September 23 - 25, 2018

Monday, September 24

8:00 am - 8:30 am Breakfast

Stronger vendor security and risk management practices are being implemented in healthcare with more medical digital data, attacks growing in complexity and regulations changing. Business partners and suppliers must be carefully assessed to make sure they meet regulatory and compliance requirements.  Non-compliance includes stiff fines and breach notification requirements. This session will explore the extended risk and attack vectors associated with vendor staff, products and services that originate outside of an enterprise’s defensive perimeter and offer best practices for assessing vendor compliance, including:

  • Adjusting access levels for third parties user and system accounts
  • Securing development of application integrations; including firewall configuration 
  • Segmenting internal networks to limit third party needs

Fred Kwong

Delta Dental


Rizwan Jan

Interim CIO and CISO
Henry M. Jackson Foundation for Advancement of Military Medicine


Patty Ryan

Chief Information Security Officer
Ortho Clinical Diagnostics


Sonia Arista

National Healthcare Practice Director


Herman Doering

St. Luke’s Health System

9:15 am - 9:45 am Transformational Security-- Instituting a Renewed Approach to Healthcare Security

Christopher Logan - Director of Secure Design, Build and Access Management (Deputy CISO) Wellmark
Healthcare organizations must continue to remain diligent in their efforts to ensure the confidentiality, integrity and availability of the data and information used to provide services to our most important assets, our patients. Currently secucritical assets, patient informationrity models are becoming less effective and we must change the way we look at protecting both critical applications and patient information. Whether your applications reside in your datacenter or in a public cloud, the need for application level visibility, enhanced threat detection and the automation and execution of policy while providing granular controls are essential for any next generation security strategy. During this presentation we will uncover the current state of healthcare security, explore how we got there and focus on a renewed approach to minimizing the threats and risks to our most critical assets, patient information.

Christopher Logan

Director of Secure Design, Build and Access Management (Deputy CISO)

9:45 am - 10:15 am Business Meetings

10:15 am - 10:45 am Business Meetings

10:45 am - 11:00 am Networking Break


11:00 am - 11:45 am Identifying, Monitoring and Mitigating Healthcare Security Risks in the Cloud
The cloud offers economic, competitive and collaborative benefits to healthcare. But the sensitive and regulated data kept by healthcare services requires heightened security measure. In this session, discuss the challenges and benefits of moving to the cloud. Look at how the changing threat landscape creates risks to traditional security Examine current security trends affecting healthcare  and approaches to protecting sensitive data:
  • Managing existing and future cloud infrastructure
  • Embracing the cloud with full visibility while managing shadow IT 
  • Identifying gaps and ensuring regulatory compliance through the cloud


11:00 am - 11:45 am Stopping Phishing, Impersonation and Other Email Attacks
The proliferation of ransomware, phishing and other e-mail based attacks underscore the importance of multi-layered security solutions.  Within healthcare HIPAA requires phishing defenses and proactive steps must be implemented to mitigate risk to a reasonable and acceptable level to avoid penalties. 

E-mail security needs to move from detection to prevention with the ability to stop attacks.  

In this session discuss:

  • Balancing corporate security and user expectations
  • Proactive responses to evolving attacks including sandboxing, advanced content analysis, pattern recognition and regulatory compliance
  • Communicating business priorities and security awareness

11:50 am - 12:20 pm Visually Thinking About Reporting and Getting Results

Edward Marchewka - Director of IT Gift of Hope Organ & Tissue Donor Network
Leverage the largest single system in your brain, the visual cortex, to present your ideas, your metrics, and your asks to the Board—and be seen and be heard! Understand how the brain works to your advantage to more effectively present on information security topics.

Edward Marchewka

Director of IT
Gift of Hope Organ & Tissue Donor Network

12:25 pm - 1:25 pm Networking Lunch

Roundtable Discussions: Engage in two 30-minute targeted discussions enabling open exchange amongst industry peers.

1:30 pm - 2:35 pm How to Manage Data Breach Notification?

Roundtable Discussions: Engage in two 30-minute targeted discussions enabling open exchange amongst industry peers.

1:30 pm - 2:35 pm Added Availability and Integrity with Blockchain Technologies

Roundtable Discussions: Engage in two 30-minute targeted discussions enabling open exchange amongst industry peers.

1:30 pm - 2:35 pm Audits, Risk Assessments, Penetration Testing and Vulnerability Scanning- What Do They Have in Common?


2:40 pm - 3:25 pm When Shrinkage is Good-Reduce Incident Response Times from Hours to Minutes
Is your security team challenged with alert fatigue, a shortage of skilled staff, and maximizing the company's product arsenal investment?

Solving such challenges isn't easy and requires a delicate balance of people, processes, and tools. Investing in a comprehensive platform that enables security operation teams to reduce MTTR, create consistent and audited incident management process and increase analyst productivity is a step in the right direction.

Attend this discussion to learn how a security orchestration platform can automate manual-intensive tasks and reduce response times from hours to minutes. See how the product's machine learning suggestions can help your team become smarter with every incident and resolve complex threats faster and more accurately.

Benefits from shrinking your time to respond for every incident include:

  • Improve your overall security posture
  • Enhance analyst productivity (from Tier 1-3)
  • Future-proof security operations

Master Class

2:40 pm - 3:25 pm Improving Operational Efficiencies with Multi-Factor Authentication
People, processes and technologies are all critical to effective privileged access management. The evolving Identity and Access Management (IAM) landscape improves business outcomes, strengthens   the user experience and strengthens operational efficiency. Ownership of IAM and where accountability rests within the organization are part of the dialogue.  Attend this session to explore:

  • Shifting authentication and fortifying access methods
  • Addressing technological and user-experience challenges
  • Navigating in an open-access environment with legacy applications, IoT and remote applications

3:30 pm - 3:45 pm Networking Break


3:45 pm - 4:15 pm Business Meetings


4:15 pm - 4:45 pm Business Meetings

4:45 pm - 5:15 pm Business Meetings

5:15 pm - 6:00 pm Cloud Maturity—Challenges of Moving to the Cloud

Michael Lindskov - Chief Security Architect BCBS Michigan/COBX
Take a journey through a migration to cloud based technology.  What are the benefits? What are the realities?  Can we build a secure cloud infrastructure & application?  This presentation will take you through some of the challenges and opportunities as experience by our speaker.


Michael Lindskov

Chief Security Architect
BCBS Michigan/COBX

6:00 pm - 7:30 pm Networking Reception