a firewall gave us a sense of security, but this is definitely no longer the case.
  • Understand the definition of Negative Security and Positive Security models, with examples, advantages and disadvantages
  • Describe the attack kill chain and intentions behind most attacks
  • See demos of advanced attacks that bypass the majority of existing security controls
  • Learn how to correctly implement defense-in-depth best practices
3:30 PM
Breaches are on the news seemingly weekly, as organizations are struggling to secure their data. Phishing attacks are proliferating and going after our workforce. Ransomware has taken several victims and is also escalating. Healthcare organizations have become prime targets.

In this talk, I will share strategies to combat the rise of cybercrime, and how to make your networks more secure. I will discuss administrative, technical, and physical security controls. 
  • Have you built a sustainable and dynamic Information Security Plan? Have you shared this with upper management and gotten their buy-in and support?
  • Have you initiated a balanced Security Awareness Program? Are you regularly running scans of both your network and your applications? Are you monitoring your network to detect unusual activity? What about when that dreaded intrusion into your network occurs? Do you know what to do?
  • Are you testing and evaluating your security controls on a regular basis? How often do you test your Disaster Recovery Plan and your Incident Response Plan? Do you have the right people on your IR team?
We are entrusted with highly sensitive data. We must utilize best practices, but they cannot be "best" unless they employ both best privacy and security practices. Come learn if you are doing this and ensure that you indeed protect your confidential information.
Don't allow your organization to become the next victim of a breach. 
4:00 PM