Cyber Security Healthcare
& Pharma Summit

There’s no lack of sensationalist headlines within cybersecurity, not to mention within healthcare. The latest hair-raising headlines making the rounds of both trades are on the topic of “killware,” malware that’s intended to directly cause harm and take lives. At this point, the media attention seems to be driven more by hysteria than reality. However, the root cause of the concern has merit. Cybersecurity within healthcare is of genuine concern and poses significant risk to patients if current trends continue. In this presentation, VP of Security Response Services at ExtraHop and former healthcare CISO, Mark Bowling, will share four of the greatest forces compromising the cybersecurity of the healthcare sector, as well as strategies to combat them.

67% of healthcare organizations have experienced significant security incidents in the past twelve months.1 This rise in cyberattacks combined with NIST’s first updated guidance on healthcare cybersecurity in over a decade means you need to take action. Unfortunately, the conversation we’ve been having around cyber risk is the wrong one. The right conversation is centered on business priorities and the company’s appetite for risk so informed investment choices can be made to defensibly protect your company as it operates, grows and expands.

Join us to discuss how to shift from “how” you protect to “how well” you protect, implement best practices for risk assessment and mitigation and how to deliver better outcomes with less effort.

By attending this session you will learn:
Why “how” you protect must shift to “how well” you protect
How to tie align InfoSec activities to business priorities
New approaches for reducing cyber risk across life sciences and healthcare
Why automation is the way to deliver better outcomes with less effort

Ransomware has dominated cybersecurity news reports for several years now, but it’s not the only threat organizations are facing today. More and more, organizations are adopting new technologies and services while still needing to maintain existing infrastructure, systems, devices and applications. With growing complexity comes an ever-increasing challenge to understand where we are most at risk and determine how best to mitigate it.
In this discussion, we’ll look at what the growing attack surface looks like for many healthcare and pharma organizations and provide strategies for adapting your security program to better understand where vulnerabilities exist across all the various types of assets in your environment and how to mitigate them before the next cyberthreat comes along.

Digital transformation in the Healthcare industry is causing an explosion of hyper-connected IT, IoT and IoMT devices and, with it, a greatly expanded cyber-attack surface. With constant transformation and the explosion of interconnected devices, how do you even begin to plan for a zero trust architecture beyond the managed users and workstations? 

In this session you will learn: 

• How NIST defines Zero Trust and their 7 steps to get there.
• Some of the common pitfalls to avoid.
• Why Zero Trust doesn’t stop at managed users and workstations – IoMT devices must be included in the architecture planning up-front.

This panel will discuss:

• Who are the VAPs (very attacked people), and why are they being targeted?
• Top insider threat risks Healthcare organizations face in 2022
• Analysis of the Top Healthcare Breaches of 2021
• State-specific Privacy Rules, GDPR, and proposed changes to the Privacy Rule – How will this affect the landscape of future breaches?

• ‌Understanding the state of digital transformation in healthcare
  
• Developing network diagrams to know your network
  
• Gaining visibility through asset and resource discovery
  
• Prioritizing risk after a total risk assessment
  
• Identifying security gaps to address
  
• Improving security with a next-gen SIEM solution

As pharmaceutical companies increasingly digitize data and store it online, they become more susceptible to pharmaceutical cyberattacks. While the industry

is comprised of a number of sub-industries with different business models and technology needs, they all must control extremely sensitive and valuable information and ensure an effective security framework. Drug and device manufacturers and biotech companies retain proprietary data ranging from secret formulas for patented drugs, to patient and customer information, to scientific research and advancements.

 The industry is being attacked by adversaries adept at exploiting vulnerabilities and carrying out disruptive cyber campaigns. Cyber threats are used by a variety of bad actors with a range of intended system consequences. These attackers are better resourced and more capable of accomplishing disruption than ever before. In addition to hackers seeking financial gain, pharma companies also have to worry about the full capabilities of nation-states or other pharmaceutical companies with state sponsorship.

 Consequences of a successful breach are dire and may include contaminated drugs, stolen intellectual property (IP), needing to repeat clinical trials, damaged reputation, downtime, litigation, and lost revenue.

 In this session, we will explore the top threats and challenges pharmaceutical companies must overcome when securing their networks, and what’s driving them.

This panel will discuss:

• The state of ransomware today: some of the latest cyber threats and cybercriminals’ changing tactics
• How to identify warning signs and attackers leave trails
• Creating a well-run security operations center for healthcare systems and data to protect from ransomware

The last few years have brought significant change to how we work. The Pandemic forced many people to work from home or remote locations, cyber-attacks continue to become more aggressive and Russia’s invasion of Ukraine has spawned additional cyber risks. Companies continue to move to the cloud and are making robust investments in applications and infrastructure. This session will address the ever-changing technology and business climate and suggest how to protect organizations in this challenging environment.

The year 2021 was a challenging one for cybersecurity, with several high-profile compromises that impacted even large and well-protected healthcare organizations. The presentation will cover nation state, cybercrime, and other cyberthreats including hacktivism facing today’s healthcare organizations.

Attendees will be provided a copy of the Health-ISAC Annual Cyber Threat Landscape Report, which can be leveraged to influence cybersecurity budget and investment decisions for senior leaders and IT/security practitioners in the healthcare sector. The presentation will conclude with basic recommendations and offer additional resources attendees can use including the full threat landscape report.
Learning Objectives:

Learn about the top cyberthreats facing the healthcare sector.
Leverage the threat landscape report to influence cybersecurity budget and investment decisions.
Discover practical steps and resources that attendees can use to improve the cybersecurity posture of their own personal profile and business environments.