Northeast Healthcare Cybersecurity Forum Agenda

Friday, October 4, 2019
7:15 AM
8:00 AM
8:15 AM
Effectively communicating how cybersecurity risk exposure changes over time is critical to communicating the value of cybersecurity investments to the c-suite, your board and key stakeholders in your organization. This session will feature discussions on different methods of benchmarking, how to collaborate with peers to share benchmarking data and why cybersecurity benchmarking can be so difficult.
8:45 AM
9:15 AM
This presentation will focus on how organizations can improve and strengthen their I&AM programs through better governance and risk prioritization. The session will include best practices for balancing service levels and operational stability with security controls. The presenter will also highlight short-term and long term actions you can take that will benefit your organization now and into the future.
9:45 AM
10:00 AM
Industry Partner Spotlight
As healthcare environments embrace mobility, fewer wires and more wireless-connect systems that directly impact the delivery and quality of patient care, the ability to ensure the highest level of operational assurance these systems has never been more important. Recent technology advances in AI and big data network analytics are helping healthcare IT staff ensure the highest levels of performance and security.  This presentation details  how this new vendor-agnostic technology is being used and deployed across the healthcare industry to find and fix network-connected device issues impacting the delivery of patient care and efficient clinical operations.
10:30 AM
Tailboard Talk
Healthcare IoT (HIoT) now extends from one side of healthcare delivery to the other and today that includes an increasing number of medical devices, robots, health automation systems and building management systems none of which hospitals can easily do without.

Most of these connected devices however are not traditionally managed by IT, many don’t appear in any asset management database, most are not patched against vulnerabilities regularly (if ever), and a many are highly vulnerable to cyber-attack and extortion with no current compensating security controls to protect patients. 

In fact, a large number of network and implantable devices are pose a significant patient safety risk if not secured and could cause patient harm or even fatalities.  

This panel of esteemed biomedical and security leaders discusses what can be done to redress the balance, mitigate security risks and protect patient safety.
Learning Objectives:
  • Understand the security challenges of managing medical devices and other HIoT systems
  • Understand the need to Identify, Risk Assess and Manage devices across healthcare networks and the need to implement compensating security controls
  • Describe new technologies to assist healthcare in medical device discovery, risk management and automated remediation of security risk
11:15 AM
Industry Partner Spotlight
The basis of cyber risk and security strategies is knowing, across the entire enterprise footprint, who and what is on the network, both historically and in real-time. Believe it or not, the foundational name and IP addressing services found in every healthcare network have this information and more. In this session, Infoblox will discuss how healthcare organizations can utilize common foundational services (DNS, DHCP and IP Address Management) as building blocks of efficient cyber risk and security strategies.
11:45 AM
12:30 PM
This interactive, roundtable lunch and discussion will provide participants with an opportunity to discuss how we can all work together to tackle their cybersecurity staffing challenges. Discussion topics will include identifying the groups biggest staffing challenges, developing internal training programs to grow talent organically, talent recruiting best practices and how organizations can get involved in educational programs for students.
12:30 PM - 12:45 PM - Strategies for Developing and Growing Your Workforce
12:45 PM – 1:30 PM – Roundtable Discussion
1:30 PM
1:45 PM
Industry Partner Spotlight
Many healthcare organizations today are hiring managed security service providers (MSSP) to manage specific security initiatives, or in some cases, outsourcing their entire security program. This approach is especially beneficial to those that have limited IT resources, lack internal security expertise, struggle to hire security talent, or simply need to implement a security program faster than they could in-house. But hiring an MSSP without the specific healthcare experience can pose just as much risk as cyber threats and attacks.  Dan Dodson, President of Fortified Health Security will discuss best practices for IT leaders to use when evaluating MSSPs and the importance of choosing the right partner.  Topics include \
  • Understanding the nuances of securing a healthcare environment
  • Key skills, certifications, and experience necessary for an effective healthcare MSSP
  • Real-life examples of disruption that can be caused by an inexperienced cybersecurity team
2:15 PM
Cloud computing offers many compelling advantages for organizations. But it is often viewed as less secure than traditional, on-premise data centers. This session will focus on how the security risks in the cloud are not all that different the traditional computing environments. Our presenter will also discuss security lessons learned from their transition to the cloud and debunk several cloud security myths.
2:45 PM