Agenda | Cybersecurity Governance and Controls for Health Care

WEDNESDAY
THURSDAY

TIME ZONE: EST
- EST
- CST
- MST
- PST

Wednesday - October 20, 2021

11:00 AM 11:10 AM

10:00 AM 10:10 AM

9:00 AM 9:10 AM

8:00 AM 8:10 AM

Chairperson’s Welcome and Opening Remarks

Beth Socoski, Chief Strategy Officer
Socoski Design & Consulting

11:10 AM 12:00 PM

10:10 AM 11:00 AM

9:10 AM 10:00 AM

8:10 AM 9:00 AM

Risk Assessment Frameworks and Industry Applicability

• Understand what a privacy officer needs to know about cybersecurity
• Learn approaches to identifying, documenting, tracking, and mitigating risk enterprise-wide
• Dive into risk metrics and quantifying risk, to assess organizational risk appetite
• Discover new ways of looking at risk, beyond cybersecurity regulations and controls, to manage residual risk

Moderator: Mark Dallmeier, CEO
Victory Insights

Panelists:
Sabrina Coleman, Vice President and Corporate Compliance Officer
PacificSource Health Plans

Daniel Shuler, CISO, Director of Information Security
Exponent

Nadia Fahim-Koster, Partner
Meditology Services

12:00 PM 12:15 PM

11:00 AM 11:15 AM

10:00 AM 10:15 AM

9:00 AM 9:15 AM

Break

12:15 PM 1:00 PM

11:15 AM 12:00 PM

10:15 AM 11:00 AM

9:15 AM 10:00 AM

Reduce the Risk of Ransomware Attacks and Other Cyberthreats

Get insight on how breaches can happen and how to negotiate with criminals
Gain best practices and benchmarks to tighten your organization’s information security in the age of cloud computing
Assess IT security and penetration tests for covered entities and business associates
Learn how other organizations track and report on phishing campaigns, retrain their workforce, audit FDRs, work with regulators, and generally manage cybersecurity

Christopher Frenz, Assistant Vice President of IT Security
Mount Sinai South Nassau

1:00 PM 1:15 PM

12:00 PM 12:15 PM

11:00 AM 11:15 AM

10:00 AM 10:15 AM

Break

1:15 PM 2:00 PM

12:15 PM 1:00 PM

11:15 AM 12:00 PM

10:15 AM 11:00 AM

Navigating Privacy Considerations and Legal and Regulatory Requirements

• Discuss how the current regulatory and threat environment is influencing compliance program imperatives
• Survey which critical aspects of your compliance program present the greatest challenges and risks and how to address them
• Achieve HIPAA compliance using cloud service providers
• Understand what the Biden Administration’s attention on cybersecurity and heightened regulation from HHS mean for expectations of health care organizations’ due diligence

Adam Cohen, CISSP, CEH, CCSP, Counsel
BakerHostetler

Beth Socoski, Chief Strategy Officer
Socoski Design & Consulting

2:00 PM 2:15 PM

1:00 PM 1:15 PM

12:00 PM 12:15 PM

11:00 AM 11:15 AM

Break

2:15 PM 3:00 PM

1:15 PM 2:00 PM

12:15 PM 1:00 PM

11:15 AM 12:00 PM

Data is King: The Power of Vendor Risk Data & Analytics

• Gain insights and aggregate risk trends derived from an expansive security assessment database covering 80,000 supply chain vendors
• Better identify vendors with higher risk potential
• Prioritize assessment and remediation efforts more effectively
• Update current staffing and rapid assessment models to evaluate every vendor in your supply chain, sustainingly and within your resource constraints

Rob Taylor, Vice President of Solution Delivery
CORL Technologies

3:00 PM 3:05 PM

2:00 PM 2:05 PM

1:00 PM 1:05 PM

12:00 PM 12:05 PM

Chairperson’s Day One Summary Remarks

Beth Socoski, Chief Strategy Officer
Socoski Design & Consulting

Thursday - October 21, 2021

11:00 AM 11:10 AM

10:00 AM 10:10 AM

9:00 AM 9:10 AM

8:00 AM 8:10 AM

Chairperson’s Day Two Opening Remarks

John Bandler, Founder & Principal
Bandler Law Firm and Bandler Group

11:10 AM 12:00 PM

10:10 AM 11:00 AM

9:10 AM 10:00 AM

8:10 AM 9:00 AM

Emerging Cybersecurity Issues and Federal Agency Protective Actions

• Discuss the Cybersecurity Executive Order requirements and how to leverage IT services you should already have established
• Learn about building an ecosystem to enable collaboration and coordination of public health data in preparation for the latest cyber vulnerabilities
• Apply findings from the GAO about emerging cybersecurity issues and federal agencies’ abilities to protect privacy, sensitive data, and the computing infrastructure
• Discover which information technology and cybersecurity issues accelerated and emerged during the coronavirus pandemic

Jennifer Franks, Director, Information Technology & Cybersecurity Team
U.S. Government Accountability Office

12:00 PM 12:15 PM

11:00 AM 11:15 AM

10:00 AM 10:15 AM

9:00 AM 9:15 AM

Break

12:15 PM 1:00 PM

11:15 AM 12:00 PM

10:15 AM 11:00 AM

9:15 AM 10:00 AM

Case Study: Best Practices for CCO-CISO Partnerships and Organizational Structure

• Discuss how to elevate governance and ensure the right people and various resources are in place
• Examine how one plan reorganized the reporting structure to optimize organizational agility in the age of rising ransomware attacks
• Explore how compliance, privacy, IT, and the Board interact with each other to streamline critical communication and resource allocation
• Identify conflicts of interest in reporting structures and how to avoid them

Maura McGrath, MA, CHC, Chief Compliance and Privacy Officer
Integra Managed Care

Michael Meyn, ALM, CISSP, Chief Information Security Officer
Integra Managed Care

1:00 PM 1:15 PM

12:00 PM 12:15 PM

11:00 AM 11:15 AM

10:00 AM 10:15 AM

Break

1:15 PM 2:00 PM

12:15 PM 1:00 PM

11:15 AM 12:00 PM

10:15 AM 11:00 AM

The Intersection of Ethics, Medical Device Security and Incident Response

• Dive into the complex ethical challenges present in some incident response planning
• Gain best practices from the author of the OWASP/CSA Secure Medical Device Deployment Standard and highlights from Cloud Security Alliance's Medical Device Incident Response Playbook
• Learn more about making clinical-informed security decisions to prioritize and defend resources and networks

Christopher Frenz, Assistant Vice President of IT Security
Mount Sinai South Nassau

2:00 PM 2:15 PM

1:00 PM 1:15 PM

12:00 PM 12:15 PM

11:00 AM 11:15 AM

Break

2:15 PM 3:00 PM

1:15 PM 2:00 PM

12:15 PM 1:00 PM

11:15 AM 12:00 PM

Cybercrime Incident Response Investigation Best Practices to Advance Security Protocols

• You have been breached – what now? Investigate diligently and learn facts to better inform future decisions and actions
• Learn about legal obligations relating to cybercrime investigation and reporting, to facilitate better response and compliance
• Take advantage of the opportunity and lessons learned to improve the substance of your security program and strengthen defenses
• Understand the three sectors that investigate cybercrime - law enforcement, regulatory, and private – to optimize, adapt, and evolve incident response and security

John Bandler, Founder & Principal
Bandler Law Firm and Bandler Group

3:00 PM 3:05 PM

2:00 PM 2:05 PM

1:00 PM 1:05 PM

12:00 PM 12:05 PM

Chairperson’s Summary Remarks and Conference Concludes

John Bandler, Founder & Principal
Bandler Law Firm and Bandler Group

Rise

Wednesday - October 20, 2021

Chairperson’s Welcome and Opening Remarks

Risk Assessment Frameworks and Industry Applicability

Break

Reduce the Risk of Ransomware Attacks and Other Cyberthreats

Break

Navigating Privacy Considerations and Legal and Regulatory Requirements

Break

Data is King: The Power of Vendor Risk Data & Analytics

Chairperson’s Day One Summary Remarks

Thursday - October 21, 2021

Chairperson’s Day Two Opening Remarks

Emerging Cybersecurity Issues and Federal Agency Protective Actions

Break

Case Study: Best Practices for CCO-CISO Partnerships and Organizational Structure

Break

The Intersection of Ethics, Medical Device Security and Incident Response

Break

Cybercrime Incident Response Investigation Best Practices to Advance Security Protocols

Chairperson’s Summary Remarks and Conference Concludes