The Healthcare and Med Device Seminar brings together healthcare providers and medical device manufacturers to share knowledge that advances device safety and security. With a diverse set of speakers and range of industry perspectives, the full-day event emphasizes actionable lessons from large manufacturers and hospital systems that can also be applied to small and mid-size organizations to strengthen security programs. Participants include healthcare delivery organizations, device-makers, regulatory agencies, risk managers, insurers, security experts and more.
9:30-9:40 AM CT
Opening and Welcome Remarks
Judy Hatchett, Chief Information Security Officer, Surescripts
Mary Diner, Security Director, Optum
9:40-10:10 AM CT
Healthcare Security Threat Landscape
Bill Aerts, Archimedes Center for Medical Device Security
This session will be a high-level summary of current security threats to medical devices and healthcare, and the efforts in place to address the risks. The end result will be a general understanding of the situation, terminology and players.
10:10-10:40 AM CT
What it Takes to Start a Medical Device Security Program
Ben Stock, Director of Healthcare Product Management, Ordr
The healthcare industry is continuously on the bleeding edge of innovation, deploying connected medical devices that significantly improve the quality and delivery of care. With nearly 15 connected devices per bed, the need for visibility and security of these devices is more critical than ever. But, while healthcare technology management (HTM), cybersecurity, and information technology teams share a common objective, there are still barriers to building a successful medical device security program. Join Ben Stock, Director of Healthcare Product Development at Ordr, to discuss ways to build a successful medical device security program and getting HTM, IT, and cybersecurity to work together.
10:40 – 11:10 AM CT
Why Does Cybersecurity Asset Management Matter for Healthcare?
John Seaman, Anxonius
Join this session to learn more about the emerging area of cybersecurity asset management, why all major security frameworks consider asset management to be foundational, and how healthcare organizations can use data from the tools already in place to solve asset management for cybersecurity.
11:10 – 11:40 AM CT
Mayo Clinic Cybersecurity Resilience Program
Debra Bruemmer, Security Resilience – Senior Manager; Mayo Clinic
Sarah Jopp, Mayo Clinic
Mayo Clinic will share its journey to develop and implement a proactive, ongoing asset “certification/validation” process spanning the life-cycle of an asset. The talk will focus on one foundational asset, Windows servers, and key deliverables: secure baseline requirements, certification program, asset drift, and risk measurement. The program measures cybersecurity risk empirically at the asset level, which is consolidated to a fleet view.
11:40 AM – 12:45 PM CT
Security Strategy Break in EXPO
12:45 – 1:15 PM CT
Wrangling Ransomware Worry With Words
Judd Larson, Principal Technologist, Global Quality – Product Security Office, Medtronic
Ransomware has been frighteningly pervasive in the news over the past months. Through the lens of medical device security, we’ll scope out what ransomware is, box in legitimate fears, and drive out uncertainty and doubt.
1:15 – 1:45 PM CT
Legal Aspects of Incident Response
Eran Kahana, Attorney, Maslon
Ransomware is but one type of “incident.” Now, incidents are defined in various ways and contractual provisions can (and typically do) add a layer of complexity and urgency to getting it done right. To that end, it is necessary to begin by referencing the incident response plan and assembling the response team, which includes the company’s legal counsel. This presentation will highlight the critical legal aspects relative to an incident response and is aimed to assist in how to properly leverage legal counsel’s assistance.
1:45 – 2:15 PM CT
Securing the Patient Journey – Lessons from the trenches
Sumit Sehgal, Strategic Product Marketing Director, Armis
Learn practical examples of how to leverage information security data to enable improvements to clinical risk and patient safety. Extending beyond the medical device security, we will showcase insights that require a holistic approach to what security in the next 2 to 3 years will look like related to healthcare device ecosystems.
2:15 – 2:30 PM CT
2:30 – 3:00 PM CT
The Human Element
Keith Ibarguen, Chief Product Officer, Cofense
Healthcare and medical device companies are some of the most targeted organizations in the world. Humans, when appropriately involved in your phishing defense, can be very effective sensors against these attacks.
Through empowering people, we can create a resilience not achieved by technology alone. The power of this collective is achieved through a comprehensive, positive, human-focused program looking at the issues from end to end. Join us to discuss how you can build a better employee: one who can better identify, report, mitigate and remediate zero-day attacks.
3:00 – 3:30 PM CT
Healthcare and the Cloud, What to be Prepared for When Moving or Consuming Applications to the Cloud
Richard Scott, Chief Security Architect, Optum
David Mott, Senior Principal Engineer TLCP, Optum
To be able to successfully utilize public cloud platforms with healthcare applications one has to address a number of foundations items in which we transform the way we look at risk. Security, Risk and Compliance now spans a variety of stakeholders between the Cloud Service provider, Technology teams and the Healthcare Provider. Understanding the basic platform consumption models, your responsibilities and expectations are critical for safe and secure use of public cloud. In this session, we cover the basic tenets of using public cloud hosted healthcare solutions differentiating between IaaS, PaaS, SaaS consumption patterns and what you should be aware of.
In this session, we cover the basic tenants of using public cloud hosted healthcare solutions differentiating between IaaS, PaaS, SaaS consumption patterns and what you should be aware of.
3:30 – 4:30 PM CT
Breaking into Medical Device Cybersecurity: Career Transition
Andrew Bomett, VP & CISO, Boston Scientific; Shruti Iyer, Principal Innovation Architect, Oracle; Michael Johnson, Technological Leadership Institute (TLI); Judd Larson, Principal Technologist, Global Quality – Product Security Office, Medtronic; Daniel Mooradian, Technological Leadership Institute (TLI)
The global demand for Cybersecurity professionals is high, and the need for experts in cyber for medical devices is at the top of that list. This panel will discuss options and opportunities for employees from a wide variety of backgrounds to transition or prepare for a career in med device cybersecurity. The conversation will include perspectives from those who have made the transition as well as hiring managers.
Mary Diner, Director, Optum (Co-chair)
Judy Hatchett, CISO, SureScripts (Co-chair)
Debra Bruemmer, Mayo Clinic
Jon Crosson, H-ISAC
Wendy Feigal, Prime Therapeutics
Shelly L Gustafson, CMDC University of MN
Michael Larson, Ecolab
John Seaman, Anxonius
Christofer Sears, Cofense
Benjamin Stock, Ordr
Dan Teguis, Armis