4th Annual Medical Device Cybersecurity Risk Mitigation Conference

July 23-24, 2019 | Arlington, VA

Le Meridien Arlington

Download AgendaRegister Now

DAY TWO | WEDNESDAY, JULY 24

8:30 REGISTRATION & WELCOME COFFEE

8:50 CHAIRPERSON’S OPENING REMARKS

9:00 CONNECTING THE PUBLIC & PRIVATE SECTORS TO INCREASE CYBERSECURITY RISK MITIGATION
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), announced a new initiative titled the National Risk Management Center (NRMC), focused on collaboration between the private and public sectors to recognize mutually identified points of critical risk. This innovative concept creates an opportunity for stakeholders, including Health Information and Technology companies, Direct Patient Healthcare organizations, and a Medical Materials Coordinating group, to detect serious risks and share methods to manage vulnerabilities. Through private and public sector collaboration, the medical device industry can further efforts to mitigate overall cyber risks and build a more secure patient health system.

Bob Kolasky, Director, National Risk Management Center, DEPARTMENT OF HOMELAND SECURITY

 

9:30 ADOPTING FDA CYBERSECURITY GUIDANCE INTO PRODUCT DEVELOPMENT & MANUFACTURING
Tom Klein, Vice President of IoT Solutions, KEYFACTOR

 

10:15 COFFEE AND NETWORKING BREAK

 

10:45 CHIEF INFORMATION SECURITY OFFICER PANEL: COLLABORATION THROUGHOUT THE PRODUCT LIFECYCLE
Medical device manufacturers are coordinating with health delivery organizations to ensure clear communication of device vulnerabilities and product risk profiles during the procurement process to accurately address security questionnaires and HDO primary considerations. Current FDA guidances outline the expectation of equally shared responsibility for cybersecurity risk mitigation between manufacturers and HDOs which necessitates robust information sharing practices be implemented following the procurement of a device. In instances when the manufacturer is unable to provide support, HDOs collaborate with third party solutions providers to patch vulnerabilities and administer additional assistance.

  • HDO benchmarks for qualifying devices during procurement
  • Information sharing efforts for equal responsibility
  • Consideration parameters for third party partnerships

MODERATOR:
Mike Kijewski, MEDCRYPT

PANELISTS:
Chris Joerg, CEDARS-SINAI

Kwadwo Bauchie, DIMENSIONS HEALTH SYSTEM

 

11:30 MULTI PART MODULE: INFORMATION SHARING METHODOLOGIES TO COMMUNICATE MEDICAL DEVICE CYBER RISKS
With an abundance of available tools, device manufactures and HDOs utilize a diversified portfolio of strategies to disclose cybersecurity vulnerabilities as well as share valuable information for product management and risk mitigation. As some material can be presented in a detailed report such as white paper geared towards IT professionals in terms of product management, other information requires real-time communication for quick risk resolution to accommodate the fast paced environment of cyber events. Delegates will review industry information sharing techniques and how to leverage existing communication channels to be more equipped in choosing which approach is best suited for internal business needs.

CASE STUDY: HEALTH INFORMATION SHARING AND ANALYSIS CENTER (H-ISAC)

  • Encouraging global collaboration & information sharing
  • Real time use of H-ISAC to detect & share cyber risks
  • Securing industry participation & utilization of H-ISAC

Denise Anderson, President, HEALTH INFORMATION SHARING AND ANALYSIS CENTER

 

11:45 CASE STUDY: MANUFACTURER DISCLOSURE STATEMENT FOR MEDICAL DEVICE SECURITY (MDS2)

  • Navigating the recent updates to MDS2 form
  • Industry implementation & leading benefits
  • Procurement decision parameters from MDS2

Andrew Bomett, Senior Manager, Product Cybersecurity, BOSTON SCIENTIFIC

 

12:00 LUNCHEON FOR ALL ATTENDEES

 

1:15 PANEL: LEVERAGING EXISTING COMMUNICATIONS CHANNELS FOR CYBERSECURITY INFORMATION SHARING

  • Commonly utilized avenues for data sharing
  • Practices for real time information sharing
  • Aligning communication channel with stakeholders
  • Innovative tools for communicating cyber risk
  • Coordinating sharing between HDOs & MDMs

MODERATOR:
Denise Anderson, HEALTH INFORMATION SHARING AND ANALYSIS CENTER

PANELISTS:
Jim Jacobson, SIEMENS HEALTHINEERS

Uma Chandrashekhar, ALCON

Kwadwo Bauchie, DIMENSIONS HEALTH SYSTEM

Joann Mavus, GEISINGER

 

1:45 DEPLOYMENT OF PATCHING STRATEGIES IN COMPLIANCE WITH REGULATORY EXPECTATIONS

  • Interpreting post-market guidance requirements for routine patches
  • Patching devices that lack the infrastructure to support updates
  • Assessing the need for patches in new designs & legacy products
  • Time & cost effective practices to remediate vulnerabilities

Dave Hammond, Senior Software Engineer for DS Cybersecurity, BD

 

2:30 COFFEE AND NETWORKING BREAK

 

3:00 PANEL: MITIGATION STRATEGIES FOR CYBERSECURITY VULNERABILITIES IN LEGACY PRODUCTS
HDOs utilize medical equipment developed 10 to 20 years ago when cybersecurity was not considered a fundamental factor of product development and the industry is continuously working to evaluate the cyber risk of each device model in order to patch vulnerabilities. As HDOs operate on limited resources, it is of the utmost importance that healthcare providers’ budgets and manpower capabilities are equipped to perform outlined manufacturer recommendations for correcting potential threats. Reviewing cybersecurity programs that properly address legacy products will enable device manufacturers and HDOs to reduce risk with early threat detection and utilize clearly outlined standard response strategies.

  • Immediate communication of identified liabilities
  • Evaluating the cyber component of legacy products
  • Training HDO technical teams to patch vulnerabilities
  • Employing third party vendors to patch legacy products

MODERATOR:
Rob Bathurst, BLACKBERRY CYLANCE

PANELISTS:
Dave Hammond, BD

Richard Latayan, HOLLISTER

 

3:45 UTILIZING PENETRATION TESTING TO ANALYZE SECURITY VULNERABILITIES

  • Initial stages to develop an internal penetration testing program
  • Useful resources & third party tools to develop penetration test
  • Translating penetration test results into actionable strategy
  • Incorporation penetration testing in design control processes

HOLLISTER CASE STUDY
Richard Latayan, Cybersecurity and Network Infrastructure Manager, HOLLISTER

 

4:15 BAXTER CASE STUDY
Eirene Shipkowitz Smith, CyberSecurity Architect, BAXTER

Jeramie Johnson, Offensive CyberSecurity Team Lead, BAXTER

 

4:45 END OF CONFERENCE

Download the Agenda

You have Successfully Subscribed!

Share This