2022 Agenda



Become A SpeakerRegister

Day 1

Wednesday, November 16, 2022

08:30 AM

Registration & Networking Continental Breakfast

09:15 AM

Opening Comments from the Co-Chairs

Brendan Kwolek
Chief Information Officer, Halton Healthcare

Kopiha Nathan
Privacy and Compliance Officer, HIROC

09:30 AM

Session 1

Case Study: Humber River Hospital
Implementing an Evidence-Based Strategy to Enhance Cyber Resilience

Last year Humber River Hospital embarked on an organizational wide strategy to bolster its cyber defences. Now, one year later, there is much to report, backed up with real world data, and some innovative strategies as well.

Cyber-attacks continue to be a source of concern among healthcare organizations, and best practices must be implemented industry-wide. Gain a valuable update on the work Humber River Hospital is doing, and their current successes.

Key Session Takeaways Include:

  • Bold strategies to mitigate the human element in cyber resilience, including the elimination of outside email
  • What does the data show after outside emails were greatly curtailed, and how there was no negative impact to front -line workers
  • Creative solutions to business continuance, such as cold passive business infrastructure
  • How and why cold passive systems work, and how to best deploy them effectively


Peter Bak
Chief Information Officer, Humber River Hospital

10:15 AM

Session 2

Collaborative Strategies in Cybersecurity: Why A Collective Approach Affords Us The Best Defence

All healthcare organisations are experiencing cyber attacks in one form or another. Some are more severe ransomware attacks, while some are more traditional phishing attacks.

The current model is to remain insulated and divulge as little as possible in order to contain the fallout. But this limits the ability of the community to improve their cyber defences.

There is a better option if we can work out the logistics.

Key Session Takeaways Include:

  • Move toward information sharing models that benefit the entire community
  • What a collaborative model in cybersecurity would look like
  • How to navigate and hurdle the current barriers to a collaborative model

Kashif Parvaiz
Chief Information Security Officer, University Health Network

11:00 AM

Morning Break & Sponsor Booths

11:30 AM

Session 3

Exploring a Zero Trust Architecture in the Healthcare Industry: How to Get Started and Pitfalls to Avoid

Digital transformation in the Healthcare industry is causing an explosion of hyper-connected IT, IoT (Internet of Things) and IoMT (Internet of Medical Things) devices and, with it, a greatly expanded cyber-attack surface. With constant transformation and the explosion of interconnected devices, how do you even begin to plan for a zero-trust architecture beyond the managed users and workstations?

Key Takeaways and Learning Objectives Include:

  • How NIST (National Institute of Standards and Technology) defines Zero Trust and their 7 steps to get there
  • Some of the common pitfalls to avoid
  • Why Zero Trust doesn’t stop at managed users and workstations – IoMT devices must be included in the architecture planning up-front

Tamer Baker
VP, Global Healthcare, Forescout Technologies

12:15 PM

Lunch & Sponsored Networking

01:15 PM

Session 4

Medium-sized Hospital Case Study: Headwaters Health Care Centre –
Lessons Learned From an Incident Response Following a Cyber Attack

Medium-sized hospitals closer to home are an important fabric of the Canadian healthcare landscape. Given the large cost entailed in cyber security, and the volume of IT support required, it becomes a huge challenge for most small to medium-sized hospitals to achieve robust cyber defences. But there are success stories. Headwaters has come back stronger from a cyber attack, with the help of their support team, partnerships, and an all-hands-on deck approach.

Key Takeaways and Learning Objectives Include:

  • What led to the discovery and how the IT team responded
  • How partners were integrated into the response
  • What were the critical factors that allowed them to come back online so quickly


Cathy van Leipsig
Vice President, Corporate Services and Chief Financial Officer, Headwaters Health Care Centre

Dave Brewin
Regional Chief Information Officer, Royal Victoria Regional Health Centre

02:00 PM

Afternoon Break & Sponsor Booths

02:15 PM

Session 5

Internet of Medical Things: Cyber Risks and Best Practices for Securing Vulnerable IoMT

Hospitals must manage a great deal of connected devices, from support devices such as building automation, and facility security devices, to diagnostic machines and patient monitoring devices. The hospital of today is much different from even just 5 years ago. And so too are the risks.

In the wake of numerous attacks on vulnerable IoMT devices, there has been a push to understand the risks posed by smart devices. While IoT devices have revolutionized the way the world operates, including how healthcare delivers and manages care, they are often seen as easy conduits for cyber-attacks.

Key Takeaways and Learning Objectives Include:

  • Gain insight into how cyber risk and attacks on hospitals have evolved over time and how IoMT devices have played a role in these attacks
  • Learn from real-life examples of how attacks, breaches, and vulnerabilities target these devices
  • Acquire best practices security and risk management teams should deploy mitigate the true risk of their environments.


Mohammad Waqas
Principal Solutions Architect, Global Healthcare,

03:00 PM

Session 6

Building Greater Organizational Resilience Through Governance, Strategic Priorities, and Business Continuity Planning in Healthcare

COVID has dramatically shifted the technological landscape of healthcare.  From virtual visits to remote patient monitoring, healthcare has clearly demonstrated that this is a digitally focused enterprise. As such, the healthcare business model relies heavily on a robust IT and cyber security posture.

 Technical and security staff play a vital role in preventing and managing cyber attacks. However, cyber security is everyone’s responsibility. To build resilience, healthcare organizations must make IT infrastructure and cyber security an organizational priority. CIOs, IT departments, and clinical executives must support the investment in technical safeguards that create redundancy, and the ability to detect, respond, and react to cyber incidents.

In parallel, IT and clinical partnerships, as well as an effective governance model, are required to ensure the successful adoption of cyber security best practices and creating sustainable business continuity models.

 Key takeaways include:

  • “All-for-one and one-for-all” - Cyber security is everyone’s responsibility
  • Challenges and opportunities in making IT infrastructure and cyber security an organizational priority
  • Role of governance in prioritization and rapid decision-making to support business continuity during cyber incidents


Nimira Dhalwani
Chief Technology Officer, The Hospital for Sick Children

03:45 PM

Closing Remarks From the Co-Chairs

Brendan Kwolek
Chief Information Officer, Halton Healthcare

Kopiha Nathan
Privacy and Compliance Officer

04:00 PM

Networking Reception

Day 2

Thursday, November 17, 2022

08:30 AM

Welcome & Networking Continental Breakfast

09:00 AM

Opening Comments from the Co-Chairs

Brendan Kwolek
Chief Information Officer, Halton Healthcare

Kopiha Nathan
Privacy and Compliance Officer, HIROC

09:15 AM

Session 7

Cyber Security in Healthcare at Provincial Scale

Addressing Cyber Security in Ontario is a team sport! Learn about the Ontario Health Provincial Cyber Security Model and how the Ontario healthcare sector is working together to address the shared challenges and risks of cyber security. This session will explore early successes, pragmatic advice for those looking to improve their cyber security, and challenges to come as the model is refreshed and the program enters its next phase of delivery.

Key Session Takeaways Include:

  • Understanding of the benefits of the Ontario Health Provincial Cyber Security Model 
  • Lessons learned, from early successes and challenges  
  • Pragmatic next steps for your Cyber Security program

Lyndon Dubeau
VP, Innovations, Connected Health, Ontario Health

10:00 AM

Session 8A

Incident Response Protocols and Other Legal Concerns

For anyone tasked with cybersecurity, it is not a question of if an attack or breach will occur, but when. This requires a deliberate, careful and process -driven plan to deflect and recover from an attack.

Key Session Takeaways Include:

  • What are the practical realities of handling an incident response
  • What are your legal and practical obligations during an incident
  • What are the steps you need to take for a data breach, including ransomware

Mary Jane Dykeman
Partner, INQ Law


Session 8B

CIO Closed Door Networking Round Table

The challenges unique to the CIO role necessitates some information sharing and lessons learned; yet, it is imperative to be vigilant against divulging your strengths, vulnerabilities and areas of focus.

In this closed-door CIOs only session, you will be free to gather with your peers to exchange ideas, strategies, findings, and other areas of concern in private.

11:00 AM

Morning Break & Sponsor Booths

11:00 AM

Session 9

Cybersecurity Insurance: Canadian and Global Trends In Cyber Risk and Their Impact on Canadian Hospitals

Recent trends in cybersecurity insurance indicate a pivot toward pay-outs, with firms such as Lloyd’s of London adding restrictions, especially to nation-state cyberattacks. AXA has stopped paying ransom to cyber attackers. Adding to this, premiums are rising due to the increased cyber incidences.

With new limits emerging on what healthcare organizations can expect, what can policy owners do to ensure they are covered for all risks?

Key Session Takeaways Include:

  • The trends taking hold globally, and in both private and public healthcare settings
  • What insurers are doing to protect policy owners and policy design
  • Critical strategies policy owners should be doing – and including – in their cyber policies
  • Current trends in ransomware pay-outs

Gareth Lewis
VP, Claims, HIROC

Jonathan Bracamonte
Lead, Product Development, HIROC

11:45 AM

Session 10

Fireside chat: Deploying a Regional Identity Governance Platform – Lessons Learned from New York City Health & Hospitals

As we move towards a provincial cybersecurity model, integrated identity security solutions that span both applications and data governance will be essential to protect our newly formed health networks. The health sector is held to a higher standard when it comes to regulatory compliance and making sure access to sensitive applications and data is limited to only those who truly need it and only when they need it. The ability to safely control access to critical systems, onboard new employees and contract clinical staff, pass compliance audits, facilitate M&A and cloud migration initiatives, are all functions of Identity Security. Join us for a discussion with Andrew Greenspan as he shares how New York City Health & Hospitals implemented an integrated identity solution for the largest municipal healthcare delivery system in the United States.

Key Takeaways and Learning Objectives Include:

  • Why Identity management has moved beyond human capacity
  • How an identity framework facilitated NYCHH’s rapid pandemic response
  • How Identity Governance aligns with NIST and other cybersecurity frameworks
  • Understanding the challenges of regional governance
  • Where to start with an identity governance program

Andrew Greenspan
Senior Director, EITS Infrastructure, Technical Risk Management, New York City Health & Hospitals

Matthew Radcliffe
AVP of Healthcare (US and Canada), SailPoint

12:30 PM

Closing Remarks From the Co-Chairs and Adjournment

Brendan Kwolek
Chief Information Officer, Halton Healthcare

Kopiha Nathan
Privacy and Compliance Officer

Ongoing Call for

This is your opportunity to share your knowledge and experience with other health care professionals.

Please email us at info@sparkconferences.com to receive more information.

We look forward to receiving your submissions!

Secure Your Spot Today

Save big on individual or group rates with Early Registration rates. Space is limited on certain sessions or activities and participation is available on a first-come-first-served basis.