ISMG Healthcare Security Summit: BEC, HIPAA, HICP and MoreCybersecurity and Healthcare Leaders Convene to Foster Thoughtful Dialogue
The Healthcare Security Summit, organized by Information Security Media Group and held in New York City on July 18, brought together prominent leaders from the cybersecurity and healthcare industries to engage in a dynamic exchange of ideas and address pressing challenges faced by the healthcare community. Participants included security professionals from companies such as Johnson & Johnson, GE Healthcare, MJHS Health System, Mount Sinai, and NYC Health and Hospitals and government agencies such as the Department of Health and Human Services.
Industry experts at the summit included Nitin Natarajan, the deputy director of CISA; John Frushour, vice president and CISO at New York-Presbyterian Hospital System; Theresa Lanowitz, head of cybersecurity evangelism for AT&T Business; Rocco Grillo, managing director of global cyber risk and incident response investigation services at Alvarez & Marsal; Oren J. Falkowitz, security officer at Cloudflare; and John Fahey, cybersecurity specialist at Infoblox.
The speakers discussed a wide range of topics, including the challenges of securing medical devices, the latest developments in HIPAA security, the importance of the Health Industry Cybersecurity Practices guide in healthcare, generative AI in healthcare security, CISA's role in safeguarding healthcare infrastructure, and how to prevent and detect privacy breaches.
"It was great to see the greater NYC healthcare community come together to discuss today's burning topics: endpoint security, medical devices, BEC and evolving regulatory requirements. We craft these summits to foster thoughtful dialogue, and this event provided plenty," said Tom Field, senior vice president of editorial at ISMG.
FBI Solution Room
The Solution Room is an interactive conference session designed specifically for cybersecurity leaders. Michael DeNicola, a supervisory special agent for the FBI's New York Office, Cyber Branch, led the session entitled "The Shape Shifters: The Rise and Reinvention of Business Email Compromise Attacks."
Field, who served as moderator, began the session by introducing a fictional security scenario to all the groups. Each group was provided with the same set of questions and collaborated to devise solutions. As the exercise progressed, new information was revealed, adding twists and turns to the scenario.
The session challenged participants to think critically and work cohesively as a team to effectively respond to the evolving situation. The goal was to provide a stimulating and engaging learning experience that equipped attendees with the skills and knowledge needed to handle real-world security incidents.
"The Solution Room exercise has become a must-attend. This session gave attendees the opportunity to jump right into a tabletop exercise and answer tough, real-life questions about how to respond to all of the business-threatening ramifications of a BEC incident," Field said. "These exercises take networking and interactivity to a new level, and our attendees always walk away enriched by the experience."
Medical Device Cybersecurity
During the briefing session on medical device security, presented by Dr. Suzanne Schwartz, director of the Office of Strategic Partnerships and Technology Innovation at the Food and Drug Administration, attendees delved into the latest regulatory developments in this field. Schwartz provided a comprehensive update on the enhanced authority of the FDA in medical device cybersecurity, including insights into the "refuse to accept" policy.
The purpose of the RTA policy is to improve the efficiency of the application review process and ensure that the agency receives complete and well-organized submissions.
"Schwartz, who has presented at the annual ISMG healthcare security summit for several years, provided an update on FDA's expanded authority over medical device cybersecurity as granted by an omnibus spending bill signed into law by President Biden in December," said Marianne Kolbasuk McGee, executive editor for HealthcareInfoSecurity at ISMG.
Schwartz said the FDA closely vets cybersecurity documentation of new medical devices submitted for premarket approval and promptly rejects any devices that lack sufficient cybersecurity details, sending them back to the manufacturers.
After Schwartz's briefing, Phil Englert, vice president of medical devices security at the Health-ISAC, shared other challenges such as legacy device security.
Englert said certain medical device manufacturers had been preparing for more stringent cybersecurity requirements for their products. These preparations were prompted not only by regulatory changes but also by the growing market demand for safer and more secure devices. "Legacy devices are still an ongoing problem, though," he said.
- BEC continues to be a top threat to organizations.
- With the increasing number of connected devices in healthcare, endpoint security is more important than ever.
- Collaboration between healthcare organizations, vendors and government agencies is key to combating cybersecurity threats.
Join us at ISMG's London Cybersecurity Summit on Sept. 19, 2023. Discover cutting-edge strategies and insights from industry experts to safeguard your organization against evolving cyberthreats.