September 23 - 25, 2018

Tuesday, September 25

8:00 am - 8:40 am Networking Breakfast

8:40 am - 8:45 am Chairperson’s Opening Remarks

8:45 am - 9:30 am Strengthening Security for All Stakeholders With Evolving Breaches and Emerging Technologies

Andrew Coyne - Chief Information Security Officer Mayo Clinic
Darren Lacey - CISO Johns Hopkins
Cyber security affects the entire healthcare community; no one is immune from a breach. The effectiveness of internal preparedness is vital. Practical risk management is a mind-set.  Executives must learn and keep in balance the interests of stakeholders, the mission, asset value and the real impact of an attack. Breaches will happen; the focus needs to be how the organization should minimize disruptions, handle ransomware and other attacks including proactive incident response and business continuity measures. This includes mitigating against chip vulnerabilities such as Meltdown and Spectre. Efforts to automate include integrating emerging technologies with existing security tools and bolstering processes to protect from human errors and insider threats. Executives must convey security is a continued enterprise investment. 

In this session:

  • Hardening networks from technology and financial standpoints
  • Balancing automation and expert human analysis
  • Testing incident response and ensuring backup and recovery processes

Andrew Coyne

Chief Information Security Officer
Mayo Clinic


Darren Lacey

Johns Hopkins

9:35 am - 10:05 am A Successful Risk Management Framework for HITRUST Certification

10:10 am - 10:40 am Business Meetings

10:40 am - 11:10 am Business Meetings

11:15 am - 12:00 pm Creating and Fostering a Culture of Cybersecurity Awareness and Compliance

With the abundance of cyber attacks in healthcare, a robust security culture is vital. A security culture is for humans since computers do exactly what anyone tells them to do.  Within the security industry there is a problem of empathy where the victims of the cyber security breaches are punished.  The whole world, which utilizes security systems, needs to be engaged to have truly effective security. A sustainable security culture is larger than a single security incident. In this session, explore establishing a positive security culture with new systems of collaboration and communication.

•Planning long term with staff development and culture awareness
•Improving understanding to encourage investment in security
•Providing a persistent and sustainable security culture that interacts and influences at all levels
•Widening talent searches outside of IT

12:00 pm - 12:30 pm Chairperson’s Closing Remarks