Day Two: Monday, May 18, 2020

7:30 am - 8:00 am Networking Breakfast

8:00 am - 8:05 am Chairperson's Opening Remarks

8:05 am - 8:35 am Securing the Front Lines: Cybersecurity Awareness & Other Human-Centered Approaches to Overcoming Insider Threats

Stephen Fridakis - Chief Information Security Officer, WW (Weight Watchers) International
While the proliferation of threat vectors continues to create challenges to CISO’s within the healthcare space, it’s important to recognize that insider threats will remain a serious vulnerability for organizations for the foreseeable future. This session will delve into how a renewed focus on cybersecurity awareness training is a fundamental component of minimizing and containing the huge vulnerability that insider threats pose to long-term cyber resiliency within a healthcare-focused organization. 

Participate in this session to gain a better understanding of: 
  • emphasizing the human factor of cybersecurity to front-line employees in a meaningful, digestible way that fits the unique nature and risks 
  • development and implementation of a rewards program to foster transparency through positive reinforcement 
  • strategies to identify and empower cross-functional “cyber champions” to reinforce best practices outside of the training room 
  • optimizing clinical workflows to reduce friction and seamlessly integrate advanced cybersecurity technology  
  • the use of identity management to protect against cyber security threats 

Stephen Fridakis

Chief Information Security Officer
WW (Weight Watchers) International

8:35 am - 9:05 am Securing Improved Clinical Outcomes & Creating Synergies through Hybrid Cloud Security Management

While healthcare-focused organizations have been traditionally cautious in terms of adopting hybrid and multi-cloud solutions, a significant number of CISO’s are opting to migrate to a hybrid or multi-cloud environment in order to generate cost saving and generate meaningful operational efficiencies. This session will explore successful strategies to navigate some of the principal security challenges related to the adoption of cloud-based storage environment within a clinically-focused setting. 

Participate this session to gain insights into:
  • hybrid-cloud based disaster recovery 
  • the role that the cloud plays in facilitating improved communications and collaboration among key stakeholders along the continuum of care
  • how cloud computing can accelerate the pace of medical research and contribute to personalized care

9:05 am - 9:35 am Forging a Spirit of Strategic Collaboration to Mitigate Third Party Risk

Cris Ewell - Chief Information Security Officer, University of Washington Medicine
The varying stakeholders present along the continuum of care presents unique challenges when it comes to enabling HIPPA complaint, secure data sharing throughout care delivery. Recent investment in clinical support technology compounds the ambiguity that comes along with managing the degree of cyber security risk that can be directly controlled by the provider. 
Join this session to gain insights into: 
  • leveraging automated risk assessment technologies to streamline operations 
  • heightened risk due to vendor lock-in and potentially extended delays for patching or others forms of remediation 
  • increasing the number of vendor risk controls and establishing metrics to measure the timeliness and efficacy of patches and other forms of third-party remediation 
  • approaches to reducing the high cost associated with conducting annual or semi-annual third party risk assessments in order to make them more financially viable for the organization 


Cris Ewell

Chief Information Security Officer
University of Washington Medicine

9:35 am - 10:05 am Reality Check: Is AI and ML Really Cybersecurity’s Saviour?

Over the past decade, digitization has become an integral part of the clinical experience as well as the administrative processes employed in the healthcare sector. This shift has dramatically increased the vulnerabilities and attack vectors that CISO’s are tasked with identifying and mitigating. Yet, CISO’s are being asked to greatly scale up their operations with a lack of both human and financial capital. Although AI promises to help solve some of these critical issues, this session will seek to identify strategies being employed to identify appropriate use cases and ensure
Hear how your peers are: 
  • leveraging AI/ML technology to free up resources to amplify cybersecurity training and awareness initiatives
  • cautiously integrating AI into their strategy keeping in mind the sensitivity of PHI and possibility of manipulation via social engineering
  • formulating an AI roadmap 

10:05 am - 10:15 am Ignite: Taking a Quantum Leap to Protect Strategic Healthcare Assets

Dive into some of the early, bleeding-edge applications of quantum computing in healthcare cybersecurity with a particular emphasis on applications related to the use of quantum cryptography in medical imaging and HIT infrastructure. This session will also foster a robust discussion concerning how quantum computing could potentially be used by bad actors and APT’s in the future. 

10:15 am - 10:45 am Business Meetings

10:45 am - 11:15 am Business Meetings

11:15 am - 11:45 am Business Meetings

11:45 am - 12:00 pm Networking Break


12:00 pm - 12:45 pm Fool Me Twice: Embracing Deception Technology to Supercharge Threat Detection Response Rates
The proliferation of cyber incidents within healthcare systems has been catalyzed by the increased agility which bad actors leverage to expand the breadth of threat vectors.  Deception technology has emerged as a tool to 
Join this session to gain insights into: 

  • development of a high-interaction, seemingly authentic deception environment in order to disrupt the asymmetry of an attack 
  • how deception technology can aid in mitigating risks related to medical devices
  • meaningfully reducing the amount of false positives as a means of reducing alert fatigue 
  • implementing best-practices in order to avoid undue costs related to the complexity of deployment 


12:00 pm - 12:45 pm Examining the Mixed Landscape of Network Segmentation Deployments
The rise of DDoS attacks has had significant impact in terms of business and clinical continuity. This session will delve into some of the challenges that both large and small health systems face when it comes to the deployment of advanced segmentation technology. 

Participate in this session to gain a better understanding of:

  • conceptualizing strong, well-developed disaster recovery strategy to mitigate business continuity issues. 
  • how to move beyond the traditional perimeter focused approach
  • how internal segmentation firewalls can increase visibility and contain threats  during a DDoS attack

12:45 pm - 1:45 pm Networking Lunch

1:45 pm - 2:45 pm Practitioner Roundtable Discussions

Earlier in the Exchange, we collected your insights and challenges in the cybersecurity space using the Thoughtexchange social learning tool. During this follow-up session, you’ll have dedicated time to sit with your peers and develop an action plan to improve data and analytics operations.
Unfortunately, CISO’s often struggle to gain adequate funding to support a truly offensive cybersecurity posture. Both the traditionally tight profit margins within the healthcare space and focus on investment in novel, bleeding-edge clinical technology often take precedent in the healthcare space, leaving CISO’s with a unique challenge when it comes to funding improvements in terms of cyber hygiene. 

 Offer your experience and insights concerning: 
  • evaluating which legacy systems are most vulnerable and apt for replacement
  • strategies to perform patching or other necessary system updates while minimizing financial and clinical impact
  • successful communication strategies that help non-experts better understand the intrinsic connection between healthy cyber hygiene and improved financial and clinical outcomes 


Tim Swope

Chief Information Security Officer
Catholic Health Services of Long Island


Michael Prakhye

Chief Information Security Officer
Adventist Healthcare

Toby Tsuchida

Information Security Officer
Partners HealthCare

3:15 pm - 3:25 pm A. Ignite: Voice Technology & NLP as the Cybersecurity Battlefield of Tomorrow

Healthcare’s move “to the edge” has necessitated the use of advanced technologies like NLP and AI to support remote health monitoring and telehealth. Learn about some of the ways NLP could be utilized a potential attack vector to access the growing amount of data associated with burgeoning digital health initiatives.

3:25 pm - 3:55 pm Business Meeting

3:55 pm - 4:25 pm Business Meeting

4:25 pm - 4:55 pm Business Meeting

4:55 pm - 5:10 pm Networking Break


5:10 pm - 5:55 pm Incorporating Biometrics to Facilitate A Frictionless Security Posture
The past decade has seen the rise of increased confidence in biometric modalities such as iris scanning and fingerprint recognition among the general public. As the public becomes increasingly confident in this type of technology, healthcare-focused organizations can benefit from integrating biometric access and identity management into their cyber security protocols. 
Join this session to hear how: 
  • deploying biometrics can improve the veracity and velocity of identification processes 
  • achieving improved time management and reducing impact on clinical workflows    
  • leveraging biometrics to avoid duplicate medical records and other burdensome administrative issues 
  • non-traditional biometric modalities (i.e.- behavioural, EKG, finger vein and iris/retina)


5:10 pm - 5:55 pm Living On the Edge: Meeting Emerging Cybersecurity Challenges in Digital Health
The advent of telehealth and other forms of digital health has created a new set of challenges in terms of ensuring optimal cybersecurity. This session will take a deep dive into how CISO’s are navigating the rapidly evolving landscape of remote patient monitoring. Particular emphasis will be placed on application security, API’s and third party risk management. 
Join this session to take a deep dive into: 
  • evaluating whether a BAA (Business Associate Agreement) is appropriate to mitigate their PHI risk
  • ensuring that telehealth related conferencing is encrypted 
  • meeting passwords that expire after a telehealth meeting has ceased 
  • gaining a clearer understanding of how growing utilization rates of home health and an aging population expands the breadth of attack vectors and surfaces

5:55 pm - 6:45 pm Fortifying Your Cybersecurity War Chest: Strategies to Energize Cybersecurity Professionals to Enter into the Healthcare Sector

Robert Lautsch - Chief Information Security Officer, Rite Aid
The talent gap within cybersecurity shows no signs of letting up in the medium to long term.  While emerging technologies and augmented automation will surely optimize security architectures, it’s imperative that CISO’s continue to recruit and develop cybersecurity professionals to combat the threats of tomorrow. 

Participate in this robust discussion centered around: 
  • determining the right balance between hard and soft skills needed for tomorrow’s cybersecurity leaders
  • creating engaging professional development pipelines 
  • forging a sense of business acumen to enable front-line workers to effectively translate the business risks related to inadequate cybersecurity 
  • determining the role that outsourcing might play


Robert Lautsch

Chief Information Security Officer
Rite Aid

6:45 pm - 7:15 pm Cocktail Reception & Networking Dinner