Pacific Northwest Healthcare Cybersecurity Forum Agenda

Wednesday, November 20, 2019
7:45 AM
Networking
8:45 AM
Networking
9:00 AM
Keynote Presentation
 
This session will focus on how CISOs address and new and upcoming tech in their risk management program. Discussion topics will include how CISOs are bolstering their cyber programs with innovative technology, how AI will impact risk management, and the advent of deep fakes and information security.
 
 
 
9:30 AM
Featured Presentation
 
Managing risks are part of a robust information security program. Our organizations have come to depend on a complex network of third-party relationships. Reliance on third-parties can drive performance, but also pose significant risks. Many organizations are still struggling to effectively manage their third-party information security risks. Risks are especially evident in contracts we enter into with our third parties without consideration for how the organization might be impacted. This session will cover:
  • An understanding of the potential risks that may arise from the use of third-parties
  • The basic elements of an effective third-party risk management program
  • Best practices for controlling third-party risks
     
 
10:00 AM
Industry Partner Spotlight
 
Visibility is great, but what Visibility by itself. It’s not enough to just know about the devices and the risks they pose. You also need to automate the processes to mitigate the risks and orchestrate the appropriate controls. In this session, we will explore how Asset Intelligence from Forescout enables robust automated restrictions and orchestrated workflows.
 
 
 
10:30 AM
Networking
10:45 AM
Featured Presentation
 
Join Dr. Dameff a practicing emergency medicine physician who is also a hacker and security researcher interested in the intersection of healthcare, patient safety, and cybersecurity as he discussed how cybersecurity teams can strategically work with clinicians to manage risk and provide the best care possible.
 
 
 
11:30 AM
Industry Partner Spotlight
 

CrowdStrike's 2019 Global Threat Report details how adversaries typically dwell for 1 hour and 58 minutes before taking action after they've initially gained access to a machine. This "Breakout time", is all the time until an intruder jumps from the machine that’s initially compromised and moves laterally through your network.
    
This is a crucial window to stop the breach, but is not the only metric you need to know. When an attack is in progress, you have on average of one minute to detect it, 10 minutes to understand it and one hour to contain it. Is your organization ready to meet the 1/10/60 minute challenge?
    
Join CrowdStrike security experts for an important, in-depth discussion of the common hurdles organizations face in establishing an effective IR process. You will also learn how next-gen technology including endpoint detection and response (EDR) can help you overcome them.
    
Attend this session to hear CrowdStrike experts discuss:
    

  • What breakout time is and what it means for defenders that are responding to attacks in real time
  • How the incident response process unfolds and the barriers that keep organizations from mounting a rapid and efficient response
  • The key steps you can take to improve your organization’s ability to rapidly detect, investigate and remediate threats
  • Best practices for preventing, detecting in less than 1 minute, analyzing in less than 10 minutes, and responding in less than 60 minutes to stop adversaries

    
When you can detect, analyze, and recover before the 1 hour and 58 minutes from initial compromise, you WIN, and the adversaries LOSE!

 
 
 
12:00 PM
Lunch and Learn
 
There has been tremendous growth in the percentage of network traffic that is encrypted over the last decade. With this comes many challenges for incident responders. Decrypting the traffic is often hard, if not impossible. The rise of encryption has undoubtedly increased privacy for users but we know that threat actors take advantage of it as well. As network defenders our visibility is impacted, and traditional network monitoring detection will not always work.
 
In this talk we will discuss the problem of encrypted traffic as it pertains to network detection and response, educate you on new developments in SSL/TLS, and demonstrate how you can still hunt for and detect badness in encrypted traffic. This talk will be relevant to junior analysts all the way up to senior analysts at mature SOCs.
 
 
1:15 PM
Featured Presentation
 
The problem of out of date legacy hardware, operating systems and applications across the healthcare industry is endemic. This is especially so at small hospitals and clinics where tiny IT and security staffs and highly constrained budgets, prevent the upgrading of end-of-life and often vulnerable technologies. Aggressive sun-setting of Windows versions by Microsoft and near constant patching requirements compound the pressure on small IT staffs to support and secure their health IT infrastructure. Poor coordination between HIT vendors and Microsoft causes healthcare applications to break if patched or remain vulnerable if unpatched. This situation introduces risk into the healthcare delivery environment as IT systems continue to operate with unpatched CVEs and unsupported hardware and software.
 
With limited budgets and no panaceas on the horizon, how can CIOs and CISOs of small or critical access facilities get away from continuing to support dangerous legacy hardware and software? This session looks at the complexity of problems and explores options to reduce risk and solve the legacy hardware and OS problem for good. 

Learning Objectives
  • Learn about the problem of legacy technology and why it is so pervasive in healthcare organizations
  • Understand what risk mitigation options are available to IT teams?
  • Develop ideas for a long term strategy that healthcare leaders can adopt to finally solve the legacy technology problem
 
 
 
 
1:45 PM
2:00 PM
Industry Partner Spotlight
 

In today’s hyper-connected healthcare enterprise, the quantity and heterogeneity of devices connected to your enterprise network is massive – and rapidly growing.  Every area of your institution is a model of connectivity – critical medical, security, facilities and enterprise devices all need access to data in order to aid in the continuing delivery of quality care.  While these devices all represent an opportunity to continually improve patient care, institutional efficiency, and physical security, they also represent potential points of vulnerability. 

Developing a strategy of proactive protection of these devices – and the network to which they are connected – is essential to the security, resiliency and continuity of your healthcare organization’s operations.  However, these devices represent an unique challenge in that they cannot be regulated and secured with traditional agent-based network security solutions. This new era of hyper-connectivity requires a new approach, utilizing your existing best-of-breed network and security infrastructure for enforcement of very sophisticated and granular policies that effectively regulate and control the communication behavior of every class of device.  It is only through this strategy of proactive protection that you can fully take control of your connected infrastructure, increasing network security, building unbeatable system resiliency, and ensuring the continuity of quality healthcare delivery and institutional operations.

 
 
2:30 PM
Featured Presentation
 
Breaches are on the news seemingly weekly, as organizations are struggling to secure their data. Phishing attacks are proliferating and going after our workforce. Ransomware has taken several victims and is also escalating. Healthcare organizations have become prime targets.
 
In this talk, I will share strategies to combat the rise of cybercrime, and how to make your networks more secure. I will discuss administrative, technical, and physical security controls. 
 
  • Have you built a sustainable and dynamic Information Security Plan? Have you shared this with upper management and gotten their buy-in and support?
  • Have you initiated a balanced Security Awareness Program? Are you regularly running scans of both your network and your applications? Are you monitoring your network to detect unusual activity? What about when that dreaded intrusion into your network occurs? Do you know what to do?
  • Are you testing and evaluating your security controls on a regular basis? How often do you test your Disaster Recovery Plan and your Incident Response Plan? Do you have the right people on your IR team?

We are entrusted with highly sensitive data. We must utilize best practices, but they cannot be "best" unless they employ both best privacy and security practices. Come learn if you are doing this and ensure that you indeed protect your confidential information.
 
Don't allow your organization to become the next victim of a breach. 
 
 
2:45 PM
Panel Discussion
 
Join our panel members for an in-depth discussion on current cybersecurity trends and issues in healthcare. Discussion topics will span from board/stakeholder engagement to cloud security, to risk management frameworks and more. 
 
 
3:30 PM