- Cybersecurity, compliance, medical device security, and other pressing security matters will take center stage at the HIMSS19 annual conference, taking place February 11-15 in Orlando, Florida.
Throughout the conference, visitors can visit the HIMSS19 Cybersecurity Command Center at the Orange County Convention Center. Hosting security vendors like Cisco, Clearwater, FairWarning, MimeCast, IBM Security, and many others, attendees can visit these booths for conversations around security and get answers to some of the most pressing security questions.
Attendees can test their knowledge of user awareness, compliance risk, cybersecurity modernization operations, and their cybersecurity knowledge with some of the industry’s leading security experts. The cybersecurity showcase will last all week and will also cover topics like cloud, health app security, and much more.
The HIMSS19 pre-conference on February 11 will feature an all-day Cybersecurity Forum, covering methods to navigate cybersecurity risks to the healthcare sector. Attendees will hear from leading security expert Axel Wirth, Symantec Healthcare Architect, during the opening keynote. He’ll provide insights on trends, successful incident response, and more.
The forum will also cover a wide range of security topics including cloud security and the NIST privacy framework.
From compliance to medical device security, the conference will host many security-based education sessions that will provide attendees with insights from the security sector’s leading experts. Here are the security presentations not to miss at HIMSS19.
To start, the Office for Civil Rights Director Roger Severino will provide attendees with an update on HIPAA compliance and enforcement efforts of the Department of Health and Human Services.
During the session, an Update on HIPAA Compliance and Enforcement from the HHS Office for Civil Rights, Severino will share enforcement trends and actions, along with identifying best practices to ensure an organization remains HIPAA compliant.
As healthcare organizations consider implementing blockchain technology, security and compliance should be a top priority. In the session Blockchain Privacy, Security, Compliance and Regulation, attendees will hear from Microsoft, Sentara Healthcare, and Indiana University Health security leaders on how to implement and use blockchain – while managing privacy, risk and compliance expectations.
Attendees will also learn how blockchain works as a security tool, alongside other mechanisms to mitigate risk around breaches, DDoS, and other security incidents.
During Streamline Payment Card Industry (PCI) Compliance in a Diverse Hospital Environment, attendees will learn about an often overlooked risk area: payment card program security. Leaders from Bon Secours Health System and Coalfire, a security firm, will address security concerns around the tech, including assessing gaps and identifying commonly overlooked areas of improvement.
Perhaps one of the most prominent topics at HIMSS19 will be vendor management: understanding the risk and mitigating legal risk among disparate vendors.
In Assessing When a Vendor’s Security Incident Is a Breach attendees will hear from security leaders from CynergisTek and the University of Iowa around how to assess whether a security incident of a business associate could be a reportable breach. More importantly, they’ll outline the roles compliance, privacy, in-house counsel, and security play in that assessment.
Further, attendees will learn to identify the questions they’ll need to ask business associates in the event of a security incident, including determining the extent of data compromise.
Visitors hoping to gain insight into building security into vendor relationships and contract management should plan to attend the session, Proactive and Preventative Vendor Security Management. An Indiana University Health security leader will explain both the complications and requirements around vendor management programs for medical devices and how to proactively improve vendor relationships.
Lastly, two security leaders will outline the legal considerations around disparate vendors during the session, Let's Get Real: Targeting Legal Risk and Threat Intelligence. Attendees will learn best practice data security program development among vendors through risk assessments and application specific security standards, along with legal risk strategy formulation and threat intelligence consolidation.
Medical Device Security
Medical device security will be a prominent theme throughout HIMSS19 to address some of these concerns.
During Secure Medical Device Procurement, a security leader from Deloitte will discuss the contractual obligations in building security into the purchase and implementation of these devices. Attendees will learn the necessary steps to buying the secure devices and the best approach to reducing risk to patients.
During Mitigating the Next Generation of Risk: Connected Devices, IBM leaders will demonstrate the need for an integrated security program within an organization, by contrasting IT management processes to connected medical devices. In response, they’ll also discuss how organizations can identify the areas for improvement around the management and security of connected devices.
Further, attendees will learn how to build a programmatic approach to managing the safety of those devices and the benefits of an end-to-end approach of securing IT assets in conjunction with devices.
The session Attack Modeling and Mitigation Strategies for Networked Medical Devices will build on that approach, by outlining the vulnerabilities posed by these devices and explaining how to apply threat modeling frameworks and vulnerability scanners to medical devices.
Lastly, the FDA’s Suzanne Schwartz, MD will co-present with MITRE during the session Medical Device Cybersecurity Incident Preparedness/Response. Attendees will hear the challenges organizations face responding to a medical device impacted by a cyberattack, the need for collaboration around these risks, and ways organizations and manufacturers can bolster device cybersecurity incident and response.
Risks to Healthcare
Security leaders from Google Cloud, Nextgen Healthcare, and Secure-24 will provide an update on the cybersecurity risks to the healthcare sector, while sharing with attendees the role culture plays in a holistic security approach during Reactions from the Field: Cybersecurity. Attendees will also learn methods to take back to their organization to create a more resilient security environment.
Edelman will present the session You’ve Experienced A Data Breach—Now What? A Crisis Simulation Exercise, which will provide attendees with actionable advice on how to reduce the impact of security incidents. Attendees will gain understanding on consumer preferences and expectations in the event of breach, along with how healthcare organizations need to adapt to meet emerging threats.