Monday, September 24
8:30 am - 9:10 am Improving Third Party Risk Management in HealthcareFred Kwong - CISO Delta Dental
Rizwan Jan - Interim CIO and CISO Henry M. Jackson Foundation for Advancement of Military Medicine
Patty Ryan - Chief Information Security Officer Ortho Clinical Diagnostics
Sonia Arista - National Healthcare Practice Director Fortinet
Herman Doering - SISO St. Luke’s Health System
Stronger vendor security and risk management practices are being implemented in healthcare with more medical digital data, attacks growing in complexity and regulations changing. Business partners and suppliers must be carefully assessed to make sure they meet regulatory and compliance requirements. Non-compliance includes stiff fines and breach notification requirements. This session will explore the extended risk and attack vectors associated with vendor staff, products and services that originate outside of an enterprise’s defensive perimeter and offer best practices for assessing vendor compliance, including:
- Adjusting access levels for third parties user and system accounts
- Securing development of application integrations; including firewall configuration
- Segmenting internal networks to limit third party needs
Rizwan JanInterim CIO and CISO
Henry M. Jackson Foundation for Advancement of Military Medicine
Patty RyanChief Information Security Officer
Ortho Clinical Diagnostics
Sonia AristaNational Healthcare Practice Director
St. Luke’s Health System
9:15 am - 9:45 am Transformational Security-- Instituting a Renewed Approach to Healthcare SecurityChristopher Logan - Director of Secure Design, Build and Access Management (Deputy CISO) Wellmark
Healthcare organizations must continue to remain diligent in their efforts to ensure the confidentiality, integrity and availability of the data and information used to provide services to our most important assets, our patients. Currently secucritical assets, patient informationrity models are becoming less effective and we must change the way we look at protecting both critical applications and patient information. Whether your applications reside in your datacenter or in a public cloud, the need for application level visibility, enhanced threat detection and the automation and execution of policy while providing granular controls are essential for any next generation security strategy. During this presentation we will uncover the current state of healthcare security, explore how we got there and focus on a renewed approach to minimizing the threats and risks to our most critical assets, patient information.
Christopher LoganDirector of Secure Design, Build and Access Management (Deputy CISO)
9:45 am - 10:15 am Business Meetings
10:15 am - 10:45 am Business Meetings
BrainWeave11:00 am - 11:45 am Identifying, Monitoring and Mitigating Healthcare Security Risks in the Cloud
The cloud offers economic, competitive and collaborative benefits to healthcare. But the sensitive and regulated data kept by healthcare services requires heightened security measure. In this session, discuss the challenges and benefits of moving to the cloud. Look at how the changing threat landscape creates risks to traditional security Examine current security trends affecting healthcare and approaches to protecting sensitive data:
- Managing existing and future cloud infrastructure
- Embracing the cloud with full visibility while managing shadow IT
- Identifying gaps and ensuring regulatory compliance through the cloud
MasterClass11:00 am - 11:45 am Stopping Phishing, Impersonation and Other Email Attacks
The proliferation of ransomware, phishing and other e-mail based attacks underscore the importance of multi-layered security solutions. Within healthcare HIPAA requires phishing defenses and proactive steps must be implemented to mitigate risk to a reasonable and acceptable level to avoid penalties.
E-mail security needs to move from detection to prevention with the ability to stop attacks.
In this session discuss:
- Balancing corporate security and user expectations
- Proactive responses to evolving attacks including sandboxing, advanced content analysis, pattern recognition and regulatory compliance
- Communicating business priorities and security awareness
11:50 am - 12:20 pm Visually Thinking About Reporting and Getting ResultsEdward Marchewka - Director of IT Gift of Hope Organ & Tissue Donor Network
Leverage the largest single system in your brain, the visual cortex, to present your ideas, your metrics, and your asks to the Board—and be seen and be heard! Understand how the brain works to your advantage to more effectively present on information security topics.
Edward MarchewkaDirector of IT
Gift of Hope Organ & Tissue Donor Network
12:25 pm - 1:25 pm Networking Lunch
Roundtable Discussions: Engage in two 30-minute targeted discussions enabling open exchange amongst industry peers.1:30 pm - 2:35 pm Audits, Risk Assessments, Penetration Testing and Vulnerability Scanning- What Do They Have in Common?
BrainWeave2:40 pm - 3:25 pm When Shrinkage is Good-Reduce Incident Response Times from Hours to Minutes
Is your security team challenged with alert fatigue, a shortage of skilled staff, and maximizing the company's product arsenal investment?
Solving such challenges isn't easy and requires a delicate balance of people, processes, and tools. Investing in a comprehensive platform that enables security operation teams to reduce MTTR, create consistent and audited incident management process and increase analyst productivity is a step in the right direction.
Attend this discussion to learn how a security orchestration platform can automate manual-intensive tasks and reduce response times from hours to minutes. See how the product's machine learning suggestions can help your team become smarter with every incident and resolve complex threats faster and more accurately.
Benefits from shrinking your time to respond for every incident include:
- Improve your overall security posture
- Enhance analyst productivity (from Tier 1-3)
- Future-proof security operations
Master Class2:40 pm - 3:25 pm Improving Operational Efficiencies with Multi-Factor Authentication
People, processes and technologies are all critical to effective privileged access management. The evolving Identity and Access Management (IAM) landscape improves business outcomes, strengthens the user experience and strengthens operational efficiency. Ownership of IAM and where accountability rests within the organization are part of the dialogue. Attend this session to explore:
- Shifting authentication and fortifying access methods
- Addressing technological and user-experience challenges
- Navigating in an open-access environment with legacy applications, IoT and remote applications
BrainWeave3:45 pm - 4:15 pm Business Meetings
MasterClass4:15 pm - 4:45 pm Business Meetings
4:45 pm - 5:15 pm Business Meetings
5:15 pm - 6:00 pm Cloud Maturity—Challenges of Moving to the CloudMichael Lindskov - Chief Security Architect BCBS Michigan/COBX
Take a journey through a migration to cloud based technology. What are the benefits? What are the realities? Can we build a secure cloud infrastructure & application? This presentation will take you through some of the challenges and opportunities as experience by our speaker.
Michael LindskovChief Security Architect