Monday, September 24

8:00 AM - 8:30 AM Breakfast


8:30 AM - 9:15 AM Improving Third Party Risk Management in Healthcare

Stronger vendor security and risk management practices are being implemented in healthcare with more medical digital data, attacks growing in complexity and regulations changing. Business partners and suppliers must be carefully assessed to make sure they meet regulatory and compliance requirements. Non-compliance includes stiff fines and breach notification requirements. This session will explore the extended risk and attack vectors associated with vendor staff, products and services that originate outside of an enterprise’s defensive perimeter and offer best practices for assessing vendor compliance, including:
•Adjusting access levels for third parties user and system accounts
•Securing development of application integrations; including firewall configuration
•Segmenting internal networks to limit third party needs

9:20 AM - 9:50 AM Business Meetings

9:50 AM - 10:20 AM Business Meetings

10:20 AM - 10:50 AM Networking Break

10:20 AM - 10:50 AM Business Meetings


10:50 AM - 11:35 AM Innovating Application Vulnerability Management

Sometimes criminals exploit known application vulnerabilities to gain unauthorized access to data. Liability is a concern for technology teams within healthcare. The IT team must integrate various software in disparate geographic locations providing modern mobile applications, which is where DevOps plays an integral role. This is a working style that allows extremely fast code deployment, utilizing an integrated approach that joins agile development and operations together. DevOps has a vital role in enterprise security with its ability to change approaches to security. DevOps and centralized security policies offer the opportunity to automate and streamline the manual tasks needed to configure systems and apps.
In this session explore:
•The evolving role of automation in security mitigation
•Scalable cloud security architecture utilizing DevOps
•Team use of innovative vulnerability management tools


10:50 AM - 11:35 AM Stopping Phishing, Impersonation and Other Email Attacks

The proliferation of ransomware, phishing and other e-mail based attacks underscore the importance of multi-layered security solutions. Within healthcare HIPAA requires phishing defenses and proactive steps must be implemented to mitigate risk to a reasonable and acceptable level to avoid penalties.
E-mail security needs to move from detection to prevention with the ability to stop attacks.
In this session discuss:
•Balancing corporate security and user expectations
•Proactive responses to evolving attacks including sandboxing, advanced content analysis, pattern recognition and regulatory compliance
•Communicating business priorities and security awareness


11:40 AM - 12:10 PM Securing Medical Devices from the Onset is Vital

A vast digital neighbourhood of devices allows for more access points for hackers. Security must be an integral part of quality; linking information technology and architecture. Security should not have a separate evaluation process but must be embedded in the IT development process. As technology environments continue to transition away from the traditional perimeter-based environments to cloud based ones; security teams have needed to adjust their security approaches and profiles to account for these changes. Up time is everything for medical devices. The addition of IoT (Internet of Things) devices and machine learning models to these cloud based environments and complex institutional networks creates a new level of risk, and expands the scope of what needs to be monitored and protected. In this case study explore lessons learned:
•Current security risks with medical devices and collaboration with regulators, manufacturers and providers
•Proactive responses to mitigate cyber security risks
•Effective communications between stakeholders

12:10 PM - 12:40 PM Networking Lunch & Philanthropy Project

Roundtable Discussions

1:40 PM - 2:45 PM Engage in two 30-minute targeted discussions enabling open exchange amongst industry peers.

  • How to Manage Data Breach Notification?
  • Added Availability and Integrity with Blockchain Technologies
  • Audits, Risk Assessments, Penetration Testing and Vulnerability Scanning- What Do They Have in Common?

2:45 PM - 3:15 PM Business Meetings

3:15 PM - 3:45 PM Business Meetings


3:45 PM - 4:30 PM Forensics for Investigating Fraud and Mitigating Risk

Digital forensics has long been popular in law enforcement but the tools are powerful in healthcare, as well. This session focuses on the latest data extraction and forensics available to catch the most skilled attackers. Explore the rapidly changing pool of adversaries and cost-saving ways to find them.
In this this session:

• Latest tools and attacks to navigate the persistent threat landscape
• Making data captured by criminals useless
• Developing a strategic plan to implement forensics in your environment


3:45 PM - 4:30 PM Improving Operational Efficiencies with Multi-Factor Authentication

People, processes and technologies are all critical to effective privileged access management. The evolving Identity and Access Management (IAM) landscape improves business outcomes, strengthens the user experience and strengthens operational efficiency. Ownership of IAM and where accountability rests within the organization are part of the dialogue. Attend this session to explore:
•Shifting authentication and fortifying access methods
•Addressing technological and user-experience challenges
•Navigating in an open-access environment with legacy applications, IoT and remote applications

4:30 PM - 4:45 PM Networking Break

4:45 PM - 5:15 PM Business Meetings

5:15 PM - 5:45 PM Business Meetings

Fireside Chat

5:45 PM - 6:30 PM Teaming Humans and Machines: Intelligent and Proactive Defense

Collaborative internal and external partnerships are vital to bridge across siloes within healthcare. Security teams create robust, scalable and repeatable processes, which are proportionate to the risk being mitigated. Streamlining the human role in cyber security as automation provides ways to secure efficiently and effectively especially with the continued growth of electronic health records, Artificial Intelligence, block chain, imaging, interoperability and telemedicine.
In this session:
•Intrusion prevention / detection
•Anti-malware / machine based learning protection
•Efficiency in the resolution process

6:30 PM - 8:00 PM Networking Reception & Dinner