A guide to cybersecurity at HIMSS17
Cybersecurity is a pressing issue facing healthcare organizations, as hackers get smarter and continue to expand their attacks on the industry. Most healthcare leaders are keeping patient privacy top of mind, and are looking for ways to improve their security posture.
When HIMSS17 kicks off in February, attendees will find cybersecurity will be a major focus.
To start, attendees will find the Cybersecurity Command Center, located in Booth 376, Hall A at the Orange County Convention Center. This exhibit will feature expert talks on the cyber threat landscape, the latest technology and hands-on activities, including educational challenges.
HIMSS17 will also host a variety of educational sessions to focus on current cybersecurity threats - and how to mitigate them. These include:
Healthcare’s Cybersecurity Journey: Posturing for the Present and the Future
This all-day cybersecurity forum is part of the HIMSS17 pre-education day. It will focus on significant past cybersecurity events and the lessons learned during recovery, as well as current threats and vulnerabilities. Attendees will also hear about types of hackers, defense mechanisms and the methods to improve the current state of healthcare security. Some forum highlights include: Strategy is Key: How to Successfully Defend and Protect; From Plans to Pen Testing and Dealing with the Unexpected; and The Road Ahead for the Healthcare Sector: What to Expect.
Speakers Include: Karl West, CISO, AVP Information Systems, Intermountain Healthcare
Ron Mehring, VP Technology & Security, Texas Health Resources
Mitch Parker, executive director, Information Security and Compliance, Indiana University Health
When: February 19, 8 a.m.-4:30 p.m.
Where: Hyatt Regency Orlando, Regency Ballroom Q
Implementing Healthcare Cyber-Hygiene with the Updated Critical Controls: A SANS Workshop
As part of the HIMSS17 pre-education day, this educational forum will zero in on critical security controls selected and defined by the U.S. military and other government and private organization experts. An expert from Enclave Security will discuss past attacks that could have been prevented - or at least mitigated, while identifying crucial security tools every organization should have in place.
Speaker: James Tarala, principal consultant, Enclave Security
When: February 19, 8 a.m.-4:30 p.m.
Where: Room 204B
Ransomware: Risk, Prevention and Mitigation
Two attorneys will discuss weaknesses within an organization’s environment that invite ransomware attacks, as well as identify the best practices to thwart intruders. They’ll also help attendees determine prevention measures specific to the type of organization and talk about the right steps to take after a ransomware attack.
Speakers: Brian R. Balow, member, Dawda, Mann, Mulcahy & Sadler
Tatiana Melnik, attorney, Melnik Legal
When: February 21, 10-11 a.m.
Where: Tangerine Ballroom, F4
Engaging Executives and Boards in Cybersecurity
As cybersecurity becomes a board-level concern, it’s important for healthcare leaders to put cybersecurity at the forefront of the c-suite. Experts from Deloitte and Texas Children’s Hospital will talk about the right way to develop a cybersecurity program, how to construct a business case for a cybersecurity program and find the best way to get senior executives on board.
Speakers: Jimmy Joseph, senior manager, Deloitte & Touche
Sanjeev Sah, CISO, Texas Children’s Hospital
When: February 20, 3-4 p.m.
Where: Room 303A
Cybersecurity: Decision, Habits, Hygiene
A Defense Health Agency executive will reveal the major flaws in cybersecurity training and awareness efforts used today by organizations. He’ll also highlight one of the biggest causes of breaches: human error. Attendees will learn how to track incidents that lead to employees making poor choices and some innovative methods to improve the way organizations approach cybersecurity training.
Speaker: Servio Medina, COO, Cybersecurity Division, Health IT Directorate, Defense Health Agency
When: February 22, 8:30-9:30 a.m.
Where: Room 311A
Putting CMIOs at the Center of Cybersecurity
Experts from Boston Children’s Hospital and Secure Ideas will discuss real-life cyberattack scenarios and lessons to be learned. Medical device security will also be explored, along with the role played in a wide range of attack scenarios. They’ll also push the CMIO into the forefront, with the changing role and how it relates to cybersecurity. This session is part of the AMDIS/HIMSS Physicians’ Executive IT Symposium: Unlocking Value and Embracing Change.
Speakers: Daniel Nigrin, MD, CIO, SVP, Information Services, Boston Children’s Hospital
Kevin Johnson, CEO, Secure Ideas
When: February 19, 12:45-1:45 p.m.
Where: Orange County Convention Center, Regency Ballroom R
The Evolving State of Medical Device Cybersecurity
Leaders from the FDA and MITRE will analyze the FDA’s Postmarket Management of Cybersecurity in Medical Devices, which include new additions that focus on cybersecurity through the lifecycle of the device. They’ll go over current gaps in the medical device cybersecurity landscape and the steps being taken to eradicate these vulnerabilities.
Speakers: Margie Zuk, senior principal cybersecurity engineer, the MITRE Corporation
Suzanne B. Schwartz, associate director, Science and Strategic Partnerships, FDA
When: February 20, 10:30-11:30 a.m.
Where: Tangerine Ballroom, F4
Mitigating Cybersecurity Risk with Hyper-segmentation
IT experts from Ascension and Avaya will delve into IoT, identifying devices, vulnerabilities and risk profiles. Attendees will learn how to apply risk models to devices on their networks, while evaluating exposures. Experts will also talk about the way to employ, assess and prepare hyper-segmentation zones and successful implementation.
Speakers: Eric Miller, senior director, IT, Ascension Information Services
Paul Unbehagen, chief architect, Avaya
When: February 20, 1:30-2:30 p.m.
Where: Tangerine Ballroom, F4
Creating a Culture of Cybersecurity from the Board to the Breakroom
Leaders from Mayo Clinic, National Cyber Security Alliance and San Securing the Human will focus on key elements attendees can use to create a culture of cybersecurity within their organization. They’ll discuss the driving forces behind certain behaviors and the way to educate staff on cyber issues.
Speakers: Joellen Frain, director of Behavior Management, Office of Information Security, Mayo Clinic
Michael Kaiser, executive director, National Cyber Security Alliance
Lance Spitzner, director, Sans Securing the Human
When: February 21, 11:30 a.m.-12:30 p.m.
Where: Room 206A
Medical Device Cybersecurity: Overcoming Challenges to Effective Information Sharing
A Royal Philips executive will explain some of the barriers to data sharing through medical devices, but also the importance of overcoming those challenges. Further, he’ll highlight the need to share cybersecurity issues through coordinated disclosure to improve vulnerabilities. This session is the opening keynote of the Medical Device Security Symposium.
Speaker: Michael McNeil, global product security and services officer, Royal Philips
When: February 19, 8:15-9:15 a.m.
Where: Room 311E
Cybersecurity Challenges in Healthcare
Cyber threat intelligence information sharing programs will be front in center during this sessions, as an NIST leader explains the importance of networking organizations of similar profiles to improve awareness of malicious actors. He’ll also hightlight best practices to more efficiently respond to threats. This session is part of YourTurn at HIMSS17.
Speaker: Gavin O’Brien, computer scientist, National Cybersecurity Center of Excellence, National Institute of Standards and Technology
When: February 22, 1-2 p.m.
Where: Room 300
Related HIMSS17 guides:
⇒ A guide to population health at HIMSS17
⇒ A guide to Women in Health IT happenings at HIMSS17
HIMSS17 runs from Feb. 19-23, 2017 at the Orange County Convention Center.
This article is part of our ongoing coverage of HIMSS17. Visit Destination HIMSS17 for previews, reporting live from the show floor and after the conference.
