Day 1
Tuesday, June 13, 2023
All times below are Eastern Time
08:30AM – 09:15AM
In Person
Registration & Networking Continental Breakfast

08:45AM – 09:15AM
Online
Log In – Online Attendees

09:15 AM
09:15AM – 09:30AM
Opening
Opening Remarks from the Chairs
09:30 AM
09:30AM – 10:15AM
Session 1
Case Study: The Hospital for Sick Children – Lessons Learned in Responding to a Cyber and Ransomware Attack
Expand/collapse session description...
Healthcare organisations are seeing more cyber attacks, many of which also include ransomware attacks.
The Hospital for Sick Children (SickKids) recently dealt with a major cybersecurity incident (Code Grey) that began at 9:30 p.m. on Sunday, December 18.
It was a serious and difficult situation, particularly under the threat of ransomware, with staff working quickly to bring all impacted systems back online as quickly as possible by implementing back up procedures for systems.
Key Session Takeaways Include:
- How did SickKids prepare for cyber attacks ahead of time, to mitigate the protection impacts on care and patient data
- How did continuity of care continue as systems went offline
- What unique aspects of a ransomware attack needed to be addressed
- What responses were taken, when were they taken, and is there anything they would do differently?
10:15 AM
Planning for “Code Grey”: Securing Canada’s Healthcare Sector
Moderated by: Keith Jonah, Cyber Services Leader, ISA Cybersecurity
Expand/collapse session description...
Unprecedented levels of sophisticated cyber attacks are being launched daily against the healthcare sector. Sophisticated crime gangs and state-sponsored disrupters have healthcare facilities in the crosshairs, creating chaos with phishing campaigns and ransomware attacks.
Join this must-see session with thought leaders and decision-makers in the healthcare sector to learn about the cyber threats plaguing our healthcare system.
Key Session Takeaways Include:
- Gain an understanding of why protecting healthcare presents unique challenges
- Understand which threats are most concerning
- Gather practical advice on how you can help protect the healthcare industry from cyber threats, even in today’s challenging environment
11:00 AM
11:00AM – 11:30AM
Break
Morning Break

11:30 AM
11:30AM – 12:15PM
Session 3
Staffing Challenges: Recruiting, Retaining, and Mentoring Staff in Today’s Complex Job Market
Expand/collapse session description...
Although most public and media attention has been directed toward the crisis of finding nurses and doctors, it is equally challenging to meeting staffing requirements in Cybersecurity. Healthcare organizations are in a particularly challenging situation in that they are competing against each other, but also the private market.
With emerging literature and data we are finding the role of CSIO becoming increasingly stressful. From being on call 24/7 to the high stakes decision making taking place many times a day, it takes a specific type of person to excel in this role.
Key Session Takeaways Include:
- What is the current landscape for cyber employment, and tech in general
- What impact does public sentiment play when attitudes for the healthcare system is negative
- How can organizations create excitement for the role, appeal to values and purpose, and provide tangible mentorship and career advancement opportunities
- How should we focus on the individual during incidences, particularly concerning health and welfare during a period of stress with a heavy workload
- What is the data showing us? What has been staff feedback?
12:30 PM
12:30PM – 01:15PM
Break
Networking Lunch

01:15 PM
Exploring a Zero Trust Architecture in the Healthcare Industry: How to Get Started and Pitfalls to Avoid
Expand/collapse session description...
Digital transformation is in full swing for rural and northern health teams, but the security those systems require must also be factored in. There has also been an explosion of hyper-connected IT, IoT (Internet of Things) and IoMT (Internet of Medical Things) devices and, with it, a greatly expanded cyber-attack surface.
With constant transformation and the explosion of interconnected devices, how do you even begin to plan for a zero-trust architecture beyond the managed users and workstations?
Key Session Takeaways Include:
- What is Zero Trust and how do you get there
- Some of the common pitfalls to avoid
- Why Zero Trust doesn’t stop at managed users and workstations – IoMT devices must be included in the architecture planning up-front
02:00 PM
02:00PM – 02:45PM
Session 5
Ontario Health – Minimize Threats, Maximize Recovery: Scaling Cyber Security Capabilities Across the Healthcare Sector
Expand/collapse session description...
The healthcare sector remains a prime target for cybercriminals. To strengthen the healthcare sector’s cyber resilience and security posture, Ontario Health established a Provincial Cyber Security Model that allows the sector to enhance the protection of patient information and help mitigate operational service disruptions while safeguarding the province’s digital health assets.
During this session, Ontario Health will further elaborate on the evolution of the model, including its incident response notification guidance and how the next phase will better strengthen the cyber capabilities of health service providers and contribute to a more resilient digital health system in Ontario.
Key Session Takeaways
- Critical shifts to Ontario Health’s Provincial Cyber Security Model
- Importance of information sharing at scale across the healthcare sector
- Operational next steps for the acute sector
02:45 PM
02:45PM – 03:15PM
Break
Afternoon Break

03:15 PM
03:15PM – 04:00PM
Session 6
Leadership in Cybersecurity Panel: Where are Leaders Focusing Their Attention and What Threats are They Anticipating in the Future
Moderated by: Kashif Parvaiz, Chief Information Security Officer, University Health Network
Expand/collapse session description...
Cybersecurity threats appear quickly and are becoming more innovative and hostile. This presents an ever present threat to hospital operations and patient safety.
Join in the discussion as our panel of cybersecurity leaders discuss some of their thoughts on where we are and were we need to be in the world of cybersecurity defence.
Key Session Takeaways Include:
- What’s next in terms of cyber threats to hospital operations
- What are they currently working on
- How should hospitals prepare and respond, whether big or large
- What do they want to be focusing on
- Educating and preparing the board
- What are the KPIs from the board perspective – building standardization
04:00 PM
04:00PM – 04:10PM
Closing
Closing Remarks from the Chairs
04:15 PM
04:15PM – 05:00PM
In Person
Networking Reception
Day 2
Wednesday, June 14, 2023
All times below are Eastern Time
08:15AM – 09:15AM
In Person
Registration & Networking Continental Breakfast

08:45AM – 09:15AM
Online
Log In – Online Attendees

09:15 AM
09:15AM – 09:30AM
Opening
Opening Remarks from the Chairs
09:30 AM
09:30AM – 10:15AM
Session 7
New Data Governance and Cyber Resiliency Standards for Healthcare
Expand/collapse session description...
Healthcare organizations are targets of cyber attacks including, social engineering attacks, ransomware attacks, and data exfiltration. Establishing standardized baseline cybersecurity controls at each healthcare organization is becoming more vital to the protection of patient data, and care.
With this in mind, with the support of Public Safety Canada and HealthCare CAN, the Digital Governance Standards Institute is developing a standard to support cyber resilience in the healthcare system. What will the standard look like, and what do you need to know going forward?
Key Session Takeaways Include:
- What should be the minimum requirements for cyber security in healthcare organizations
- How can we establish standards across different provinces, and organizational sizes
- What should best practices look like
- What are the next steps and how can you provide input
10:15 AM
Reducing Cyber Risk in Healthcare
Expand/collapse session description...
Healthcare remains one of the biggest targets for cyberattacks globally. Healthcare data is comprehensive and provides all of the materials cyber criminals need for their nefarious purposes. Moreover, the use of IoT/OT devices and shared workstations mean that healthcare IT is susceptible to threats, including ransomware and data breaches.
New data extracted from the HHS/OCR data breach portal shows us that in 2022 there were 546 major data breaches due to Hacking/IT, which reflects a 4 percent increase over the 521 major data breaches due to Hacking/IT in 2021. These data breaches in 2022 included the sensitive and private healthcare records of over 43 million people.
Join this session to learn how to:
- Detect threats in healthcare networks early in the kill chain
- Protect standard and non-standard devices such as OT/IoT anywhere
- Improve SecOps efficiency with unparalleled visibility and automation
11:00 AM
11:00AM – 11:30AM
Break
Morning Break

11:30 AM
11:30AM – 12:15PM
Session 9
Canadian Cyber Threat Exchange (CCTX) – The Year in Review: An Inside Look at the Incidents, Notable Hackers, System Vulnerabilities, and Outcomes Over the Past Year
Expand/collapse session description...
Every year there are Global cyber incidents in healthcare settings that seem improbable, and many others that seem clever. Despite our best efforts, hackers somehow manage to get through. What trends are we seeing, and what can we learn from these breaches?
Key Session Takeaways Include:
- What vulnerabilities are being exploited most, and how can we reverse this?
- Which codes are being deployed, and by whom? What emerging threats are we seeing?
- What incidents are being defeated, and how?
12:15 PM
12:15PM – 01:15PM
Break
Networking Lunch

01:15 PM
02:00 PM
02:00PM – 02:30PM
Break
Afternoon Break

02:30 PM
02:30PM – 03:15PM
Session 11A
Incident Response Protocols and Other Legal Concerns
Expand/collapse session description...
For anyone tasked with cybersecurity, it is not a question of if an attack or breach will occur, but when. This requires a deliberate, careful and process -driven plan to deflect and recover from an attack.
Key Session Takeaways Include:
- The practical realities of handling an incident response
- Your legal and practical obligations during an incident
- Important steps you need to take for a data breach, including ransomware
02:30PM – 03:15PM
Session 11B
CIO Roundtable
Moderated by: Brendan Kwolek, Chief Information & Digital Officer, Halton Healthcare
Expand/collapse session description...
The challenges unique to the CIO role necessitates some information sharing and lessons learned; yet, it is imperative to be vigilant against divulging your strengths, vulnerabilities and areas of focus.
In this closed-door CIOs only session, you will be free to gather with your peers to exchange ideas, strategies, findings, and other areas of concern in private.
03:15 PM
03:15PM – 04:00PM
Session 12
Where Do We Go From Here? And How Do We Get There? A Practical Plan For This Year & Beyond
Moderated By: Mohammad Waqas, Principal Solutions Architect, Global Healthcare, Armis
Expand/collapse session description...
Drawing upon the discussions we have heard over the last couple of days, this fireside chat will highlight the most salient solutions to the challenges we are all facing.
Through a unique question and answer session we will build out how we as a collective can best proceed to protect our systems, be more resilient to cyber incidents – and ultimately ensure patient care services are maintained.