Day One: Sunday, May 17, 2020

10:15 am - 10:45 am Registration

10:45 am - 11:00 am Welcome Orientation & Technology Introduction

11:00 am - 11:10 am Chairperson’s Opening Remarks

11:10 am - 11:40 am Ensuring Business Continuity and Maintaining the Integrity of the Clinical Experience through Holistic Threat Management

Paul Connelly - Chief Information Security Officer, HCA Healthcare
As the onslaught of cyber incidents and expanding breadth of attack vectors continues to pose serious business and clinical challenges, the role of the CISO is more critical to business continuity than ever before. This session will focus in on how the CISO’s role in the continuum of care is evolving to drive quantifiable business value through proactive, holistic threat management.   

Join this session to hear how:
•successfully integrating cybersecurity into workflows can assist in overcoming interoperability barriers/ anticipating how augmented interoperability can contribute to proliferation of threat vectors 
•gaining physician buy-in for CISO related initiatives as they tend to prefer allocation to clinical support tools
•successfully positioning cybersecurity as a critical risk to both patients and the enterprise through communication and collaboration 
•moving beyond compliance into a proactive security posture 

Paul Connelly

Chief Information Security Officer
HCA Healthcare

11:40 am - 12:10 pm Championing Cybersecurity as a Critical Component of the Consumerization of Healthcare

Esmond Kane - Chief Information Security Officer, Steward Health Care
The consumerization of healthcare is having profound, long-ranging consequences throughout the continuum of care. As a growing number of patients are experiencing a heightened share of financial reasonability, CISO’s should be prepared to meet consumer’s shifting expectations concerning the security and governance of their PHI and HIP. 

Topics explored include: 
  • improving compliance related to HIPPA Right of Access 
  • creating trust by establishing transparency around data breaches (HIPPA Breach Notification Rule)
  • embracing BYOD and IoMT as a teachable opportunity to increase cybersecurity awareness among end-users  
  • navigating payment integrity  (PCI DSS) 

Esmond Kane

Chief Information Security Officer
Steward Health Care

12:10 pm - 12:40 pm The Digital Identity Dilemma: Establishing A Proactive Identity & Access Management Protocol

Mike Towers - Chief Security Officer, Takeda Pharmaceuticals International Inc.
Healthcare is certainly not immune to the ambiguity that arises with the proliferation of digital identities associated with both human beings themselves and connected devices. As the healthcare industry embarks in its own path of digital transformation, CISO’s are tasked with navigating a complex framework of persistent on-prem sets of applications, a rapidly expanding set of cloud applications, and variety of medical device and cloud-based medical services. 

Join this session to gain insights into: 
  • evaluating how cloud-based identity management can help centralize data and allow for a “single source of truth” 
  • addressing critical gaps in cybersecurity identity policies including overcoming reliance on directory group memberships and manual permission agreements
  • automated provisioning and 
  • how IAM programs are improving the efficiency of both clinical and network access workflows 
  • moving beyond managing identity access on simply a macro level by placing greater focus on granulite
  • criticality of multifactor authentication to combat credential stuffing

Mike Towers

Chief Security Officer
Takeda Pharmaceuticals International Inc.

12:40 pm - 1:40 pm Networking Lunch

1:40 pm - 2:10 pm Healthcare 2.0 : Securing the Brave New World of the Internet of Medical Things

Nick Gerteisen - Senior Director, Global Product Security, Smith & Nephew
The explosion of medical devices is, perhaps, the most pressing challenge that cybersecurity executives will be facing in the next few years. Despite the promise that IoMT connected devices brings in terms of both patient care and engagement, their propagation will be accompanied by a substantial increase in the scope of the attack surface. This session will delve into how a major medical device manufacture is pioneering innovation as a means of improving cyber security. 

Participate in this session to gain insights into: 
  • building in network segmentation for IoMT-connected devices from other, on prem medical devices 
  • understanding how medical device manufacturers  are embedding security functions such as secure boots and boot fuses, device partitioning and crypto engines 
  • addressing zero-day vulnerabilities within a IoMT context 
  • identifying and assessing security flaws in legacy devices built before the advent of embedded security modalities 
  • how the FDA’s Medical Access Innovation Plan will lead to accelerated timelines for fragmented patch updates and other firmware

Nick Gerteisen

Senior Director, Global Product Security
Smith & Nephew

2:10 pm - 2:40 pm Business Meetings

2:40 pm - 3:10 pm Business Meeting

3:10 pm - 3:40 pm Business Meetings

3:40 pm - 3:55 pm Networking Break


3:55 pm - 5:10 pm Achieving Agility with Next-Generation AI-Enabled Threat Detection Systems
Considering that the cyberattack surface continues to expand and evolve as bad actors become more and more nimble, User and Entity Behaviour Analytics (UEBA) is emerging as a means to leverage technologies like ML and AI to achieve a previously unrealized level of agility in terms of threat detection. 

  • thwarting  ATP’s and other forms of targeted attacks 
  • redoing the misuse of privileged accounts 
  • contrast the varying deployment use cases 


4:25 pm - 5:10 pm Quantifying Risk as a Means of Improving Communication Around Cyber Hygiene
Take a deep dive into how the integration of risk quantification assessment (RQA) into an overall cybersecurity strategy can aid risk analysts and CISO”s alike to better communicate the potential economic impact of exposed vulnerabilities to key stakeholders within the C-suite.

•helps identify risk and control options that can reduce future security investment 
•risk dashboards and use cases for other types of risk-related data visualization 
•clearer communication through streamlines Key Risk Indicators (KRI) 
•the role that risk reporting plays in bulwarking  a holistic cybersecurity approach 

5:10 pm - 5:20 pm Presentation of Scholarship Donation to Boston College’s Woods School of Advancing Studies

5:20 pm - 6:00 pm Panel Discussion: Dimensions of Effective CISO Leadership: Avoid Being the Scapegoat

Kevin Powers - Founding Director, MS in Cybersecurity Policy & Governance Program, Boston College, Woods College of Advancing Studies
Fighting cybercriminals in the corporate realm ensure potential career opportunities. As cyber threats evolve, efforts must be made to build cyber risk into overall business models to detect, prevent, and thwart bad actors.  CEOs invest a considerable amount of time into understanding the fiscal initiatives set forth by the CFO to ensure healthy financial outcomes. The same considerations must be given for CISO’s to integrate cybersecurity measures and risk management fully. The absolute key to CISO success rests on the entire executive team. Their attitude and actions tend to make or break CISO’s.
In this session, you will:    
  • Discuss the balance required between technical astuteness, business acumen, and financial risk
  • Hear tactics for earning a permanent seat with business executive leadership teams
  • Explore the need for indicators of compromise for risk management and mitigation like threat intelligence, incident response plans, and cybersecurity policies in the business model


Kevin Powers

Founding Director, MS in Cybersecurity Policy & Governance Program
Boston College, Woods College of Advancing Studies

Ignite Session

6:00 pm - 6:10 pm Ignite Session: Leveraging Dark Web Threat Monitoring to Illuminate Compromised PHI

The majority of highly-sensitive, compromised Personal Health Information is monetized on the infamous, nebulous dark web. This session will explore how dark web monitoring technology has allowed major healthcare organizations to improve the speed and long-term impact of threat detection and mitigation strategies. 

Champagne Roundtables


6:10 pm - 7:10 pm A. Enabling Mobile Convenience Without Sacrificing PHI Security
As the healthcare industry continues to experience a rise in BYOD policies, organizations should comprehensively assess their existing governance framework and determine if it aligns with the complexity of their technical ecosystem. Join this discussion to share ways in which your organization has leveraged mobile device management tools as a means to improve both security and patient engagement. 


6:10 pm - 7:10 pm B. Finding the Right Approach to the GDPR, CCPA & Other Regulatory Frameworks
This session will be centered on navigating the complex regulatory landscape that is emerging. 
 Particular attention will be paid to gaining a deeper understand of the CCPA’s exemptions and how that relates to varying healthcare organization’s operating models. Additionally, we’ll take a look into how HIPPA compliance and emerging legislation has created some ambiguity in terms of cybersecurity and privacy compliance. 


6:10 pm - 7:10 pm C. Identifying the Elements of a Successful SOAR Deployment Within a Complex Health System
Orchestration and automation has the potential to help CISO’s overcome the long-stranding talent glut within SecOps teams in the long-term. Despite this objective, the deployment of advanced orchestration and automation solutions involves a sizable human capital element to ensure that appropriate playbook automation is developed to respond to specific, relevant actions and tasks. Additionally, we’ll discuss how traditional SIEM solution stack can be augmented by decision automation technology and SOAR to dramatically reduce the need for human capital within cybersecurity operations.

8:00 pm - 8:30 pm Cocktail Reception