Pacific Northwest Healthcare Cybersecurity Forum Agenda

Wednesday, November 20, 2019
7:45 AM
8:45 AM
9:00 AM
Keynote Presentation
This session will focus on how CISOs address and new and upcoming tech in their risk management program. Discussion topics will include how CISOs are bolstering their cyber programs with innovative technology, how AI will impact risk management, and the advent of deep fakes and information security.
9:30 AM
Managing risks are part of a robust information security program. Our organizations have come to depend on a complex network of third-party relationships. Reliance on third-parties can drive performance, but also pose significant risks. Many organizations are still struggling to effectively manage their third-party information security risks. Risks are especially evident in contracts we enter into with our third parties without consideration for how the organization might be impacted. This session will cover:
  • An understanding of the potential risks that may arise from the use of third-parties
  • The basic elements of an effective third-party risk management program
  • Best practices for controlling third-party risks
10:00 AM
Industry Partner Spotlight
Visibility is great, but what Visibility by itself. It’s not enough to just know about the devices and the risks they pose. You also need to automate the processes to mitigate the risks and orchestrate the appropriate controls. In this session, we will explore how Asset Intelligence from Forescout enables robust automated restrictions and orchestrated workflows.
10:30 AM
10:45 AM
Join Dr. Dameff a practicing emergency medicine physician who is also a hacker and security researcher interested in the intersection of healthcare, patient safety, and cybersecurity as he discussed how cybersecurity teams can strategically work with clinicians to manage risk and provide the best care possible.
11:30 AM
Industry Partner Spotlight

CrowdStrike's 2019 Global Threat Report details how adversaries typically dwell for 1 hour and 58 minutes before taking action after they've initially gained access to a machine. This "Breakout time", is all the time until an intruder jumps from the machine that’s initially compromised and moves laterally through your network.
This is a crucial window to stop the breach, but is not the only metric you need to know. When an attack is in progress, you have on average of one minute to detect it, 10 minutes to understand it and one hour to contain it. Is your organization ready to meet the 1/10/60 minute challenge?
Join CrowdStrike security experts for an important, in-depth discussion of the common hurdles organizations face in establishing an effective IR process. You will also learn how next-gen technology including endpoint detection and response (EDR) can help you overcome them.
Attend this session to hear CrowdStrike experts discuss:

  • What breakout time is and what it means for defenders that are responding to attacks in real time
  • How the incident response process unfolds and the barriers that keep organizations from mounting a rapid and efficient response
  • The key steps you can take to improve your organization’s ability to rapidly detect, investigate and remediate threats
  • Best practices for preventing, detecting in less than 1 minute, analyzing in less than 10 minutes, and responding in less than 60 minutes to stop adversaries

When you can detect, analyze, and recover before the 1 hour and 58 minutes from initial compromise, you WIN, and the adversaries LOSE!

12:00 PM
Lunch and Learn
There has been tremendous growth in the percentage of network traffic that is encrypted over the last decade. With this comes many challenges for incident responders. Decrypting the traffic is often hard, if not impossible. The rise of encryption has undoubtedly increased privacy for users but we know that threat actors take advantage of it as well. As network defenders our visibility is impacted, and traditional network monitoring detection will not always work.
In this talk we will discuss the problem of encrypted traffic as it pertains to network detection and response, educate you on new developments in SSL/TLS, and demonstrate how you can still hunt for and detect badness in encrypted traffic. This talk will be relevant to junior analysts all the way up to senior analysts at mature SOCs.
1:00 PM
1:15 PM
Industry Partner Spotlight

In today’s hyper-connected healthcare enterprise, the quantity and heterogeneity of devices connected to your enterprise network is massive – and rapidly growing.  Every area of your institution is a model of connectivity – critical medical, security, facilities and enterprise devices all need access to data in order to aid in the continuing delivery of quality care.  While these devices all represent an opportunity to continually improve patient care, institutional efficiency, and physical security, they also represent potential points of vulnerability. 

Developing a strategy of proactive protection of these devices – and the network to which they are connected – is essential to the security, resiliency and continuity of your healthcare organization’s operations.  However, these devices represent an unique challenge in that they cannot be regulated and secured with traditional agent-based network security solutions. This new era of hyper-connectivity requires a new approach, utilizing your existing best-of-breed network and security infrastructure for enforcement of very sophisticated and granular policies that effectively regulate and control the communication behavior of every class of device.  It is only through this strategy of proactive protection that you can fully take control of your connected infrastructure, increasing network security, building unbeatable system resiliency, and ensuring the continuity of quality healthcare delivery and institutional operations.

1:45 PM
Breaches are on the news seemingly weekly, as organizations are struggling to secure their data. Phishing attacks are proliferating and going after our workforce. Ransomware has taken several victims and is also escalating. Healthcare organizations have become prime targets.
In this talk, I will share strategies to combat the rise of cybercrime, and how to make your networks more secure. I will discuss administrative, technical, and physical security controls. 
  • Have you built a sustainable and dynamic Information Security Plan? Have you shared this with upper management and gotten their buy-in and support?
  • Have you initiated a balanced Security Awareness Program? Are you regularly running scans of both your network and your applications? Are you monitoring your network to detect unusual activity? What about when that dreaded intrusion into your network occurs? Do you know what to do?
  • Are you testing and evaluating your security controls on a regular basis? How often do you test your Disaster Recovery Plan and your Incident Response Plan? Do you have the right people on your IR team?

We are entrusted with highly sensitive data. We must utilize best practices, but they cannot be "best" unless they employ both best privacy and security practices. Come learn if you are doing this and ensure that you indeed protect your confidential information.
Don't allow your organization to become the next victim of a breach. 
2:00 PM
Tailboard Talk
Join our panel members for an in-depth discussion on current cybersecurity trends and issues in healthcare. Discussion topics will span from board/stakeholder engagement to cloud security, to risk management frameworks and more. 
2:45 PM