2020 HIoT Summit: Where Patient Safety Meets Cybersecurity | By Cylera

HIoT-Summit-2020-logo_vert-SM

July 14, 2020 | 10 AM EDT | Virtual Event

2020 HIoT Summit Recap

On July 14, 2020, Cylera held the second annual HIoT Summit with over 30 global healthcare and security thought leaders who contributed to making this full-day event a success. Eleven expert panels provided insights to over 250 attendees on the Healthcare Internet of Things (HIoT), artificial intelligence (AI), cybersecurity, and connected medical devices. Topics included:

The latest in cyber threats facing healthcare providers
Trends in balancing patient safety and digital risk
How telehealth is changing the risk profile
Best practices for medical device and IoT security
Aligning business objectives to security maturity

Request access to 2020 HIoT Summit Speaker presentations and recordings now.

Access Speaker Presentations & Recordings

Speakers

Richard Staynings

Richard Staynings

Chief Security Strategist, Cylera

Saif Abed, MBBS

Saif Abed, MBBS

Partner, AbedGraham Group

Chad Wilson

CISO, Stanford Children’s Health

David Finkelstein

David Finkelstein

Director IS, St. Luke’s University Health Network

Mike Bray

Mike Bray

CISO, Vancouver Clinic

Robert Perry

Robert Perry

CISO, Carilion Clinic

Martyn Gill

Martyn Gill

Partner, Wembley Partners

Logan Wolfe

Logan Wolfe

Partner, Wembley Partners

Esmond Kane

Esmond Kane

CISO, Steward Health

Michael Archuleta

Michael Archuleta

CIO, Mt. San Rafael Hospital

Dan Costantino

Dan Costantino

CISO & Assoc. CIO, Penn Medicine

Christopher Frenz

Christopher Frenz

CISO, Interfaith Medical Center

Anahi Santiago

Anahi Santiago

CISO, Christiana Care Health System

Mark Eggleston

Mark Eggleston

VP & CISO, Health Partners Plans

Mitch Parker

Mitch Parker

CISO, Indiana University Health

Benoit Desjardins, MD, PhD

Benoit Desjardins, MD, PhD

Associate Professor of Radiology and Medicine, Penn Medicine

James Balshi, MD

James Balshi, MD

CMIO, St Luke's University Health Network

C. William Hanson, MD

C. William Hanson, MD

CMIO, Penn Medicine

Edwin Menor

Director of Systems Engineering, Cylera

Emmanuel Jackson

Emmanuel Jackson

CEO, Evanston Technology Partners, Inc.

Sri Bharadwaj

Sri Bharadwaj

VP Digital Innovation, Franciscan Health

Thomas August

Thomas August

VP & CISO, John Muir Health

Powell Hamilton

Powell Hamilton

CISO, Centura Health

Mark Sangster

Mark Sangster

VP, eSentire

Agenda

}

10:00 AM–10:15 AM EDT

Summit Opening Remarks

Richard Staynings

Chief Security Strategist, Cylera

Access Speaker Presentations & Recordings

}

10:15 AM–11:00 AM EDT

Brave New World: Patient Safety, IoT, and Risk Analytics Post-COVID-19

Morning Keynote

In this keynote address, Dr. Abed will share his experience of working with healthcare providers, global government agencies, and security companies to address cybersecurity risks from a patient safety perspective. Read More

Saif Abed, MBBS

Partner, AbedGraham Group

Access Speaker Presentations & Recordings

}

11:00 AM–11:45 AM EDT

Asset & Risk Management in Today’s Hospital Environment

Panel Talk

This panel will discuss the importance of inventory, asset, and risk management, inclusive of corporate assets, data, networks, and systems.

Moderated By: RICHARD STAYNINGS

Chief Security Strategist, Cylera

David Finkelstein

Director IS, St. Luke’s University Health Network

Mike Bray

CISO, Vancouver Clinic

Robert Perry

CISO, Carilion Clinic

Access Speaker Presentations & Recordings

}

11:45 AM–12:15 PM EDT

Intent, Opportunity, Capability—The Cyber Threat!

Hear From an Expert

In this talk, experts will sound off on what the threats are, where the threats are, and who the bad actors are that are threatening your security. Read More

Martyn Gill

Partner, Wembley Partners

Logan Wolfe

Partner, Wembley Partners

Access Speaker Presentations & Recordings

}

12:15 PM–12:20 PM EDT

Break 1

}

12:20 PM–12:50 PM EDT

The Challenges of Securing HIoT

Panel Talk

Attend this panel of healthcare CISOs for an insider’s view on the HIoT security difficulties they have seen or expect to see.

Moderated by: Esmond Kane

CISO, Steward Health

Michael Archuleta

CIO, Mt. San Rafael Hospital

Dan Costantino

CISO & Assoc. CIO, Penn Medicine

Access Speaker Presentations & Recordings

}

12:50 PM–1:20 PM EDT

The Need for Evidence Based Security

Hear From an Expert

This expert talk will walk you through an illustration of taking an evidence-based approach to cybersecurity via the simulation of mass malware outbreak; discuss the positive and negative lessons learned from conducting the exercise; and delve into the resultant implementation of zero-trust networks as a means of rectifying identified shortcomings. Read More

Christopher Frenz

CISO, Interfaith Medical Center

Access Speaker Presentations & Recordings

}

1:20 PM–1:25 PM EDT

Break 2

}

1:25 PM–1:55 PM EDT

Telehealth: Consumer Demand in Healthcare and the Need to Adjust Delivery Models

Panel Talk

In healthcare, we have some solutions that don’t suit the problem—square peg in a round hole. Today, we have technologies that can enable doctors to see their patients from home. Our moderator and panelists will discuss what else we can do to best care for patients.

Moderated by: Anahi Santiago

CISO, Christiana Care Health System

Mark Eggleston

VP & CISO, Health Partners Plans

Mitch Parker

CISO, Indiana University Health

Access Speaker Presentations & Recordings

}

1:55 PM–2:25 PM EDT

IEEE/UL P2933—Building an Open Extensible Framework for the IoMT

Hear From an Expert

During this talk, an information security and compliance expert will describe the security challenges of HIoT; outline the aims of developing a standard framework; and discuss why having a standard framework that addresses salient needs is necessary to advance security. Read More

Mitch Parker

CISO, Indiana University Health

Access Speaker Presentations & Recordings

}

2:25 PM–2:30 PM EDT

Break 3

}

2:30 PM–3:15 PM EDT

The Evolving Biomedical Digital Environment

Medical Panel

Listen to an expert panel of three practicing physicians, who are also organizational leaders, as they discuss the evolution of digitization, the surge in medical devices, and the need for proper technology management.

Moderated by: Benoit Desjardins, MD, PhD

Associate Professor of Radiology and Medicine, Penn Medicine

James Balshi, MD

CMIO, St Luke’s University Health Network

C. William Hanson, MD

CMIO, Penn Medicine

Access Speaker Presentations & Recordings

}

3:15 PM–3:45 PM EDT

ZeroTrust & Microsegmentation: Combat Attacks Against Medical Devices & HIoT Endpoints

Hear From an Expert

In this technical talk, an expert, pioneer systems engineer will guide you through the concept of zero trust and how it relates to micro segmentation. Read More

Emmanuel Jackson

CEO, Evanston Technology Partners, Inc.

Edwin Menor

Director of Systems Engineering, Cylera

Access Speaker Presentations & Recordings

}

3:45 PM–3:50 PM EDT

Break 4

}

3:50 PM–4:20 PM EDT

Automation & Digitalization: How Do We Fix U.S. Healthcare?

Panel Talk

COVID-19 has exposed major issues with U.S. healthcare, so our panel of information security leaders will explore automation and digitalization solutions.

Moderated by: Sri Bharadwaj

VP Digital Innovation, Franciscan Health

Thomas August

VP & CISO, John Muir Health

Powell Hamilton

CISO, Centura Health

Access Speaker Presentations & Recordings

}

4:20 PM–4:50 PM EDT

Building Cyber Resilience in Digital Medicine: Finding Factors Not Fault

Closing Keynote

This expert talk will explore real-world incidents and threats, in order to assemble an actionable cyber-resilience framework that adapts to interconnected and distributed medical practices. Read More

Mark Sangster

VP, eSentire

Access Speaker Presentations & Recordings

}

4:50 PM–5:00 PM EDT

Closing Remarks

Timur Ozekcin

CEO, Cylera

Access Speaker Presentations & Recordings

Cylera is a Healthcare IoT cybersecurity and intelligence company built in close partnership with healthcare providers. Cylera built a next-generation platform that leverages AI-driven technology to deliver the strongest, most advanced cybersecurity and analytics solutions.

HIoT-Summit-2020-logo_white-horiz-SM

Stay Connected

Richard Staynings

Richard Staynings

Chief Security Strategist, Cylera

Staynings is a globally renowned thought leader, author, public speaker, and advocate for improved cybersecurity across the healthcare and life sciences industry—an industry in which he has focused for much of his career. In addition to being the author of the healthcare cybersecurity blog “Cyber Thoughts,” he currently works for Cylera, a pioneer in the space of medical device and HIoT security. Additionally, he teaches postgraduate cybersecurity courses and is a retained advisor to a number of governments and private companies.

Saif Abed, MBBS

Saif Abed, MBBS

Partner, AbedGraham Group

Dr. Saif Abed is a medical doctor and healthcare cybersecurity & national security expert in cyber warfare and crime that targets hospitals and safety-critical infrastructure. Beyond his work with the AbedGraham Group, Dr. Abed holds additional independent expert roles for The European Commission, World Health Organization (WHO), and the UK Infrastructure and Projects Authority. He holds a degree in medicine from St. George’s Hospital Medical School, University of London; a degree in management from the University of Cambridge; and a degree in software and systems security from the University of Oxford.

Chad Wilson

CISO, Stanford Children’s Health

Chad Wilson is a recognized leader who speaks at national-level government, IT, cybersecurity, and healthcare industry events. Before joining Stanford Children’s in 2019, he was the director of IT security and chief security officer of Washington, DC’s Children’s National Health System; a senior associate for Booz Allen Hamilton who managed cybersecurity services; and the acting CISO and director of information security for MedStar Health who developed the data, mobile, and information security strategies. Wilson’s interest in information security began during his 27-year career in the United States Marine Corps.

David Finkelstein

David Finkelstein

Director IS, St. Luke’s University Health Network

David Finkelstein has been in the cybersecurity industry for the last 12 years. Before getting into IT, Finkelstein spent 7 years getting his education in law. He is a graduate of Widener Law School and spent less than 2 years in the legal world before moving to his true passions, IT and the Military. Finkelstein has been in the US Army for the last 12 years where he initially received his IT and Cybersecurity experience. He continues to serve and enhance his skills in cybersecurity.

Currently, David has been the Head of Information Security for St. Luke’s University Healthcare for the last 6 years. He was brought in to build the program from the ground up, and has moved his organization to understand more than just a need for security but truly having his organization adopt security as their culture. And he has loved every minute of it.

Mike Bray

Mike Bray

CISO, Vancouver Clinic

Michael Bray is the Chief Information Security Officer for The Vancouver Clinic, the largest, independent, physician-owned medical group in the Pacific Northwest. He is also the HIPAA Security Official responsible for maturing the clinic’s management of privacy, security & breach compliance associated with HIPAA. Bray is focused on developing and maturing the organization’s security program by creating a cybersecurity cultural awareness movement with a top-down approach.

Bray has been involved with IT for over 20 years with experience in the financial and healthcare industries. He shifted his focus full time into cybersecurity after assisting several colleagues with major breaches nearly 10 years ago. He holds several certifications in cybersecurity, CISM, CRISC, and CISSP and is an active member with ISACA, ISSA, and FBI’s InfraGard groups. Bray is a recognized leader who has participated and or associated with regional & national level Information Security and Privacy organizations. He is incredibly passionate in areas of information security, privacy, and risk management.

Robert Perry

Robert Perry

CISO, Carillion Clinic

Robert Perry is a high-performance IT professional with over 20 years of experience managing technology and cybersecurity, with proven success in leveraging technical expertise to identify and fulfill business needs. As a big-picture strategist, he is adept at aligning technology initiatives with organizational objectives. He has a track record of effectively leading teams in resolving system crises. He is a recognized cross-departmental liaison with key insights into technology decision making. Perry has an exceptional ability to communicate complex technical concepts to diverse audiences.

Martyn Gill

Martyn Gill

Partner, Wembley Partners

Martyn Gill is a skilled cyber intelligence professional with over 15 years of experience in government, military, and private sectors with a wealth of expertise in delivering complex, technical solutions to mission-critical projects. Supplying defense and government organizations with specialist intelligence capabilities and pioneering innovative methods of intelligence collection makes Gill a proven leader, seasoned in delivering results to high-profile clients in highly demanding and time-critical environments.

Logan Wolfe

Logan Wolfe

Partner, Wembley Partners

Logan Wolfe is an accomplished Canadian risk management and business consultant. He has made significant contributions to combating financial fraud, anti-money laundering, healthcare data security, and artificial intelligence innovation, working at top consulting firms like Deloitte and Ernst & Young. Wolfe is a dedicated scholar—affiliated with the University of Toronto, MIT, and Harvard University. He also serves as Chairman of the Advisory Board at Humber College Institute of Technology and Advanced Learning.

Esmond Kane

Esmond Kane

CISO, Steward Health

Esmond Kane brings over 20 years’ experience leading IT and security programs in multiple industries. In his new role at Steward Health Care, Kane’s focus is on transforming Steward’s approach to information security, threat, and risk management to comply with industry frameworks, regulations, and best practices. Kane and a dedicated team are focused on overcoming the challenges inherent in maturing security without compromising business productivity, patient safety, and exceptional service. He has also held multiple IT and security roles at Harvard University, KPMG, BIDMC, and more.

Michael Archuleta

Michael Archuleta

CIO, Mt. San Rafael Hospital

Recognized as a Top Hospital and Health System CIO to know and named a Rising Star in Healthcare, Michael is a cutting edge, innovative, visionary leader, who possesses strong leadership skills with extensive experience and a proven track record of driving increased levels of productivity, profits, high integrity customer relationship skills, and expert problem-solving approaches. Michael currently serves on the advisory board for Prime Health and as a technology advisor for Self Care Catalyst. He is also an active member of the College of Healthcare Information Management Executives, a cybersecurity advisor to several healthcare startups and an active Speaker within the field of Health Information Technology.

Under Michael’s guidance and leadership, Mt San Rafael Hospital became one of the leading hospitals in the State of Colorado for leveraging advanced technology to enhance the patient and provider experience. With Michael’s innovative, driven approach, the hospital met HIMSS Analytics Stage Six recognition on the eight-stage HIMSS Analytics Electronic Medical Record Adoption Model, a feat only reached by thirty percent of U.S. hospitals. Leveraging advanced Information Technology to improve performance for value-based health care in the areas of infrastructure, business, administrative management, quality, safety, and clinical integration the Information Technology Department has also been presented the 2015, 2016, 2017, 2018 and 2019 Healthcare’s Most Wired Award which is given annually to the top hospitals in the country making the most progress in the adoption of Health Information Technology. Through Michael’s leadership, Mt. San Rafael achieved recognition as the best overall organization from the 2019 Most Wired survey.

Dan Costantino

Dan Costantino

CISO & Assoc. CIO, Penn Medicine

Dan Costantino is an experienced professional with extensive experience building, maintaining, measuring, and maturing information security programs for small and large organizations. He has been responsible for building and managing two separate cybersecurity consulting practices capable of servicing clients ranging from Fortune 500 to startup. He has led and participated in countless client engagements, including single scope risk assessments & penetration tests, ongoing risk management strategies, and annual risk management programs (vCISO). He is well versed in several industry-recognized infosec frameworks and compliance regulations, including NIST SP 800-53, NIST CSF, ISO/IEC 27001/2, HIPAA, PCI, and HITRUST. Client engagements Costantino has led include Fortune 500 and several privately held enterprise environments. Costantino served in the United States Marine Corps for five years over three separate deployments.

Christopher Frenz

Christopher Frenz

CISO, Interfaith Medical Center

Christopher Frenz has been recognized as a Rising Star among healthcare executives and a top healthcare IT leader by Becker’s Hospital Review and Health Data Management. He works for Interfaith Medical Center, a 287-bed facility in Brooklyn, New York, where he developed the hospital’s information security program and infrastructure. Under his leadership, the hospital has been one of the first in the country to embrace a zero trust model for network security. Frenz’s security expertise has been highlighted in his books Pro Perl Parsing and Visual Basic and Visual Basic .NET for Scientists and Engineers—as well as in The Financial Times, CSO Magazine, and SC Magazine. Frenz shares his expertise around the world at events like VMworld, ASIS GSX, and Defcon.

Anahi Santiago

Anahi Santiago

CISO, Christiana Care Health System

Anahi Santiago works for Christiana Care Health System, a large healthcare provider that ranks 21st in the U.S. for hospital admissions. She leads a team that manages risks, implements policies and controls, and generates overall awareness. Santiago is passionate about information security, privacy, strategic alignment, process development, and overall governance.

She is also a member of several ISP (information security and privacy) organizations, an active contributor and committee member, and a nationally recognized speaker on the various ISP-related subjects.

Mark Eggleston

Mark Eggleston

VP & CISO, Health Partners Plans

Mark Eggleston works for Health Partners Plans and is a security program management professional with a unique background combining expertise in information technology, program and people management with diverse experience in managed care and healthcare provider systems. He leads the maturation of various security technologies and privacy initiatives and manages a business continuity and disaster recovery program. Eggleston received a Bachelor of Science in Psychology from Radford University and a master’s in social work from VCU, along with various certifications.

Mitch Parker

Mitch Parker

CISO, Indiana University Health

Mitch Parker, CISSP, is the executive director, Information Security and Compliance, at IU Health in Indianapolis, Indiana. Parker is currently working on redeveloping the Information Security program at IU Health, and regularly works with multiple non-technology stakeholders to improve it. He also speaks regularly at multiple conferences and workshops, including HIMSS, IEEE TechIgnite, and Internet of Medical Things. Parker has a bachelor’s degree in Computer Science from Bloomsburg University, an MS in Information Technology Leadership from LaSalle University, and his MBA from Temple University.

Benoit Desjardins, MD, PhD

Benoit Desjardins, MD, PhD

Associate Professor of Radiology and Medicine, Penn Medicine

Dr. Benoit Desjardins is a reformed hacker from Canada, who pursued a career in medicine followed by graduate studies in AI and Mathematics. An NIH funded investigator, he has been working as a radiologist at the University of Michigan and at the University of Pennsylvania.

Dr. Desjardins has been involved in IT during his entire radiology career, playing key IT roles at both his institutions. He regained his passion for hacking and cybersecurity after attending DefCon. Since then he has completed formal certificates in cybersecurity, CEH and OSCP (pending). He has been working closely with the cybersecurity team at Penn, to improve cybersecurity in radiology, a field filled with vulnerable devices.

Outside work, he is a Black Belt at TaeKwonDo, an ex Boy Scout Leader, a competitive marksman, and is learning to become a pilot.

James Balshi, MD

James Balshi, MD

CMIO, St. Luke’s University Health Network

Dr. James Balshi joined the St. Luke’s Information Technology Department in 2016 as the Chief Medical Information Officer. He has been practicing vascular surgery at St. Luke’s Hospital for over 30 years. Dr. Balshi completed his General Surgery Residency at the Hospital of the University of Pennsylvania, his fellowship in Vascular Surgery at Boston University Hospital, and his fellowship in Endovascular Surgery at the Cleveland Clinic. Dr. Balshi has worked with Information Technology throughout his career facilitating the Allscripts EMR in specialty practices. He assisted the inpatient leadership for the seven-hospital Epic go-live in January 2016 and directed the Network’s 250 Ambulatory site Go Live in January 2018.

As CMIO since 2016, Dr. Balshi provides senior leadership and clinical guidance to the St. Luke’s Heart and Vascular Center team and assumes responsibility for Information Technology Medical Leadership. Dr. Balshi works with the clinical service lines to improve existing systems and provide physician IT leadership through the ongoing addition of Epic clinical modules. He directs additional technology projects enhancing patient care, quality improvement, and the Provider/patient experience. Dr. Balshi’s project priorities include:

Expanding the role of TeleHealth across the spectrum of patient care
Developing the use of Predictive Analytics and Machine Learning in improving Clinical Decision Support.
Refining training techniques for Provider and Clinical staff education.

C. William Hanson, MD

C. William Hanson, MD

CMIO, Penn Medicine

C. William Hanson, III, MD, Professor of Anesthesiology and Critical Care, Surgery and Internal Medicine at the Hospital of the University of Pennsylvania, is an internist, anesthesiologist, and intensivist. He is currently the Chief Medical Information Officer and Vice President of the University of Pennsylvania Health System. Dr. Hanson has extensive experience in medical informatics and was Visiting Professor in the Princeton University Department of Computer Science between 2002 and 2005. Dr. Hanson’s anesthetic specialty is cardiac anesthesia (cardiac surgery, thoracic surgery, lung, and heart transplantation).

His research using “electronic nose” technology to detect diseases such as pneumonia and sinusitis by breath analysis has been featured in Scientific American. He recently published The Edge of Medicine: The Technology That Will Change Our Lives, a non-fiction book profiling innovations in biotechnology that are changing the delivery of medical care and the ways in which they’re altering the human experience.

Also, in the recently published book Smart Medicine: How the Changing Role of Doctors Will Revolutionize Health Care, Dr. Hanson reveals the revolutionary changes that will soon be sweeping through the medical community. Dr. Hanson’s research has been featured in national and international publications, including Popular Science and U.S. News & World Report, and has been a guest on NPR’s Fresh Air as well as television documentaries on the Discovery Channel.

Edwin Menor

Director of Systems Engineering, Cylera

Edwin Menor has a comprehensive list of accomplishments, including the architectural design of the secured RADIUS authentication fabric for the National Energy Research Scientific Computing Center (NERSC) and the first systems engineer for identity engines that pioneered the first iteration of NAC solution. He developed his skills while working for Alvarion, Inc., Armis, Meru Networks, Palo Alto Networks, Ruckus, Wireless, Trapeze Networks, and Zingbox. Menor is an honor graduate with a degree in electronics from the DeVry Institute of Technology.

Menor is a former Mr. California, Mr. San Francisco, and Mr. Los Angeles bodybuilding champion who competed at the Mr. USA bodybuilding championship in an IFBB Pro Qualifying Event. He has also been published in major fitness publications, including Iron Man Magazine and Musclemag International.

Emmanuel Jackson

Emmanuel Jackson

CEO, Evanston Technology Partners, Inc.

First introduced to the community at the age of 17 as a Board Member at the Youth Center of Evanston, Emmanuel Jackson in 1999 created and founded Innovative Technology Systems, a telecommunications infrastructure company where he employed over 140 individuals. Innovative Technology Systems (ITS) served as an outside plant contractor to Ameritech New Media (Americast). Ameritech New Media (Americast) was later sold by its parent company Texas-based SBC Communications Inc. to WideOpenWest LLC.

In 2002, Jackson received a certificate in Executive Management from the University of Wisconsin-Extension now University of Wisconsin System. In that same year, AT&T created and launched a mentor/protégé program that matched vendors with minority suppliers. For Jackson, AT&T’s mentor/protégé program began a decade-long relationship between Jackson and Siemens, now Siemens Healthineers. Innovative Technology Systems served as a subcontractor to Siemens in their central data center office. Jackson continued to serve as both a Consultant and a Contractor to Siemens Healthineers.

In 2007, Jackson was inducted into the Nominator’s Circle at Rice University in Houston, Texas. In 2012, Jackson entered the healthcare industry as a Medical-Surgical Buyer for Saint Francis Hospital in Evanston, Illinois, and in a similar role at Saint Joseph Hospital in Chicago, Illinois. Jackson acted as the Chairman of the New Products Committee at Saint Francis Hospital and as a Contract Administrator at Cook County Administration. In his role as an Administrator, Jackson acted as a Procurement Officer and established relationships as he created/built a team of clinicians and fellow administrators to improve operational outcomes in the management of resources, efficient technology practices, and a quality patient experience.

Jackson then served as Director of Business Development at Health Tech Industries, a pharmaceutical distributor. Under his lead, the Medical/Surgical division was created and launched, resulting in a 40% increase in profitability for Health Tech Industries. Having now worked in the healthcare industry with a full understanding as to what is needed in terms of operation and systems, Jackson created and launched Evanston Technology Partners as a solution to equip healthcare organizations with the system tools needed to bring about efficiency and operational quality, and to decrease costs with applied innovative IT solutions.

Sri Bharadwaj

Sri Bharadwaj

VP Digital Innovation, Franciscan Health

Sri Bharadwaj is Vice President, Digital Innovation, Francisan Alliance (an IDN with 14 hospitals in Indiana and Illinois). Prior to his current role, Sri was CISO, University of California, Irvine, Healthcare (UCI Health), and has over 25 years of Information Management Systems experience in multiple industries including healthcare. Sri has held many leadership positions in provider organizations, health plans. Prior to his current work at UCI Sri consulted with Integrated Delivery Network (IDNs) around ACO, HIE and Clinical integration. Sri has expertise in Applications Development, Enterprise-wide IT Infrastructure, and Operations. Sri is well known for his process knowledge delivering performance improvements in multiple industries during his long tenure with Deloitte in various parts of the Americas, Asia Pacific, and EMEA region. Sri also has expertise in building products for customers through his earlier involvement with SAP AG. Sri is an MS, CHCIO, CPHIMS, PMP, CISSP, Chartered Global Management Accountant (FCGMA) (U.K), and a Six Sigma Black Belt (ASQ).

Thomas August

Thomas August

VP & CISO, John Muir Health

Tom August (CISSP, CPHIMS) is an award-winning CISO and respected industry leader with over 25 years of experience in Information Security, IT Auditing and Risk Management. Tom has made a career in developing, implementing, and managing financially-responsible cyber programs that effectively balance risk, regulatory requirements, and strategic business goals.

Tom currently serves as Vice President & Chief Information Security Officer for John Muir Health, a nationally-recognized healthcare leader comprising two acute care hospitals, a behavioral health center and community health practices located throughout the east San Francisco bay area. As CISO, Tom has overall responsibility for assessing, measuring, addressing, and reporting on technology risk and compliance matters across the entire health system.

Prior to joining John Muir, Tom served in leadership roles at Sharp Healthcare, Sony Corporation, Pacific Life Insurance Company, Deloitte, and Ernst & Young. Tom is a co-author of “The CISO Handbook”, an alumnus of the FBI CISO Academy, and a frequent presenter at healthcare and information security industry events. Tom is widely-recognized for publishing a popular Information Security Buzzword Bingo Scorecard each year to highlight the need for more meaningful dialogue between information security professionals, vendors, and business leaders.

Powell Hamilton

Powell Hamilton

CISO, Centura Health

Powell Hamilton has over 25 years of experience as a cybersecurity executive/specialist and has assisted major organizations in developing and/or improving their security posture and compliance programs. Hamilton has extensive knowledge in compliance regulatory requirements, cybersecurity frameworks and standards, including SSAE 18 SOC 1 and 2, HIPAA/HITECH, MITRE ATT&CK, NIST, PCI DSS, ISO 17799/27002 13485/2016, GDPR and CIS Critical Security Controls.

Today Hamilton is the Interim Chief Information Security Officer (CISO) at Centua Health. Prior to this, Hamilton was the CISO for 11 years for three major healthcare organizations (Scripps Health, City of Hope Medical Center, and Hoag Healthcare) within Southern California.

Hamilton also served on the Information System Security Association (ISSA) Orange County board for 16 years. From 2009 to 2013, Hamilton served as President. In 2015, Hamilton was awarded a Fellow by the ISSA. Hamilton is also a contributing author of the Information Security Handbook (Hal Tipton & Micki Krause) 2010 edition and Information Security—A Strategic Guide for Business.

Mark Sangster

Mark Sangster

VP, eSentire

Mark Sangster is the author of ”NO SAFE HARBOR: The Inside Truth About Cybercrime and How to Protect Your Business,” and is an award-winning speaker at international conferences and prestigious stages– including the Harvard Law School, and author on various subjects related to cybersecurity. He is a contributing author to several leading industry publications, and is a go-to subject matter expert for leading publications and media outlets, including the Wall Street Journal and Forbes when covering major data breach events.

Brave New World: Patient Safety, IoT, and Risk Analytics Post-COVID-19

Morning Keynote

In this keynote session, Dr Abed will share his experience of working with healthcare providers, global government agencies and security companies to address cybersecurity risks from a patient safety perspective. He will discuss how interoperability and digitized workflows has created an opportunity for cyberattacks to cause large scale clinical workflow disruptions and will discuss a novel approach to risk analytics that captures both clinical and technical risk metrics.

Intent, Opportunity, Capability—The Cyber Threat!

Hear From an Expert

Since February this year, perpetrators of cybercrime have seized upon the disruption of the global COVID Pandemic to up their game. According to the United States Health and Human Services, there has been an almost 50% increase in healthcare breaches compared to the same period last year. But this is not just a US problem, healthcare systems across Canada, the UK, Australia and much of Europe have reported a huge increase in attacks against hospitals, banks, schools, government facilities, and other organizations.

Many of these strikes appear to be for the sole purpose of monetary gain with an uptick in ransomware and extortion attacks against the vary hospitals treating COVID patients. Other attacks appear to have been executed by pariah nation-state actors attempting to steal commercial trade secrets and in particular medical research into COVID cures.

How do we defend against those that have seen these times as an opportunity for financial and intellectual gain? Understanding where the attacks are coming from, how they are being executed, and the intent of cybercriminals is critical. Good cyber threat intelligence will tell you that. Great cyberthreat intelligence will tell you even more.

This session from former intelligence analysts from Canada and the UK will explore the world of cybercrime and help you to better understand what you must defend against.

The Need for Evidence Based Security

Hear From an Expert

In recent years, there has been an uptick in cybersecurity spending within most organizations, yet at the same time there has not been a corresponding downtick in data breaches. In fact, studies show that despite this increase in expenditure, data breaches are actually on the rise. As cybersecurity professionals, these seemingly paradoxical trends occurring in tandem should really make us pause and question how we are going about securing our environments. As security professionals, have we ever sat down and truly made an effort to empirically determine what controls are actually effective in our environment and what controls do very little to protect our environment or, worse yet, actually work to undermine our security? It’s time we as security professionals begin to move beyond measuring our security programs in terms of compliance alone and begin to take a more evidence-based approach to how we do security. This presentation will walk you through an illustration of taking an evidence based approach to cybersecurity via the simulation of mass malware outbreak within a healthcare setting. The presentation will discuss the positive and negative lessons learned from conducting the exercise and delve into the resultant implementation of zero trust network as a means of rectifying identified shortcomings.

IEEE/UL P2933—Building an Open Extensible Framework for the IoMT

Hear From an Expert

The IEEE/UL P2933 Working Group is developing open, extensible standards that anyone can use to provide Trust, Integrity, Privacy, Protection, Safety, and Security for the Internet of Medical Things (IoMT). The primary purpose of this framework is to use a standard framework that everyone can see you using. The way you execute and implement the framework is what provides that additional assurance of security. The secondary purpose is to be extensible to future technologies in the healthcare space. With over 200 members spread over 6 continents in 8 primary subgroups, and working relationships with a number of other standards groups, this group is working to design security into the future of the IoMT.

Learning Objectives

Describe the security challenges of the Internet of Medical Things
Outline the aims of the P2933 group in developing that standard framework
Discuss why having a standard framework that addresses salient needs is necessary to advance security

ZeroTrust & Microsegmentation: Combat Attacks Against Medical Devices & HIoT Endpoints

Hear From an Expert

With IoT attacks expanding from 12 million in 2018 to 120 million today, and attacks originating from over 276,000 non-US IP addresses, healthcare organizations need to up their game and get creative about how they protect their most valuable assets – patients!

The concern is that patient safety could be directly impacted by the types of cyberattacks we are beginning to see against network-connected and patient-attached medical devices. This is in addition to the attacks we are already seeing against the availability of healthcare IT systems by ransomware and other extortion, or threats to the integrity and confidentiality of PII, and PHI.

Medical and other Healthcare IoT devices are growing at a phenomenal rate, and most are now ‘connected’ meaning that they could become the target of attack. With few security protections and irregular patching, these devices have become the Achilles heel of hospital cybersecurity and patient safety. We therefore need to look at compensating security controls to minimize risks and keep patients safe.

Adoption of a Zero Trust security framework with Micro Security Segmentation creates a robust and scalable approach to combat rising HIoT numbers and escalating cybersecurity risks, but what is involved when implementing such an approach in a healthcare environment and how can improved security and patient safety be accomplished without causing mass disruption to people, process and procedures?

Two experts tell all!

Building Cyber Resilience in Digital Medicine: Finding Factors Not Fault

Closing Keynote

Given an outcome, we often exaggerate our ability to predict and therefore avoid the same fate. In cybersecurity, this misconception can lead to a false sense of corporate security, or worse, bury the true causes of incidents and lead to repeated data breaches or business disrupting cyber incidents. In this session, we will explore real-world incidents and threats to assemble an actionable cyber resilience framework that adapts to an interconnected and distributed medical practices.