Take 10% Off Your Main Conference Registration! Register with code AP17STD10
HIMSS AsiaPac17 Conference & Exhibition
 

Cybersecurity Essentials for Healthcare Executives

We are running a 1-for-1 promotion for this workshop! (healthcare providers only)
This promo is valid until 20 August
 


Cybersecurity Essentials for Healthcare Executives

A top priority for every healthcare IT executive is protecting their organization from cybersecurity threats and reaches. Just one breach can cost the organization precious time and resources, and the loss of trust by patients and the community can have lasting consequences. In this executive level program, industry experts will present key components of an effective cybersecurity strategy and approaches any organization can take to gain employee support and engagement.

Learn strategies to engage key stakeholders who can become champions of the cybersecurity and risk management plan, and who can provide the support and resources needed to effectively carry out the plan. Gain insights on developing, implementing and using cybersecurity plans at the time of a breach, as well as tips on engaging the organization so cybersecurity becomes a part of every employee's role. Finally, learn how to shift your organization into a cybersecurity learning organization in order to protect valuable data and physical assets.


Learning Objectives
  • Discuss opportunities to incorporate cybersecurity awareness and risk management into the fabric of an organization and the employee mindset.
  • Explain how to engage stakeholders to secure needed resources and funding to support the plan.
  • Identify key steps in preparing an organization against cybersecurity threats and breaches including security frameworks and control measures.
  • Define key components of an effective cybersecurity plan including prevention, response and recovery approaches for successful implementation and staff adoption


Monday, 11 September 2017
08:00 - 08:30Registration and Coffee
08:30 - 08:45Welcome and Opening Remarks [More Info]
Russell Branzell FCHIME, CHCIO, President and CEO, College of Healthcare Information Management Executives (CHIME), USA
08:45 - 09:30Keynote: What Healthcare Professionals Need to know about Healthcare Information Security [More Info]
Russell Branzell FCHIME, CHCIO, President and CEO, College of Healthcare Information Management Executives (CHIME), USA

HIT leaders are consistently tasked with simultaneously keeping up with the state of cybersecurity in healthcare, developing and implementing plans for their organizations and educating their organizations and Board members about the impact of cybersecurity on IT plans and practices. Russ Branzell will cover the current healthcare cybersecurity landscape including the next generation of secure healthcare, the unprecedented risk and current cyberthreats, the top 5 risks in healthcare, current cyber risk initiatives, the cost of security and the work yet to be done.
 
09:30 - 09:45Networking Break
09:45 - 10:30Effective Cybersecurity Begins with Organizational Culture [More Info]
Theresa Z. Meadows MS, RN, CHCIO, FHIMSS, FACHE, Senior Vice President & Chief Information Officer, Cook Children’s Health Care System, USA

Security breaches are a constant and formidable threat. An organization must continuously be alert and seek out the latest trends and challenges around cybersecurity threats and breaches to keep patient data safe. In addition, they must routinely monitor for vulnerabilities and weaknesses within the organization to be aware of potential risks. The core foundation to any effective security program begins with the overall governance and the organization’s culture. This is not a technology project! This session addresses the latest strategies and approaches, from both healthcare and non-healthcare industries, for integrating security programs into the fabric of organizations. 

Learning Objectives:
• Analyze the current and rapidly changing cybersecurity landscape 
• Define basic principles of sound cybersecurity strategy and management 
• Evaluate strategies for Board and organizational awareness, education and communication
 
10:30 - 11:15The CIO/CISO Relationship: What Makes it Work? [More Info]
Theresa Z. Meadows MS, RN, CHCIO, FHIMSS, FACHE, Senior Vice President & Chief Information Officer, Cook Children’s Health Care System, USA
Karl J. West, Chief Information Security Officer and Assistant Vice President, Information Systems, Intermountain Healthcare, USA

The number of cybersecurity threats and the associated legal and compliance requirements that must be addressed in healthcare organizations are increasing exponentially. In addition to external requirements, the organization must establish effective internal cybersecurity accountability and organizational engagement to achieve successful prevention, preparedness, response and recovery. The CIO and CISO are often leading the way to putting the cybersecurity program in place. To achieve these goals, effective partnership between the CIO and the CISO key to the success of the entire program. 

 Learning Objectives: 
• Discuss strategies and best practices for developing, implementing and managing an effective organization-wide cybersecurity program 
• Identify best practices for the CIO and CISO to establish organizational and IT governance, budgeting, accountability and oversight responsibilities including the intersection of good governance practices with compliance 
• Identify legal and other compliance requirements and any associated challenges for consideration by the CIO and CISO 
• Discuss the day-to-day relationship and accountabilities between CIOs and CISOs; what are the keys to success for both?
 
11:15 - 12:00Essential Factors for Cybersecurity Preparedness [More Info]
Karl J. West, Chief Information Security Officer and Assistant Vice President, Information Systems, Intermountain Healthcare, USA

A good defense is the best offense! Organizations must always take a proactive stance of preparedness and integration of effective cybersecurity into the organization ranging from strategic planning, operations, process, workflow to security controls. This session discusses the key components to effectively prepare for a breach, including IT and non-IT functions.  

Learning Objectives: 
• Identify healthcare and non-healthcare strategic security frameworks and ways to leverage these both today and in the future 
• Define IT and non-IT security assessments and best practices for overall management and controls including working with third party trading partners
• Outline strategies for building and retaining security staff talent and expertise 
• Identify approaches to securing adequate funding to support your organization’s security strategies and activities plan
  
12:00 - 13:00Networking Lunch
13:00 - 14:15Case Study: Dealing with a Real Life Data Breach [More Info]

Healthcare providers are key targets for today’s security breaches. Demonstration of effective preparedness and prevention occurs with an organization’s detection, response and recovery to intrusions and breaches. This goes beyond technology to include how an organization deals with the community, patients, medical staff, payers, other trading partners as well as internal staff. This session walks through a real-life breach response model. In an open discussion format, participants will identify how their organizations have responded to each phase of breach response and what safeguards they implemented to prevent further attacks.

Learning Objectives:
 • Discuss tools and processes that effectively positions organization to respond to threats and breaches
 • Identify an effective incident management process including timeline, detection, response, escalation, mitigation, communication and non-IT recovery activities
 • Evaluate effective strategies for training all organizational staff for response and recovery management
 
14:15 - 14:30Networking Break
14:30 - 15:00Insights from the KLAS Cybersecurity 2017 Report [More Info]
Jonathan Christensen, Cybersecurity Report Analyst, KLAS Enterprises, USA

CHIME and KLAS are partnering on a cybersecurity project to discover where the energy exists around cybersecurity in healthcare and provide insights into technologies and measures providers are taking to enhance their security program and better manage risk. The survey reviews the effectiveness of technology vendors and consulting firms and identifies how well EHR vendors support providers' security goals. During this session, participants will learn about the compelling cybersecurity research KLAS is gathering from healthcare providers. KLAS recently interviewed nearly 200 organizations about their security programs (speaking primarily with CISOs, CIOs, CTOs, and other security professionals) and published the findings in its Cybersecurity 2017 Report. The report focuses on the most impactful technologies-specifically DLP, IAM, MDM, and SIEM-and the services provider organizations use most frequently to meet security needs. For bench marking purposes, interview organizations also shared best practices from and insights regarding their current security programs since security in healthcare has changed so rapidly over the past two years. This is a can't miss session for any health IT executive.
 
15:00 - 15:30Process Makes Perfect: Strategies for Cybersecurity Success [More Info]
Jonathan Christensen, Cybersecurity Report Analyst, KLAS Enterprises, USA
Dr. Edward Cheng, CIO, University of Hong Kong (HKU), CIO & GMIT, HKU-Shenzhen Hospital, China

Various cybersecurity legal and compliance requirements must be met by today’s organizations. In addition to external requirements, the organization must establish effective internal cybersecurity accountability and organizational and IT governance to achieve successful preparedness, response and recovery. Compliance with effective security practices leads to effective shared governance. This session unravels this complex aspect of cybersecurity and equip organizations with the latest knowledge to remain on point. 

Learning Objectives:
 • Discuss strategies and best practices with development, implementation and management of an effective organizational-wide risk management and compliance programs
 • Identify best practices for organizational and IT governance, accountability and oversight responsibilities including the intersection of good governance practices with compliance
 • Identify legal and other compliance requirements and any associated challenges for consideration in an effective risk management program
 
15:30 - 16:15Closing Keynote: Developing and Managing an Ongoing Risk Management Program [More Info]

Managing cybersecurity is an ongoing process and requires an organization to have a continuous learning environment in order to be effective dealing with threats and breaches. Organizations must have ongoing risk management programs that involve processes and workflow as well as technology. This involves reaching outside the healthcare industry for insights, best practices and approaches to address cybersecurity. In this session, discover how to stay vigilant by equipping yourself with the latest trends and strategies, and ways to encourage open knowledge sharing between peers focused on effective risk management programs. 

 Learning Objectives: 
• Identify strategies that fosters an organizational culture of continuous learning and process improvement for effective risk management programs including prevention and awareness 
• Discuss strategies and approaches to maintain current working knowledge of cybersecurity and effective risk management programs along with ways to leverage industry knowledge to support effective organizational protections 
• Evaluate the experience from those outside of healthcare and learn how non-healthcare industry experience can be leveraged in your organization
 
16:15 - 16:45Faculty and Sponsor Reactor Panel - Q&A
16:45 - 17:00Program Closing Remarks
17:00 - 18:00Networking Reception