Northeast Healthcare Cybersecurity Forum Agenda
|Friday, October 4, 2019|
Effectively communicating how cybersecurity risk exposure changes over time is critical to communicating the value of cybersecurity investments to the c-suite, your board and key stakeholders in your organization. This session will feature discussions on different methods of benchmarking, how to collaborate with peers to share benchmarking data and why cybersecurity benchmarking can be so difficult.
This presentation will focus on how organizations can improve and strengthen their I&AM programs through better governance and risk prioritization. The session will include best practices for balancing service levels and operational stability with security controls. The presenter will also highlight short-term and long term actions you can take that will benefit your organization now and into the future.
Industry Partner Spotlight
As healthcare environments embrace mobility, fewer wires and more wireless-connect systems that directly impact the delivery and quality of patient care, the ability to ensure the highest level of operational assurance these systems has never been more important. Recent technology advances in AI and big data network analytics are helping healthcare IT staff ensure the highest levels of performance and security. This presentation details how this new vendor-agnostic technology is being used and deployed across the healthcare industry to find and fix network-connected device issues impacting the delivery of patient care and efficient clinical operations.
Healthcare IoT (HIoT) now extends from one side of healthcare delivery to the other and today that includes an increasing number of medical devices, robots, health automation systems and building management systems none of which hospitals can easily do without.
Most of these connected devices however are not traditionally managed by IT, many don’t appear in any asset management database, most are not patched against vulnerabilities regularly (if ever), and a many are highly vulnerable to cyber-attack and extortion with no current compensating security controls to protect patients.
In fact, a large number of network and implantable devices are pose a significant patient safety risk if not secured and could cause patient harm or even fatalities.
This panel of esteemed biomedical and security leaders discusses what can be done to redress the balance, mitigate security risks and protect patient safety.
Benoit Desjardins, MD-PhD, FAHA, FACR, Associate Professor of Radiology and Medicine, University of Pennsylvania
Esmond Kane, Deputy CISO, Information Security and Privacy Office, Partners HealthCare
Richard Staynings, Chief Security Strategist, HIMSS Privacy & Security Committee and AEHIS Board Member
Chad Wilson, CHCIO, CISSP Chief Security Officer, Childrens’ National Health System
Industry Partner Spotlight
The basis of cyber risk and security strategies is knowing, across the entire enterprise footprint, who and what is on the network, both historically and in real-time. Believe it or not, the foundational name and IP addressing services found in every healthcare network have this information and more. In this session, Infoblox will discuss how healthcare organizations can utilize common foundational services (DNS, DHCP and IP Address Management) as building blocks of efficient cyber risk and security strategies.
This interactive, roundtable lunch and discussion will provide participants with an opportunity to discuss how we can all work together to tackle their cybersecurity staffing challenges. Discussion topics will include identifying the groups biggest staffing challenges, developing internal training programs to grow talent organically, talent recruiting best practices and how organizations can get involved in educational programs for students.
1:00 PM – 1:15 PM - Strategies for Developing and Growing Your Workforce
1:15 PM – 2:00 PM – Roundtable Discussion
Every healthcare provider should have a strategy in place for security risk management. With momentous changes in healthcare technology, protected health information is more valuable now than ever before, making it more vulnerable to breach. The burden is on you to ensure your organization, along with every third-party vendor, adheres to agreed-upon standards of security and protection.
This session will identify best practices, roadblocks and solutions to build a comprehensive security risk management strategy that works for any healthcare organization.
Industry Partner Spotlight
Many healthcare organizations today are hiring managed security service providers (MSSP) to manage specific security initiatives, or in some cases, outsourcing their entire security program. This approach is especially beneficial to those that have limited IT resources, lack internal security expertise, struggle to hire security talent, or simply need to implement a security program faster than they could in-house. But hiring an MSSP without the specific healthcare experience can pose just as much risk as cyber threats and attacks. Dan Dodson, President of Fortified Health Security will discuss best practices for IT leaders to use when evaluating MSSPs and the importance of choosing the right partner. Topics include \
Cloud computing offers many compelling advantages for organizations. But it is often viewed as less secure than traditional, on-premise data centers. This session will focus on how the security risks in the cloud are not all that different the traditional computing environments. Our presenter will also discuss security lessons learned from their transition to the cloud and debunk several cloud security myths.