Midwest Healthcare Cybersecurity Forum Agenda

Friday, October 18, 2019
7:30 AM
8:15 AM
8:30 AM
Chief Information Security Officers struggle with the balancing act of identifying, developing, implementing, and maintaining processes across the enterprise to reduce information and information technology (IT) risks while collaborating with stakeholders across the organization to establish appropriate standards and controls, manage security technologies, and direct the establishment and implementation of policies and procedures. Join this session to learn how security leaders across many organizations overcome these hurdles and develop a cybersecurity culture in their organizations.
9:00 AM
Employees take several required trainings each year. Most are dull, over complicated, and not engaging. Why not make your security awareness training approach stand out? During this presentation, I will review how Eli Lilly is developing a training approach that impacts millennials and baby boomers alike. Lilly's new approach mixes mandatory and voluntary tactics, personal and work content, utilizing a variety of channels to best shape our employee base. Best practices and lessons learned will be covered.
9:45 AM
Industry partners spotlights feature in-depth discussions from select industry partners. All industry partner sessions are reviewed by our advisory council before being presented in the program.
10:15 AM
11:00 AM
Securing medical devices is one of the greatest challenges facing healthcare providers today and, yet, there is little information in the industry regarding best practices, common struggles and how organizations are overcoming them, and which manufacturers are viewed as most secure and transparent about vulnerabilities. Join this session to learn about how your colleagues are managing medical device security in their organizations.
11:30 AM
Industry partner spotlights feature in-depth discussions from select industry partners. All industry partner sessions are reviewed by our advisory council before being presented in the program.
12:00 PM
Effectively communicating how cybersecurity risk exposure changes over time is critical to communicating the value of cybersecurity investments to the c-suite, your board and key stakeholders in your organization. This session will feature discussions on different methods of benchmarking, how to collaborate with peers to share benchmarking data and why cybersecurity benchmarking can be so difficult.
12:30 PM
1:00 PM
This interactive, roundtable lunch and discussion will provide participants with an opportunity to discuss how we can all work together to tackle their cybersecurity staffing challenges. Discussion topics will include identifying the groups biggest staffing challenges, developing internal training programs to grow talent organically, talent recruiting best practices and how organizations can get involved in educational programs for students.
2:00 PM
2:30 PM
Managing access to your networks, applications and devices through a strong Identity and Access Management program is a challenge for information security and business leaders alike. Join this session to learn how clinical leaders, hospital administration, CIOs, CISOs and other critical members of your leadership team must work together to develop a strong identity and access management strategy that secures your organization.
3:00 PM
Like it or not healthcare delivery is changing, we are more reliant upon technology today than ever before to diagnose, treat, observe, manage and monitor patients. A basic systems outage is enough to bring an entire hospital or clinic to its knees. Just look at what happened in the UK when Ransomware took down much of the NHS. 
But our technology reliance is not just focused on IT systems any longer, there are a multitude of different Healthcare Internet of Things (HIoT) devices that we use to improve patient outcomes. All kinds of medical devices, from IMDs, to pumps, to scanners, to patient and nurse call systems, all of which are critical in direct patient care. And let’s not forget, that we cannot do without HVAC systems, elevators, power, water and other building management systems, nearly all of which are now ‘smart’ and ‘connected’. 
What happens when these simple devices are attacked by extortionists and cyber-criminals? Do most of us even know how many we actually have in each location, when they were last patched, and what security risks they pose to patients and to hospital IT systems? Just because they may be connected to an isolated network or VLAN doesn’t mean they are isolated.
How can we gain greater visibility into what’s happening in our hospitals and become better prepared to defend ourselves from the next inevitable attack? 
4:00 PM