2020 Forum Agendas
|Wednesday, February 5, 2020|
Like it or not healthcare delivery is changing, we are more reliant upon technology today than ever before to diagnose, treat, observe, manage and monitor patients. A basic systems outage is enough to bring an entire hospital or clinic to its knees. Just look at what happened in the UK when Ransomware took down much of the NHS. But our technology reliance is not just focused on IT systems any longer, there are a multitude of different Healthcare Internet of Things (HIoT) devices that we use to improve patient outcomes. All kinds of medical devices, from IMDs, to pumps, to scanners, to patient and nurse call systems, all of which are critical in direct patient care. And let’s not forget, that we cannot do without HVAC systems, elevators, power, water and other building management systems, nearly all of which are now ‘smart’ and ‘connected’. What happens when these simple devices are attacked by extortionists and cyber-criminals? Do most of us even know how many we actually have in each location, when they were last patched, and what security risks they pose to patients and to hospital IT systems? Just because they may be connected to an isolated network or VLAN doesn’t mean they are isolated. How can we gain greater visibility into what’s happening in our hospitals and become better prepared to defend ourselves from the next inevitable attack?
Join our panel members for an in-depth discussion on current cybersecurity trends and issues in healthcare. Discussion topics will span from board/stakeholder engagement to cloud security, to risk management frameworks, medical device security and more.
Sri Bharadwaj, CISSP, PMP Director, Information Services and Chief Information Security Officer, UC Irvine Health
Patrick Phelan, Chief Information Security Officer, UCSF and UC Davis Health
Monte Ratzlaff, Director, Cyber Risk Program, University of California, Office of the President
Kenneth Wottge, Information Security Officer, UC San Diego Health
Industry Partner Spotlight
As health systems become larger, more geographically diverse and care delivery becomes more networked and fragmented, the concept of segmenting the network into smaller, more manageable zones is becoming a cybersecurity best practice. It’s about reducing available attack surfaces and stopping attacks from propagating beyond the originally compromised or infected network segment but is it really achievable in healthcare? What needs to happen for it be implemented successfully.
Fully managed SIEM/MSSP is an affordable option for establishing a SOC; however, most providers offer black-box solutions with limited visibility and assurance that the environment is secure. Internally managed SIEM is expensive, requiring significant resources and funding, but offers rich features, customization, and visibility. Co-managed SIEM + MSSP offers the benefits of both approaches, including reasonable costs with the additional visibility and assurance.
Industry Partner Spotlight
As threats have become more advanced and the healthcare industry has been increasingly targeted by cyber-attackers, security teams are struggling to keep up. The security skills shortage coupled with limited resources magnifies the challenges already posed by machine-speed attacks, insider threats, and low-and-slow attacks. Cyber AI serves as a force multiplier for organizations’ security teams, triaging alerts, prioritizing the most important threats, and even taking action on behalf of security teams to interrupt threats. In this session, hear about:
Securing medical devices is one of the greatest challenges facing healthcare providers today and, yet, there is little information in the industry regarding best practices, common struggles and how organizations are overcoming them, and which manufacturers are seen as most secure and transparent about vulnerabilities. Join this session to learn about how your colleagues are managing medical device security in their organizations.
Industry Partner Spotlight
This session hosted by Tanium will explore a real-world use case of a ransomware attack that spread throughout a government organization, in turn causing all IT management systems to be encrypted. Dylan DeAnda, VP of Enterprise Services, will lead a discussion of the risks leading up to the breach, what steps the CIO took to recover the enterprise and lessons learned. Hear how to avoid such a situation and protect what’s critical to your IT structure.
Managing access to your networks, applications and devices through a strong Identity and Access Management program is a challenge for information security and business leaders alike. Join this session to learn how clinical leaders, hospital administration, CIOs, CISOs and other critical members of your leadership team must work together to develop a strong identity and access management strategy that secures your organization.
All Cybersecurity Forums are Co-Located with a Heatlhcare Innovation Summit
The 2020 Cybersecurity Forums are Being Held Under Chatham House Rule
Discussions/comments will not be attributed to specific attendees or speakers. We ask that all participants refrain from publishing images that include speaker content or share direct speaker and/or attendee statements via social media or other channels without first obtaining express, written consent from a speaker or fellow attendee.