2021 Agenda

Schedule

November 17, 2021

09:00 AM

Log In

09:20 AM

Opening Remarks

Kopiha Nathan
Privacy and Compliance Officer
HIROC

09:30 AM

Session 1

Case Study: Phishing Defence Strategies to Build Awareness and Bolster System
Security

Like all hospitals, University Health Network has been subjected to increased phishing attacks. To respond effectively, UHN has set up awareness campaigns, tabletop exercises to run through scenarios, as well as developed other in-house security responses to test the robustness of their systems.

Key session takeaways include:

• How to develop proactive awareness campaigns with respect to cyber security
• Developing and instituting best practices for responding to phishing attacks
• How health care organizations can develop partnerships to create regional responses
• Understand the enhanced security and resources UHN is providing to secure its data systems and medical equipment
• Learn how tabletop exercises are building resilience and system confidence

Marc Toppings
Vice President & Chief Legal Officer
University Health Network

10:10 AM

Session 2

Best Practices and Lessons Learned for Building a Successful Cyber Resiliency
Program

Health care organizations have never been more at risk due to cyberattacks, with increases of up to 150%. Additionally, threat actors continue to develop better, more advanced tactics to encrypt data for ransom. And backups are not the answer; criminals are destroying them to ensure their payday.

To navigate this cyber minefield, we should be including cyber resiliency in all our conversations. Health care organizations must have resilient strategies to protect and recover their data.

Key session takeaways include:

• Best practices for protecting critical data and systems against all threats
• How to protect critical infrastructure to continue to provide essential patient care
• Identify the key infrastructure components to ensure their inclusion in recovery planning
• Create robust SOPs to ensure an effective and efficient recovery environment

David Finley
Cyber Recovery Strategy, Global Technology Office
Dell

10:50 AM

Break

11:00 AM

Session 3

HIROC Networking & Information Sharing Session – Ransomware Attack Simulation: A Cyber Attack Exercise On How To Respond

When attacks occur, you must respond quickly to maximize your effectiveness. With Ransomware attacks the stakes are even higher. Through this interactive session you will learn a host of duties you are required to carry out when you first encounter a Ransomware attack. Through active participation in small breakout groups, you will undergo a Ransomware cyberattack exercise. We will provide response strategies and share valuable insights into resiliency and governance.

To understand what an effective Ransomware response looks like, HIROC will hold a networking breakout session where we go over the steps you must take to correctly respond to an event.

Key session takeaways include:

• Determine how to initiate the response, and how to mobilize your team
• Create an action plan on how to report the attack up the chain and to authorities
• Learn the best strategy to going back online, and how to learn from your experience

Kopiha Nathan
Privacy and Compliance Officer
HIROC

12:00 PM

Lunch & Sponsored Networking

12:40 PM

Session 4

Case Studies and Lessons Learned on Increasing Retention and Impact During
Security Awareness Training

Too often front-line workers are ill equipped to deal with cyber-attacks and resorting to “not part of my job description” and “that is for the IT guys to deal with.” Aligning cyber breaches and phishing simulations with training sessions serves as an eye opener for just how easy it is to compromise your own organization.

Through exclusive case studies, we will focus on the lessons learned from training thousands of front-line healthcare workers. Exploring the various approaches from organizations of all sizes, you will understand how learning objectives are met and retained.

Session learning objectives include:

• Increase your understanding of how to train staff to amplify retention and awareness more effectively
• Assess the role of visuals (statistics, videos, examples) to convey the importance of cyber security education
• Attain new stats directly from case studies to demonstrate the efficacy of cyber awareness training
• Creative ways to design solutions for smaller healthcare providers with limited budgets
• Gather lessons learned directly from the IT representatives of organizations who will provide their perspectives through a panel discussion with different perspectives

Simeon Kanev
Privacy Business Lead
Alliance for Healthier Communities

Tyler Kempt
IT System Administrator
Community Health Centres of Northumberland

01:30 PM

Session 5

Cyber Security and Working From Home: Lessons Learned from COVID 19

The COVID 19 outbreak created an unprecedented case study in remote working. With businesses shuttering during the downturn, and hospital staff working both onsite and remotely, attacks still occurred, and the opportunity for security breaches were increased.
What did we learn from the front lines of cyber security?

Key session takeaways include:

• How did training occur, and how effective was it?
• How did phishing attacks take place and how were they prevented?
• How was sensitive and patient data protected during remote access?

Mary Jane Dykeman
Partner and Co-Founder
INQ Law

02:10 PM

Break

02:20 PM

Session 6

Best Practices and Lessons Learned in Building a Robust Cyber Defence
Program

Hospitals today are much more technologically intense than at any time in the past. Although this has made patient care much more efficient, and effective, it has also opened up hospitals to cyber-attacks.

As one of the most digitally sophisticated health care organizations in Canada, Humber River Hospital has devoted a great deal of time and resources to protecting its patients, data, and digital infrastructure from bad actors.

Session learning objectives include:

• Leadership lessons on building a state-of-the-art cyber security program
• How to develop testing and training programs that effectively counter cyber attacks
• Why the human element continues to be the best defence to attacks
• How any organization can improve their own cyber-defence program
• On the ground examples of how attacks have been avoided and defended

Peter Bak
Chief Information Officer
Humber River Hospital

03:10 PM

Session 7

Supporting the Health Care and Public Health Sector with Cyber Intelligence
and Risk Management

The U.S. Department of Health and Human Services Cybersecurity program is a global service to advise and mitigate threats. Join in on the conversation to hear from the U.S. Department of Health and Human Services Office of Information Security as they discuss
how to benefit from their two public facing programs: The Health Sector Cybersecurity Coordination Center (HC3) and HHS 405(d) Aligning Industry Security Approaches Program.

Key Takeaways and Learning Objectives Include:

• How these two programs provide the sector with timely threat intelligence
• How HHS office of information Security partners with industry to develop mitigating practices to fight the most pertinent threats to the sector
• How you can utilize these programs in your organization to continue to keep your patients safe from cyber threats!

Nick Rodriguez
HHS 405(d) – Aligning Health Care Industry Security Approaches Program Manager
U.S. Department of Health and Human Services

Rahul Gaitonde
Acting Branch Chief, Health Sector Cybersecurity Coordination Center (HC3)
U.S. Department of Health and Human Services

03:10 PM

Closing Remarks

Kopiha Nathan
Privacy and Compliance Officer
HIROC