Keynote - The Current State of Healthcare & Cybersecurity
In this opening keynote, Special Agent M.K. Palmore will describe the current state of the Cybersecurity Threat Landscape with a particular focus on Healthcare. Drawing from his experience as a veteran cybercrime fighter, MK blends memorable anecdotes with cutting-edge insights to heighten awareness of the perils of our uber-connected world. As he delves into the cyber-underworld and the new kinds of threats that can lead to tomorrow’s breaches and insider risks, he offers audiences guidance and practical steps for thinking like the adversary, while managing cyber risks and staying ahead of the bad guys.
Compare Your Privacy & Security Programs with Your Peers - Findings from CynergisTek's Annual Report
CynergisTek will present its 2nd Annual Report an analysis of healthcare’s readiness against the NIST CSF and the HIPAA Security Rule with an evaluation of Business Associates and Privacy readiness. This panel discussion will present an overview of the company’s 2019 Annual Report including trends, insights, and recommendations for moving forward. Experts, from executives to analysts, will illustrate what we saw across the industry CY2018 and where we may be going in 2019 and beyond. Attendees will receive a copy of the 2019 report.
The Behind the Scenes of a Breach Experience
CynergisTek’s Marti Arvin, who has led multiple provider organizations through the breach experience prior to joining CynergisTek and many since, will moderate a panel of diverse experts and practitioners who have dealt with the breaches firsthand and who will share observations from their unique perspectives - - regulator/enforcer, CIO, and security consultant. From incident discovery through the many facets of recovery and resumption, this panel seeks to provide some lessons learned to help others BEFORE they have an incident.
California & Beyond: Impacts of New State Data Protection & Privacy Laws
David Holtzman, an Executive Advisor at CynergisTek, focused on privacy and former Senior Advisor on HIT and Privacy at HHS Office of Civil Rights, will talk about the changes being driven in privacy at the state level. The attention given the California Consumer Privacy Act shines a light on the work of other states to establish data privacy and cybersecurity standards to safeguard data containing consumers’ personally identifiable information (PII). What will it mean to us as individuals? To healthcare, specifically, and to our business relationships inside and outside the industry.
It's Not All About Technology: Creating a Culture of Privacy & Security
The cyber defenders are clearly outnumbered by attackers. But it isn’t just “outsiders.” And technology and tools alone won’t turn the tide. What can we do inside our organization, culturally, to better protect our organizations, our patients, and our workforce? This panel session will discuss how changing the healthcare culture can enhance security and privacy by using your people to improve compliance, risk analysis, and remediation, turning every single person into a privacy, security and compliance officer. Four experienced CISOs with years of experience share some of their ideas on how to achieve this goal.
Outcome of the 405d Workgroup & Recommendations
As a Member of the HHS Cybersecurity Task Force and the 405(d) Task Group of the Healthcare Services Sector Coordinating Council, David will present details of the 405(d). He will share his unique perspective having served on both workgroups and will present some background on the Cyber Security Act (CSA) of 2015, section 405(d) - - the output, industry reception and what is coming next for the Healthcare and Public Health Coordinating Councils.
Managing Vendor Risks Panel
Nearly a third of the incidents experienced in healthcare involve a third-party service provider or business associate. Incidents with covered entities result from both the actions or inaction of third-party partners. Lack of understanding risk, the inadequate setting of expectations, poor engagement oversight, lack of monitoring, and inadequate breach preparation often leaves covered entities responsible for risk, costs, and reputational fallout. This session includes three panelists with programs geared towards applying best practices to mitigate third-party risk.
AI, 5G, IoT & Data in Transit: Four Threats to Watch in 2019
As you think about what security to use and how to deploy it in advance of new cyber threats, this session will help identify the trends and activities most likely to affect your organization - - current and future. In anticipating the major cybersecurity and privacy trends for the coming year, you can find plenty of clues in the events of the past 12 months. Among the now familiar forms of attack, cyber hacks of major corporate systems and websites continued in 2018 and will inevitably be part of the 2019 cybersecurity scene. In addition to those familiar trends, we’ll also see new pressures around AI, 5G, new legislative and regulatory activities, and Supply Chain.
Strategies for Managing Non-traditional Endpoint Security: From Assessment to Managed Services
When is an endpoint not an endpoint? When it is a medical device. While the processes and approaches are similar - - the risk and complexity surrounding medical devices are very different. IT, Security, and Clinical Engineering may understand the number and type of medical devices connected to the network, those that contain ePHI, and the security vulnerabilities of these devices. But medical devices do not follow the same rules as other networked devices.
After inventory, providers must:
• Develop a cybersecurity strategy around medical devices
• Manage the many devices connected to the network
• Remediate identified risks on these devices
Medical device cybersecurity programs should not only protect patient health information and sensitive data, but it will also help your organization assure uninterrupted quality care and reduce risk to clinical operations in a managed and secured digital health environment.
Responding to Cybersecurity Skills Shortage - Education & Other Initiatives
From vendor agnostic, standards and skills-based training, to a commitment to inspiring the next generation to join the industry in the first place, everyone demanding a solution to cybersecurity skills shortage today needs to step up and become part of the solution. This discussion will talk about educational initiatives and industry initiatives in the space. It will also address some specific programs in place, as well as options being discussed by the government and industry to fill the gap. This session, moderated by CynergisTek’s CEO, Mac McMillan promises to be lively and enlightening.
Cybersecurity & Privacy Challenges
This panel will address new and continuing challenges for professionals in healthcare security, privacy, and compliance. It will leverage the experience of experts to illustrate changes in focus, changes in the threat environment and new attitudes about privacy and security all aimed at the healthcare vertical. This panel seeks to be an interactive discussion between the audience and panel members, focused on identifying the key challenges CISOs, CPOs, and compliance professionals need to address today and the future. From the continuous challenge of managing accounts to greater distribution of the enterprise to the role of AI in both offense and defense.
CIO and Board View of Cybersecurity
According to John Halamka, "Today's CIO is no longer an engineering expert at provisioning hardware and software. The CIO broadly communicates, convenes governance groups and supports innovation." While few would argue the role is changing what does that mean for cybersecurity? Most Boards are not adequately addressing cybersecurity today, what will these shifts in the activities of the CIO mean for cyber? Expanded functions, like digital transformation and social media, may elevate the role of the CIO but not if security is not built into that transformation. How will the paradigm shift affecting CIOs change the Board relationship, and will it complicate or ease discussions and focus on cyber or make it even more difficult? Four veteran CIOs will lead this discussion which will hopefully provide a glimpse into the future.
The Enemy Within: An Analysis
Robert Lord is a fellow in New America’s Cybersecurity Initiative. He is also the co-founder and president of Protenus, a leading UEBA platform that leverages artificial intelligence to detect data breaches in healthcare. Before co-founding Protenus, Lord was an MD candidate at the Johns Hopkins University School of Medicine. In this session, using data from the latest Breach Barometer Report, he will discuss the biggest insider threats healthcare organizations face today. Lord will discuss the latest trends and technologies transforming privacy and security in healthcare, what AI can or can’t do to help, and how analytics may help align privacy and security. Attendees will receive a copy of the latest Breach Barometer.
CEO & President, CynergisTek
Mac McMillan is co-founder and CEO of CynergisTek, Inc., a top-ranked information security and privacy consulting firm focused on the healthcare IT industry. He is a member of CHIME’s AEHIS Advisory Board, recognized as a HIMSS Fellow and former Chair of the HIMSS Privacy & Security Policy Task Force. McMillan brings nearly 40 years of combined intelligence, security countermeasures and consulting experience from positions within the government and private sector and has worked in the healthcare industry since his retirement from the federal government in 2000.
EVP of Strategic Innovations, CynergisTek
David has been involved in leading the planning, management, and control of enterprise-wide, mission-critical information technology and business processes for more than 30 years. His unique experience in risk management and control objectives of technology (including audit, security, and privacy) allows him a distinctive perspective in the design and implementation of business applications and the processes that the technology must support. David is also a member of the Health Management Technology Editorial Advisory Board.
Chief Privacy Officer, Orlando Health
Steve Stallard is the Chief Privacy Officer at Orlando Health having joined Orlando Health in 1995. His educational background includes receiving a B.S. degree in Chemistry from the University of Central Florida, a Master’s in Business Administration and a M.S. in Computer Information Systems from the Florida Institute of Technology. He has over 20 years of experience in healthcare in various leadership roles including Applications Manager, Information Technology Auditor and Information Security Manager. Steve is a Certified Information Systems Security Professional, Certified in Healthcare Compliance and is currently responsible for the Information Security and Privacy program at Orlando Health.
Assistant Special Agent-in-Charge & Cyber Security Executive & Chief Risk Officer, FBI San Francisco
M. K. Palmore serves as the Head of the Cyber Security Branch for FBI San Francisco and is a 21-year veteran of the FBI. His responsibilities include the strategic and tactical operational management of several teams of cyber intrusion investigators, computer scientists, analysts and digital forensics personnel charged with conducting and supporting investigations of cyber threat actors in both criminal and national security intrusion matters. Additionally, Mr. Palmore leads the San Francisco Division’s internal security and risk apparatus. Mr. Palmore’s leadership and investigative experiences include: Cyber Security, Crisis Response/Management, Risk-Management Advisory Services, and Counter-Terrorism Investigations and Intelligence Development. Mr. Palmore’s cybersecurity certifications include the ISACA – CISM, ISC2 – CISSP and the Carnegie Mellon University CISO Certificate. He earned a B.S. from the United States Naval Academy and an MBA from Pepperdine University where he currently serves as an adjunct professor in the Information Systems Department for graduate studies. Prior to the FBI, Mr. Palmore served as a commissioned officer in the U.S. Marine Corps.
Clinical Professor at The University of Texas at Austin, and Director of Digital Healthcare Innovation, McCombs School of Business
She leads research in digital healthcare and the development of new digital health educational programs for McCombs’ Executive Education Department. Dr. Field is an experienced technology educator, who has been nationally recognized as a leader in workforce development for Health IT. She is now collaborating with industry experts in healthcare cybersecurity to develop innovative new educational programs to help meet the tremendous workforce needs in this field.
Vice President & CIO, Inspira Health
Tom serves on Inspira’s Executive Team. He is also the current President of NJSHINE, a public Health Information Exchange in South Jersey. Since joining Inspira in 2008, Tom has grown and expanded the capabilities of the Information Systems Department significantly. Under his leadership, Information Systems has received multiple national recognitions as a “Most Wired” hospital and health system and was named the “Best Hospital IT Department” by Healthcare IT News for three consecutive years.
33 years of technical Healthcare IT experience, 15 of which were specialized in Information Security. Lou joined Virtua in July 2008 as the Director of Information Security/HIPAA Security Officer to oversee all information security efforts around Regulatory & Audit Compliance, Policy Development, Technology Risk Mitigation, and Vulnerability Management and to develop and deliver a comprehensive information security program for Virtua. Lou is a frequent presenter on an array of healthcare security topics.
Deputy Chief Information Security Officer, Eli Lilly Corporation
Over her 25-year career, she has emerged as a strategic leader who is not just interested in processes, goals and objectives but most of all she is passionate about her greatest assets…her human capital. Her success has been attributed to her ability to manage large-scale complex projects that cross functional areas within integrated delivery systems and health plans while advancing the skill sets of her team members. Meredith recently transitioned from Henry Ford Health System where she served as their Chief Information Privacy & Security Officer for almost 16 years. She had leadership responsibility for Information & Network Security Services, Information Privacy Services, Privacy & Security Risk Management Services as well as Identity & Access Management Services. As Chief Information Privacy & Security Officer, she had ultimate responsibility for the protection of Henry Ford’s provider, insurance, retail, and research businesses. Her sensitivity to the operational needs of these various businesses helps her guide the objectives of her team to ensure that the operations are successfully married with the technology or regulatory requirements.
VP/ Chief Compliance Officer, UnityPoint Clinic
Andrea serves as the Vice President/ Chief Compliance Officer for UnityPoint Clinic overseeing Compliance, Privacy, Risk Management, and Physician Contracting. Andrea has over 15 years of combined experience in the insurance and health care industries. She has extensive experience with mergers and acquisitions and has conducted numerous operational and government prompted investigations including, but not limited to billing and coding; Stark and Anti-kickback; and malicious use of protected health information (PHI). As part of her diverse experience, Andrea has served in the Federal Public Defender's Program for the Northern District of Illinois- Western Division supporting white collar criminal defense and brings both in-house legal experience, as well as, law firm experience supporting physician practices, health systems, independent diagnostic testing facilities, home health, and hospice.
Technology Director and ISO, Inspira Health Network
He is in charge of the Servers/workstations, the Networks, TV services, and the Telephony and serves as Information Security Officer at Inspira Health Network. He has 25 years of Healthcare experience in IT. He also teaches I.T. at Cumberland County College as an adjunct professor. He is a previous president of the International Management Council and has acquired the Certified Manager certification. He has obtained the CISSP certification from ISC2 as well as the MCSE Sec+ certification from Microsoft. He is a member of DVHIMSS and NJHIMSS.
Distinguished Technical Architect, US Healthcare Industry, Symantec Corporation
Drawing from over 30 years of international experience in the industry, Mr. Wirth is supporting Symantec’s healthcare customers to solve their critical security, privacy, compliance, and IT management challenges. He is an active participant in industry organizations and a frequent speaker at conferences, forums, and webcasts on subjects such as cybersecurity, medical device security, mobile health infrastructure, compliance automation, IT infrastructure optimization, and other healthcare-specific topics. In recognition of his accomplishments, Wirth has been awarded the “2018 ACCE/HIMSS Excellence in Clinical Engineering & IT Synergies Award”. His extensive background in the healthcare IT and medical device industries includes engineering leadership as well as strategic business development and marketing roles with Siemens Medical, Analogic Corp., Mitra Inc., Agfa Healthcare, and currently Symantec Corp. His education includes a BS Electrical Engineering degree (EE) from the University of Applied Sciences, Düsseldorf (Germany) and an MS Engineering Management degree (MSEM) from The Gordon Institute of Tufts University.
SVP & CIO, Cook Children's Health Care System
Cook Children’s is a national award-winning, not-for-profit, integrated pediatric health care system comprised of nine companies. Meadows leads a team of 300+ members covering areas such as infrastructure, applications, telecommunications, and program management. The IS team currently supports 140 project initiatives that include deploying business intelligence, advanced clinical systems, security and enterprise resource management. For 20+ years she has lead efforts for incorporating information systems as a mechanism for facilitating process improvement, clinical quality, and efficiency. Prior to joining Cook Children’s her career included serving in roles as a registered nurse in a Cardiac Transplant Unit; healthcare consulting, project management, and leadership positions at a web development company and a large Electronic Medical Record Company. Meadows also served as a Regional Director for Ascension Health Information Services where she not only lead software implementations but was instrumental in the development of Communities of Excellence.
Senior Vice President & General Manager of Security Analytics & Research, Symantec
A global leader in cybersecurity. Trilling’s division delivers Symantec’s industry-leading threat protection technologies, advanced security analytics, investigations into new targeted cyber attacks, breakthrough innovations in artificial intelligence and machine learning, as well as a variety of shared services including product globalization and product security. Trilling holds a B.S. in Computer Science and Mathematics from Yale University and an M.S. in Computer Science from the Massachusetts Institute of Technology.
SVP of Security Services, CynergisTek
Jeremy Molnar is the Senior Vice President of Security Services for CynergisTek, Inc., which leads the department responsible for delivery of consulting, managed, and professional services in the areas of information security and privacy. He has been with the organization for over 13 years and is a subject matter expert in several areas including information security; strategic planning; risk assessments, analysis, and management; architecture and enterprise security assessments; network and host-based security; intrusion detection/prevention and threat management; log monitoring and management; vulnerability assessments and management; penetration testing and analysis; and disaster recovery/business continuity planning.
Executive Advisor, Cynergistek
Marti Arvin brings more than three decades of operational and executive leadership experience in the fields of compliance, research and regulatory oversight in academic medical and traditional hospital care settings to her position at CynergisTek. She was most recently the Vice President and Chief Ethics and Compliance Officer for Regional Care Hospital System and before that Vice President and Chief Compliance Officer at UCLA Health System and the David Geffen School of Medicine.
CyberPatriot National Commissioner, Air Force Association
Skoch has more than 20 years of experience in leadership positions developing, managing and implementing communications and information systems for the United States Air Force as well as the Defense Information Systems Agency (DISA). During his time at DISA he served as the Principal Director for Customer Advocacy and also as the Principal Director for Network Services. Within the USAF he served as Director of Mission Systems, Director of Communications Operations, and Director of Chief Information Officer Support where he was responsible for aligning information technology systems with business process improvements. He has developed policies for global telephone, video, radio, voice, data and satellite systems. Before joining CyberPatriot, Skoch was a consultant in the cyber and IT industry.
Co-Founder and President, Protenus
Robert is a sought-after speaker and commentator in the fields of artificial intelligence, cybersecurity, and entrepreneurial leadership. His insights have been featured in The Wall Street Journal, The Hill, Forbes, The Baltimore Sun, and a wide array of other publications. Robert is a Fellow at New America. Before co-founding Protenus, Robert was an MD candidate at the Johns Hopkins University School of Medicine. Robert received his A.B. in Social Studies, magna cum laude, from Harvard University.
CISO & Director of Information Services, UCI Health
Sriram Bharadwaj (Sri) is Chief Information Security Officer and Director, Information Systems, University of California, Irvine, Healthcare (UCI Health). Sri has over 25 years of Information Management Systems experience in multiple industries including healthcare. Sri has held many leadership positions in health plans and prior to his current work at UCI Sri consulted with Integrated Delivery Network (IDNs) around ACO, HIE, and Clinical integration. Sri has expertise in Applications Development, Enterprise-wide IT Infrastructure, and Operations. Sri is well known for his process knowledge delivering performance improvements in multiple industries during his long tenure with Deloitte in various parts of the Americas, Asia Pacific, and EMEA region. Sri also has expertise in building products for customers through his earlier involvement with SAP AG (an ERP vendor). Sri is an MS, FHIMSS, CHCIO, CPHIMS, PMP, CISSP, Chartered Global Management Accountant (FCGMA)(U.K), Professional, Academy of Healthcare Management (PAHM), and a Six Sigma Black Belt (ASQ). Sri is Executive Committee member of the Healthcare Sector Coordinating Council Cybersecurity Working Group and is Co-Chair, Marketing and Communications Workgroup.
Executive Advisor, CynergisTek
For over a decade, she both developed health information privacy and security policy, including on emerging technologies and cyber threats, for the Department of Health and Human Services, and enforced HIPAA regulations through spearheading multi-million dollar settlement agreements and civil money penalties pursuant to HIPAA. Iliana also focused on training individuals in both the private and public sector, including compliance investigators, auditors, and State Attorneys General, on HIPAA regulations and policy, and on good data privacy and security practices. As a CISSP, Iliana works hard to bridge the gap between legal requirements for the security of health data and security industry best practices, so that clients can better understand data security issues and jargon.
Manager, Privacy Managed Services, CynergisTek
Michele provides resources to regularly review information system activity such as user activity within ePHI applications; proactively detect suspicious electronic user activity, and utilize industry preferred analytics tools to escalate findings. She has healthcare experience to include: serving as a privacy officer with a physician-owned radiology practice, providing medical technician duties as a Staff Sergeant with the United States Air Force, and performing account management with Medicaid managed care health insurance companies.
Director of Security Services, CynergisTek
Dave leads the execution of enterprise risk assessments and considered to be a subject matter expert, risk management, security incident response, and providing special expertise in NIST Cybersecurity Framework and HIPAA. Prior to his role at CynergisTek, David served as the Director of Technology and Security at Mary Washington Healthcare, where he was responsible for technology leadership and served as the HIPAA Security Officer. David received his Bachelor of Science Degree in Computer Science from Wilkes University and is a Certified Information Systems Security Professional (CISSP). David has 9 years of healthcare cybersecurity experience and 12 years of cybersecurity experience as a federal contractor, business owner and officer in the Air Force. He started his career with assignments at the Pentagon, Langley Air Force Base, Eskan Village Saudi Arabia, and Peterson Air Force Base.
RHIT/Compliance Officer, Aurora Healthcare
Angie Thull is the Compliance Officer for Privacy at Advocate Aurora Healthcare and a Registered Health Information Technician who brings over 14 years of healthcare experience to her team. Her scope of responsibility span from Northern Wisconsin to Central Illinois with 27 hospitals and 500 outpatient locations, serving 2.7 million patients with the help of 70,000 team members. Angie has worked on various projects including the deployment of a proactive monitoring software system and assisting with the integration of two large health care organization privacy programs into one program, now managing more than 60 site privacy officers, coordinating and assisting with all privacy investigations. With the integration, the auditing program Angie oversees will double in size. Angie has 10 years’ prior experience as a leader in Health Information Management where she directed, trained and created procedures as a subject matter expert for hospital sites when legacy Aurora Health Care implemented Epic.
Vice President and Chief Infomation Officer, Tallahassee Memorial Healthcare, Inc.
Mr. Lindsey guides the strategic direction, mission and implementation of all information technology systems within the organization. In leading the team responsible for executing all of the hospital’s technology activities, he oversees and develops the vision for ambulatory and acute Electronic Medical Record systems, financial systems and a wide variety of additional systems that support patient care.
Mr. Lindsey began providing technological support within the field of health care when he became the Director of Infrastructure at Tallahassee Memorial Hospital in 2006. Prior to serving in this role, he held several leadership positions for the State of Florida including Chief Information Officer at the Agency for Workforce Innovation, Director of the State of Florida Data Center, and Chief Information Officer for the Department of Management Services. He began his career as a high school business technology teacher, network administrator, and football coach where he was instrumental in achieving three state championships. Mr. Lindsey is an active member of HIMMS, CHIME, and The Florida Hospital Association.
Network Chief Information Security Officer, The University of Vermont Health Network
The University of Vermont Health Network is a six-hospital system serving the residents of Vermont and northern New York. Prior to joining The University of Vermont Health Network, she served as the Chief Information Security Officer for The University of Vermont Medical Center. Preceding her occupation in the healthcare industry she served on active duty with the US Army - bringing 11 years of experience in computer information security and combat experience with her. Dr. Roszkowski competed her Bachelor of Science degrees in Computer Information Systems and Business Management and a Master of Science in Computer Information Security from Norwich University. She went on to complete her Doctor of Science in Cybersecurity at Capitol Technology University in Laurel, Maryland. Dr. Roszkowski is currently a Certified Information Systems Security Professional (CISSP)