2020 Healthcare & Med Device


The Healthcare & Med Device event is included in the VIP All-Access Pass, or can be purchased as a special half-day session ticket.   

The Cyber Security Healthcare and Med Device half-day event from 12:00 – 4:00 p.m. brings healthcare providers and medical device manufacturers together with security experts and others to advance medical device safety and security. Participants include healthcare delivery organizations, device-makers, regulatory agencies, risk managers, insurers, security experts and more.

Ticket also includes option to attend two Monday morning technical sessions.


12:00 – 12:30 PM
Prioritizing Security Efforts – How to Get Out of Fire Drill Mode
Security debt, the byproduct of market incentives, creates risk for healthcare stakeholders. Unfortunately, the resulting risk does not necessarily change active market incentives. As a result, there is a series of cascading failures in the development, regulation, and maintenance of healthcare technology. Therefore, to make a significant impact on the security posture of healthcare and medical devices in particular, a system of policy and technological solutions must: align with active market incentives, enhance the effect of latent market incentives, or create new market incentives. This session explores potential solutions.

Key Learnings:

Who Should Attend?:

Whether you are a seasoned executive or a new security engineer to healthcare, this session will be relevant to you!

Speaker: Seth Carmody, Vice President of Regulatory Strategy, MedCrypt

Session supported by:

12:30 – 1:00 PM
Securing Telemedicine in a Post-Covid World
Telemedicine is here to stay, even in a post-COVID world. It improves outcomes by reaching more people, faster, and with greater efficiency than traditional office visits. It benefits underserved communities, the aged, and the immobile. Plus, it makes healthcare in general more resilient to future pandemics or natural disasters.

Telemedicine has its risks, though. Widespread adoption could disrupt the entire system, forcing major changes in financial models and public policy. And cybersecurity and privacy concerns are sure to grow alongside it. Hackers feast on everything from teleconferencing apps, wireless networks, personal devices, remote monitoring technologies, protected health information and the platforms that maintain it. And there’s no shortage of laws and compliance mandates to consider.

Key Learnings:

Speaker: Steve Caimi, Cybersecurity Specialist, Cisco Systems

1:00 – 1:30 PM
Vulnerabilities Around Patient Monitoring Systems (GE Carescape)
Session examines the identification and actions taken by a healthcare IT security organization to mitigate vulnerabilities associated with a published healthcare IoT vulnerability (i.e. GE CARESCAPE). GE CARESCAPE collects patient physiological data and waveforms, together with demographic data, at the patient-side in real-time and collects that data over a shared network.

Key Learnings:

  • Healthcare IoT
  • Connected Devices
  • Device Security
  • Vendor Risk Management
  • Clinical Engineering/Biomedical Engineering

Who Should Attend?

  • CISOs
  • IT Healthcare Management
  • IT Security Management
  • IT Security Consultants and Engineers
  • Information Assurance Analysts
  • Clinical Engineering / Biomedical Engineering

Speaker: Dave Harvey, Manager of IT Security GRC and Interim IT Security IR Manager, Fairview Health Services

1:30 – 2:00 PM
Towards a Workable Threat Modeling Approach
Threat-modeling has recently gained a lot of attention in the medical device world, both from manufacturers and regulators, as a way of comprehensively identifying threats. In this talk, we lay out the requirements for what a “workable” threat-modeling approach would look like, with “workable” defined as something that is both comprehensive, in that it identifies all possible threats, as well as manageable, in that the threat modeling process can be executed in a reasonable amount of time.

Key Learnings:

  • A new approach to system and sub-system (hardware and software threat modeling
  • A systematic way of defining assets, vulnerabilities, threats

Who Should Attend?

  • Cybersecurity engineers
  • Regulatory and Quality engineers with an interest in cybersecurity 

Speaker: Arnab Ray, Principal Cybersecurity Systems Engineer, Abbott

2:00 – 2:30 PM
FDA/MDIC/MITRE Threat Modeling Bootcamps and Playbook

Speakers: Steve Christey Coley, Principal Cybersecurity Engineer, The MITRE Corporation; Jithesh Veetil, PhD, Program Director (Data Science & Technology), Medical Device Innovation Consortium (MDIC)

2:30 – 3:00 PM
How to Understand and Use Medical Device Utilization Information for Decision Making
Understanding what network devices you have and how those devices are being used can seem like a tremendous undertaking. In this session, we will discuss how Ordr has helped organizations understand their real-time inventory and device utilization. Ordr has worked with some of the largest medical providers today to reduce downtime and improve ROI. Big or small Ordr has worked with them, and we have found the problem areas are to be similar for all Health Delivery Organizations. In this session, we will look at the key use cases Ordr has seen with our clients to; discuss the visibility and insights they need to make educated capital purchases; tips and tricks to better and more efficiently manage their fleet; strategies to manage vulnerable medical systems, and insights into driving efficiency and capital savings with their medical devices.

Key Learnings:

Speaker: Darrell Kesti, Regional Sales Manager, Ordr Inc.

Session supported by:

3:00 – 3:30 PM
Things to Think About When Preparing a Product Submission for Regulatory Review

The medical device cybersecurity ecosystem is dynamically changing for all stakeholders. As a result, the expectations from regulatory bodies around the world are evolving rapidly. In this session, the speaker will cover 5 things to think about when creating submission content used for gaining product approval from regulatory bodies.

Key Learnings:

  • Overview of current regulatory landscape
  • Pitfalls to avoid with regulatory submissions
  • Additional considerations to consider while operating within the medical device ecosystem

Who Should Attend?

  • Medical Device Cybersecurity Practitioners & Management
  • Regulatory Affairs Specialists & Management

Speaker: Nimi Ocholi, Director, Product Security, Medtronic

3:30 – 4:00 PM
Must-Have Contract Security Language (and a COVID-19 Perspective)

Properly drafting data security language in a contract is essential for ensuring the data is protected from public exposure and misuse. All too often, however, parties opt for vague security provisions. Sometimes this is a result of the “drafting-by-momentum,” a tendency that relies on what’s been done before, by the organization, or other drafters. Other times it is just the result of carelessness. And to make matters more challenging, we now need to contend with COVID-19, which has injected additional data security complexity. This session will highlight proper drafting considerations that can help effectively handle the various challenges organizations face in normal times and a pandemic environment.

Key Learnings:

  • Differentiating between “good” and “bad” contractual language
  • What detailed policies and procedures should be required
  • Audit considerations

Who Should Attend?

  • In-house legal
  • Outside counsel

Speaker: Eran Kahana, Attorney, Maslon LLP

Session supported by:

Thank you to our Healthcare & Med Device Host

Thank you to our Healthcare & Med Device Supporters

Sponsorship Opportunities

To learn about available sponsorship opportunities, contact Jennifer Churchill at 763-548-1306 or jennifer.churchill@eventshows.com.

As featured in the Star Tribune, healthcare and medical device organizations are prime targets of cyber-attacks – but now they are striking back.”
“The Twin Cities is a hotbed of medical device development and a perfect location to hold a Healthcare and Medical Device Security workshop. We are putting together a program that should be of particular help for smaller manufacturers and health care providers. It will be a very worthwhile program to attend.”