Healthcare Information Security

Cybersecurity News

HIMSS18 Focusing on Holistic Healthcare Cybersecurity

The annual conference shows why HIPAA compliance, medical device security, and employee training at all levels create a holistic healthcare cybersecurity approach.

himss18 healthcare cybersecurity

Source: Thinkstock

By Elizabeth Snell

- Healthcare IT privacy and security professionals will soon be flocking to Las Vegas for the 2018 HIMSS Annual Conference and Exhibition (HIMSS18).

Starting on March 5, healthcare stakeholders will work their way around the Venetian Palazzo Sands Expo Center to learn about the latest trends and hot topics set to hit the industry this year. Over 40,000 individuals are expected to listen in on education sessions, meet with vendors, and network with other healthcare IT professionals.

This year’s privacy and security focused presentations, keynotes, and workgroups are highlighting the importance of a holistic healthcare cybersecurity program.

Organizations should continue to focus on key topics such as maintaining HIPAA compliance, improving medical device security, and implementing comprehensive employee training. But increasingly sophisticated cyber criminals require entities to ensure that numerous areas of data privacy and security are considered. will not be hitting up the City of Lights for this year’s conference, but we have gathered some of the top trends for healthcare IT privacy and security folks to look out for at the five-day event.

Keeping pace with evolving cybersecurity needs

READ MORE: Healthcare Cybersecurity Top Digital Priority for Org Leaders

HIMSS and CHIME will be hosting a cybersecurity forum on Monday, March 5. This is an event where providers can share their experiences in the current threat landscape and learn how to “assess and enhance their security programs.”

Attendees will also learn why a CISO is so critical in the current healthcare environment, and how an individual in this role can effectively perform all necessary job functions.

How organizations are approaching recent and significant cyber attacks will be discussed, and how entities can prepare for potential future attacks.

The following learning objectives will also be at the heart of the all-day event:

  • Discuss the economic aspects of healthcare cybersecurity and what your organization needs to do
  • Explore the potential impacts of medical device cybersecurity
  • Describe how your organization can work better and smarter to enhance its cybersecurity program, despite resource constraints.

Education sessions are also discussing evolving healthcare cybersecurity threats. Boston Paincare Center Information Technology Director Bayardo Alvarez and Sentara Healthcare VP and CISO Dan Bowden are speaking at one such session on Monday.

READ MORE: How IoT Impacts Medical Device Cybersecurity Considerations

The duo will discuss how small, medium, and large organizations all have their own challenges with data security. People, processes, and technology are essential for managing a cybersecurity program. Best practices for smaller entities will be reviewed, including experiences and lessons learned from those in the field.

Similarly, Wednesday’s session of A Holistic Approach to Information Security “will describe the process of using essential information security tools and how their integration improves their effectiveness.”

University Florida Health IT Security Manager Craig Gorme and University Florida Health Enterprise Analyst Jason Noll will discuss the need for organizations to “evolve their security programs to stay ahead” of the current threats.

HIPAA compliance and cybersecurity frameworks

OCR Director Roger Severino will lead an education session on Tuesday, March 6 providing updates on HIPAA compliance and enforcement actions. Severino will also update attendees on OCR’s Phase 2 Audit Program.

Identifying HIPAA compliance best practices, the importance of risk analyses, and patients’ right to access their own health data under HIPAA regulations are just some of the topics that will be covered. Recent HIPAA enforcement actions will be discusses to help entities better recognize patterns of noncompliance.

READ MORE: What Should Entities Expect with OCR HIPAA Enforcement?

Another Tuesday, March 6 session centers on applying the NIST Risk Management Framework into healthcare for a “holistic strategy.” A holistic approach was urged in the 2017 final report from The Health Care Industry Cybersecurity Task Force, and Herrin Health Law, PC Founder Barry Herrin will help organizations approach their risk management.

Attendees can learn how a typical cybersecurity risk analysis addresses privacy and other healthcare risks in the enterprise and how to “re-orient thinking about healthcare enterprise risk management using the NIST Cybersecurity Framework.”

Additionally, Herrin will “describe the re-focus on people and processes to address cybersecurity risks within the healthcare enterprise typically dealt with by technology spending.”

Medical device cybersecurity needed to face sophisticated threats

Medical device cybersecurity vulnerabilities could have long-lasting effects on healthcare organizations, and could even impact patient safety. FDA Cybersecurity Program Manager Seth Carmody will be co-leading a session on managing those vulnerabilities on Tuesday, March 6.

Information Sharing and Analysis Organizations (ISAOs) can help broker medical device vulnerability management and the Common Vulnerability Scoring System (CVSS) can be adapted to assess medical device vulnerability impacts.

The session will also “describe the FDA’s Postmarket Management of Cybersecurity in Medical Devices, to include the main policy tenets FDA has put forward that address security throughout the total product lifecycle.”

Attendees can also learn key lessons on the need for table top exercises with improving medical device cybersecurity.

Ransomware attacks also play a role in medical device cybersecurity concerns. A Wednesday, March 7 session will help stakeholders better understand how collaboration can help develop stronger medical device cybersecurity programs.

Catholic Health Initiatives VP of Privacy, Security and EHR Compliance Oversight Ram Ramadoss will lead a discussion for privacy professionals on how medical device vendors, IT, Compliance, Security and Privacy groups can collaborate to better combat current threats.

The Cybersecurity Command Center

HIMSS18 will continue to provide conference attendees with opportunities to participate in hands on activities and hear from industry experts on privacy and security issues with the return of the Cybersecurity Command Center.

Twice the size as last year’s Center, products and services from over 70 companies will be featured and over 60 learning sessions will be hosted.

Attendees can “learn about cutting-edge technologies and how to best prepare [their] organization to defend against cyber adversaries.”

Whether you are able to hit up the Cybersecurity Command Center or attend one of many sessions or workshops, HIMSS18 will have a topic to pique your interest. Stay tuned to next week as well. We’ll be updating on the healthcare IT privacy and security news coming in from Las Vegas.


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...