- Open Sessions
- Conference Pass
- SecureWorld Plus
- VIP / Exclusive
- Thursday, May 1, 202510:30 amExhibitor Hall openRegistration Level:
- Open Sessions
10:30 am - 5:00 pmLocation / Room: Exhibitor FloorYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
11:00 am[Opening Keynote] Navigating the Future: Privacy and Cybersecurity Challenges in the Era of Smart Medical DevicesRegistration Level:- Open Sessions
11:00 am - 11:45 amIn recent years, the healthcare landscape has witnessed a transformative wave with the advent of smart pills and ingestible medical devices. These innovations promise revolutionary advancements in diagnostics, treatment, and patient care. However, as we venture into this realm of enhanced medical technologies, a critical conversation emerges around the privacy and cybersecurity implications inherent in these devices.
This session aims to explore the multifaceted challenges surrounding privacy and cybersecurity in the era of smart pills and ingestible medical devices. Rebecca will delve into the intricacies of data collection, transmission, and storage within these technologies, examining the potential vulnerabilities and privacy concerns that arise as patients become interconnected with their healthcare providers.
Key topics to be addressed include the secure transmission of sensitive medical data, the role of encryption in safeguarding patient privacy, and the ethical considerations of balancing healthcare advancements with individual data protection. Real-world case studies will be presented, illustrating both the potential benefits and risks associated with smart pills and ingestible medical devices.
Attendees will gain valuable insights into best practices for implementing robust cybersecurity measures, ensuring patient confidentiality, and navigating the evolving regulatory landscape. This session aims to empower healthcare professionals, technology developers, and policymakers with the knowledge needed to strike a balance between innovation and the protection of patient privacy in the dynamic landscape of smart medical technologies. Join us for an engaging discussion that paves the way for a secure and ethical future in connected healthcare.
11:45 amNetworking BreakRegistration Level:- Open Sessions
11:45 am - 12:00 pmLocation / Room: Exhibitor FloorVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
12:00 pm[Opening Fireside Chat] CISO Panel: A Healthcare State of the UnionRegistration Level:- Open Sessions
12:00 pm - 12:45 pmJoin our group of security leaders as we dig into current topics surrounding healthcare and cyber. We’ll touch base on recession and budget planning, cyber insurance challenges, and Artificial Intelligence, and we’ll discuss some of the 2023 predictions and see if they are likely to come to fruition.
12:00 pmInsider Threat Actors & Artificial IntelligenceRegistration Level:- Open Sessions
12:00 pm - 12:45 pmThreat methods and controls utilized for the corporate workforce that now expands beyond the office building and into remote locations is not as comprehensive and effective for those who are typically in the office. The intent of employees may not be malicious but rather inherent to poor practices; however, there are those who happen to begin unintentional but gradually become the intentional insider threat.
This presentation is designed to help individuals identify how seemingly “innocent” activity can make them an insider threat, and how to identify behavioral elements utilizing a number of security solutions. Through live demonstrations, we will show how “everyday activities” can result in higher risk to the company.
Objectives:
- Learn the methodologies utilized by individuals within the organization that would be considered insider threat activity.
- Learn how to identify system and user-based behavioral indicators.
- Learn which existing or enhanced security layer can provide insider threat profile data.
Take-Aways:
- How to identify business processes which can contribute to intentional or unintentional insider threats.
- Enhance procedures required to identify insider threat exposures.
- Enhance awareness training to include additional methods of insider threat.
- Enhance existing physical and digital security layers to better identify specific insider threat activity.
12:45 pmNetworking BreakRegistration Level:- Open Sessions
12:45 pm - 1:00 pmVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
1:00 pmRansomware 2.0: Unmasking the Cyber Extortion EraRegistration Level:- Open Sessions
1:00 pm - 1:45 pmIn this talk, we will embark on a journey into the heart of the ever-evolving cybersecurity landscape, where the emergence of “Ransomware 2.0” marks a significant paradigm shift in cyber threats.
Key take-away: The shift from ransomware to extortion tactics
1:00 pm[Panel] Achieving Continuous Compliance: How to Make IT Work for Your OrganizationRegistration Level:1:00 pm - 1:45 pmSession description to come.
1:45 pmNetworking BreakRegistration Level:- Open Sessions
1:45 pm - 2:00 pmVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
2:00 pmFrom an Army of One to an Army of a Ton: Creating an Effective Security Awareness ProgramAssociate CISO, St. Luke's University Health NetworkRegistration Level:- Open Sessions
2:00 pm - 2:45 pmThe human element of security is one of the most difficult to predictand therefore to secure. Additionally, one of our biggest challenges is building a security awareness program for those who may have never been subjected to one by understanding the aversion to buying into the security program. We have great written resources and guidance from things like NIST 800-53, but it’s much more challenging to overcome the sociological elements of the human factor that prevent success of security-aware cultures, such as aversion to technology, fear, uncertainty, doubt, and simply non-malicious human error. As security professionals, we may lose sight of the fact that the professionals we support also have other jobs. So learning and focusing on security controls can be stressful and daunting.
Incorporating change management methodologies rooted in the psychology of human behavior, such as ADKAR (Awareness, Desire, Knowledge, Ability, and Reinforcement), can assist us as security professionals in facilitating more impactful cultural change through understanding why employees we support act and react the way they do and what other environmental or social factors may influence their decision-making and thought processes. It can also help us gain buy-in from our leadership, nudging from the bottom up, while leading by example from the top down.
The ADKAR change model has been proven to help individuals understand and accept change so companies can successfully innovate and become more efficient. As security professionals, we have to be conscious that security program costs contribute to the rising costs of healthcare, goods, and services. And we often have to find unique and strategic ways to ingrain ownership of security functions within other departments to augment our limited resources. Building a security ambassador program using these change facilitation concepts will help drive cost-effective ownership of the security program throughout the entire organization, creating a deeper business resilience, reducing risk, and truly leading by example—proving we are stronger together.
2:00 pmWhy Are They After Me?! Understanding the Motivation and Techniques of a Threat Actor in Healthcare Cyber AttacksRegistration Level:- Open Sessions
2:00 pm - 2:45 pmWhile threat actors tend not to be picky when it comes to which organizations they target, healthcare provides a lucrative opportunity and is an industry threat actors keep coming back to. The sheer volume and value of the data these organizations contain, the lack of data hygiene, and an inclination to negotiate or pay a ransom due to regulatory pressures are some of the reasons healthcare organizations are so vulnerable to cyber attacks (and why threat actors are so successful).
As the number and cost of healthcare data breaches continues to rise, as a healthcare security practitioner it’s important to get a clear picture of just how this damage is done. In this presentation, we’ll step inside the minds of a threat actor to outline who they are, their motivations, and techniques they use to be successful. We’ll also share real-life scenarios of successful breaches that have had an impact on patients themselves. Attendees will walk away with best practices their organization can utilize to reduce the risk of exposing patient information and healthcare data to the wrong hands.
Takeaways:
- Why healthcare is one of the most targeted industries
- The motivation of threat actors to target healthcare
- How threat actors operate
- The tactics and techniques used to successfully infiltrate healthcare systems and databases
- Whether SaaS applications are an enabler (or detractor) to threat actors
- Best practices your organization can implement today to prevent a cyber attack
Questions:
- Why is healthcare one of the most targeted industries?a. Challenges range from end user access to medical records and services, to medical operations (and equipment) that any incident might jeopardize human lives, all the way to the production floor with pharmaceutical production.
b. Volume and value of the data these organizations contain, the lack of data hygiene, and an inclination to negotiate or pay a ransom due to regulatory pressures
c. Understanding the threats involved around these fields will enable us to further protect against them.
d. What CISOs are worried about the most. - More specifically, why do threat actors and groups target healthcare? (why are they after me?!)
a. The profile of these threat actors
b. Their psychology and motivation
c. Why they specifically target healthcare
d. And how successfully are they at targeting healthcare companies - How do these threat actors operate?
a. State sponsored vs. online crime
b. Initial access, access brokers, lateral movement. Share examples. How does this happen?
c. Patch management, legacy medical devices,
d. Extortion vs double-triple-quadruple extortion
e. Whether SaaS apps are an enabler or detractor to threat actors - Can you share specific examples of major healthcare attacks that have impacted human lives? Example: cyber attack on an Israeli hospital
- What can security leaders and practitioners do to protect customers and organizations from being breached. Best practices to prevent.
- How does a SaaS security solution help to prevent advanced and complex threats?
2:45 pmNetworking BreakRegistration Level:- Open Sessions
2:45 pm - 3:00 pmVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
3:00 pmHIPAA's Digital Evolution: Understanding the 2024 Security Rule OverhaulPartner - Data Protection, Privacy & Security Group, K&L GatesvCISO, Cyber Risk Opportunities LLCRegistration Level:- Open Sessions
3:00 pm - 3:45 pmThe healthcare industry stands at the threshold of its most significant cybersecurity transformation in over a decade with the December 2024 HIPAA Security Rule update. This presentation unpacks the sweeping changes proposed in the Office of Civil Rights’ 330+ page Notice of Proposed Rulemaking, highlighting how these modifications will reshape healthcare cybersecurity practices.
At its core, the update eliminates the ambiguous “addressable” implementation specifications that have long allowed healthcare organizations to sidestep crucial security measures. The new rule mandates specific security controls including bi-annual vulnerability scanning, annual penetration testing, encryption requirements, multi-factor authentication, and network segmentation.
We’ll explore how these changes reflect the evolution from paper-based records to today’s digital healthcare ecosystem, and why traditional compliance approaches will no longer suffice. The presentation will detail practical implications for healthcare organizations, including new documentation requirements, specific timeframes for access management, and enhanced backup and contingency planning protocols.
Whether you’re a healthcare administrator, IT professional, or compliance officer, understanding these forthcoming requirements is crucial for maintaining HIPAA compliance and protecting patient data in an increasingly complex threat landscape.
3:00 pmCybersecurity Strategies for Safeguarding the Surge in Healthcare DataRegistration Level:- Open Sessions
3:00 pm - 3:45 pmIn an era dominated by the digitization of health records, the internet of medical things, and the relentless rise of artificial intelligence, the proliferation of Protected Health Information (PHI) demands heightened cybersecurity efforts from healthcare providers. A pivotal 2018 whitepaper revealed that the healthcare industry generated a staggering 30% of the world’s data volume that year. Fast forward to 2025, where the compound annual growth rate of healthcare data has surged at an astonishing 36%, outpacing manufacturing by 6%, financial services by 10%, and media & entertainment by 11%. As the custodians of this digital deluge, healthcare practitioners must remain vigilant.
References: Coughlin et al Internal Medicine Journal article “Looking to tomorrow’s healthcare today: a participatory health perspective”. IDC White Paper, Doc# US44413318, November 2018: The Digitization of the World – From Edge to Core”.
This presentation not only delves into a spectrum of cybersecurity best practices but also provides crucial insights into crafting an effective Incident Response (IR) plan. As we explore the labyrinth of strengths and weaknesses in cybersecurity measures, we’ll guide you through the essential components your IR plan should encompass. Join us in securing the future of healthcare data while fortifying your practice against the evolving landscape of digital threats.
3:45 pmNetworking BreakRegistration Level:- Open Sessions
3:45 pm - 4:00 pmVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
4:00 pmDeveloping a Crisis Management PlaybookRegistration Level:- Open Sessions
4:00 pm - 4:45 pmWhen a data breach or other cyber incident happens, having a plan in place can mean the difference between a quick recovery and unwanted headlines and irreparable harm to stakeholder trust.
4:00 pm[Panel] Debunking Myths About Cybersecurity InsuranceRegistration Level:4:00 pm - 4:45 pmIn an era dominated by digital advancements and technological integration, the significance of cybersecurity has become more apparent than ever. As organizations grapple with the escalating threat landscape, the role of cybersecurity insurance has emerged as a critical component in mitigating potential financial losses. However, misconceptions and myths surrounding this specialized insurance are pervasive and can hinder informed decision-making.
This session aims to debunk prevalent myths surrounding cybersecurity insurance, offering a comprehensive exploration of the nuanced landscape. We will delve into common misconceptions, such as the belief that cybersecurity insurance is a one-size-fits-all solution, the notion that it encourages lax security practices, and the myth that coverage is unnecessary for small to medium-sized enterprises.
Through insightful discussions and real-world case studies, our expert speakers will unravel the complexities of cybersecurity insurance, shedding light on policy nuances, coverage limitations, and the evolving nature of cyber threats. Attendees will gain a deeper understanding of the vital role cybersecurity insurance plays in an organization’s risk management strategy and discover practical insights for optimizing their coverage.
Join us for an engaging session that aims to empower organizations with the knowledge needed to make informed decisions regarding cybersecurity insurance, ultimately fostering a more resilient and secure digital landscape.
- CensysBooth: n/a
Censys is the one place to understand everything on the internet. We have built and operate the world’s largest internet scanning infrastructure and we empower organizations, individuals and security researchers by providing unparalleled visibility into the global internet landscape. We see more of the internet than anyone else, which gives us the most comprehensive internet visibility in the world. Our two main use cases are attack surface management and threat hunting with so many more on the horizon. Through our comprehensive internet data, we strive to enhance cybersecurity, facilitate data-driven decision-making, and reduce internet exposures for commercial and government organizations across the globe.
- ProofpointBooth: n/a
Proofpoint protects your people, data, and brand from advanced threats and compliance risks with cybersecurity solutions that work. Built on advanced analytics and a cloud architecture, our platform secures the way your people work today—through email, mobile apps, and social media.
Some attacks get through even the best defenses. That’s why our solutions also proactively safeguard the critical information people create. We reduce your attack surface by managing this data and protecting it as you send, store, and archive it. And when things go wrong, we equip security teams with the right intelligence, insight, and tools to respond quickly.
- Krista ArndtAssociate CISO, St. Luke's University Health Network
Krista Arndt is the Associate CISO at SLUHN. As the Associate CISO, Krista is responsible for managing the security program's day to day operational effectiveness. Krista has been working in information security in various capacities for more than 15 years. In her previous roles, Krista assisted with developing and leading security programs in national healthcare, crypto, finance, and the Department of Defense. She currently holds her CISM and CRISC certifications and NHRA competition driver's license.
Krista is an active member of ISACA, serves as InfraGard Philadelphia Chapter’s Healthcare Sector Chief, serves on Neumann University's Business Advisory Council, and is Marketing Committee Chair for Women in CyberSecurity (WiCyS) Delaware Valley Affiliate. Through this service, Krista's mission is to give back to her community by providing mentorship and support for aspiring cybersecurity professionals, especially for women who wish to enter the field.
When off the clock, Krista takes her affinity for overcoming challenges to the garage and the race track, where she enjoys building and improving her own race car, competing as a driver in national drag racing events with her family, and using her racing as a forum to advocate for neurodiversity awareness and inclusion.
- Jake Bernstein, Esq.Partner - Data Protection, Privacy & Security Group, K&L Gates
Jake Bernstein is a practicing attorney and CISSP who counsels clients trying to understand their cybersecurity risks and the legal duties that arise from those risks. In his decade-plus of practice, Jake has acted as both regulator as an Assistant Attorney General with the Washington State Attorney General's Office and as private defense counsel representing companies subject to data security and privacy regulations enforced by federal, state, and international authorities.
- Kip BoylevCISO, Cyber Risk Opportunities LLC
Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.
• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes