Agenda

Healthcare organisations are seeing more cyber attacks, many of which also include ransomware attacks.

The Hospital for Sick Children (SickKids) recently dealt with a major cybersecurity incident (Code Grey) that began at 9:30 p.m. on Sunday, December 18.

It was a serious and difficult situation, particularly under the threat of ransomware, with staff working quickly to bring all impacted systems back online as quickly as possible by implementing back up procedures for systems.

Key Session Takeaways Include:

• How did SickKids prepare for cyber attacks ahead of time, to mitigate the protection impacts on care and patient data
• How did continuity of care continue as systems went offline
• What unique aspects of a ransomware attack needed to be addressed
• What responses were taken, when were they taken, and is there anything they would do differently?

Unprecedented levels of sophisticated cyber attacks are being launched daily against the healthcare sector. Sophisticated crime gangs and state-sponsored disrupters have healthcare facilities in the crosshairs, creating chaos with phishing campaigns and ransomware attacks.

Join this must-see session with thought leaders and decision-makers in the healthcare sector to learn about the cyber threats plaguing our healthcare system.

Key Session Takeaways Include:

• Gain an understanding of why protecting healthcare presents unique challenges
• Understand which threats are most concerning
• Gather practical advice on how you can help protect the healthcare industry from cyber threats, even in today’s challenging environment

Although most public and media attention has been directed toward the crisis of finding nurses and doctors, it is equally challenging to meeting staffing requirements in Cybersecurity. Healthcare organizations are in a particularly challenging situation in that they are competing against each other, but also the private market.

With emerging literature and data we are finding the role of CSIO becoming increasingly stressful. From being on call 24/7 to the high stakes decision making taking place many times a day, it takes a specific type of person to excel in this role.

Key Session Takeaways Include:

• What is the current landscape for cyber employment, and tech in general
• What impact does public sentiment play when attitudes for the healthcare system is negative
• How can organizations create excitement for the role, appeal to values and purpose, and provide tangible mentorship and career advancement opportunities
• How should we focus on the individual during incidences, particularly concerning health and welfare during a period of stress with a heavy workload
• What is the data showing us? What has been staff feedback?

Digital transformation is in full swing for rural and northern health teams, but the security those systems require must also be factored in. There has also been an explosion of hyper-connected IT, IoT (Internet of Things) and IoMT (Internet of Medical Things) devices and, with it, a greatly expanded cyber-attack surface.

With constant transformation and the explosion of interconnected devices, how do you even begin to plan for a zero-trust architecture beyond the managed users and workstations?

Key Session Takeaways Include:

• What is Zero Trust and how do you get there
• Some of the common pitfalls to avoid
• Why Zero Trust doesn’t stop at managed users and workstations – IoMT devices must be included in the architecture planning up-front

The healthcare sector remains a prime target for cybercriminals. To strengthen the healthcare sector’s cyber resilience and security posture, Ontario Health established a Provincial Cyber Security Model that allows the sector to enhance the protection of patient information and help mitigate operational service disruptions while safeguarding the province’s digital health assets.

During this session, Ontario Health will further elaborate on the evolution of the model, including its incident response notification guidance and how the next phase will better strengthen the cyber capabilities of health service providers and contribute to a more resilient digital health system in Ontario.

Key Session Takeaways

• Critical shifts to Ontario Health’s Provincial Cyber Security Model
• Importance of information sharing at scale across the healthcare sector
• Operational next steps for the acute sector

Cybersecurity threats appear quickly and are becoming more innovative and hostile. This presents an ever present threat to hospital operations and patient safety.

Join in the discussion as our panel of cybersecurity leaders discuss some of their thoughts on where we are and were we need to be in the world of cybersecurity defence.

Key Session Takeaways Include:

• What’s next in terms of cyber threats to hospital operations
• What are they currently working on
• How should hospitals prepare and respond, whether big or large
• What do they want to be focusing on
• Educating and preparing the board
• What are the KPIs from the board perspective – building standardization

Healthcare organizations are targets of cyber attacks including, social engineering attacks, ransomware attacks, and data exfiltration. Establishing standardized baseline cybersecurity controls at each healthcare organization is becoming more vital to the protection of patient data, and care.

With this in mind, with the support of Public Safety Canada and HealthCare CAN, the Digital Governance Standards Institute is developing a standard to support cyber resilience in the healthcare system. What will the standard look like, and what do you need to know going forward?

Key Session Takeaways Include:

• What should be the minimum requirements for cyber security in healthcare organizations
• How can we establish standards across different provinces, and organizational sizes
• What should best practices look like
• What are the next steps and how can you provide input

Healthcare remains one of the biggest targets for cyberattacks globally. Healthcare data is comprehensive and provides all of the materials cyber criminals need for their nefarious purposes. Moreover, the use of IoT/OT devices and shared workstations mean that healthcare IT is susceptible to threats, including ransomware and data breaches.

New data extracted from the HHS/OCR data breach portal shows us that in 2022 there were 546 major data breaches due to Hacking/IT, which reflects a 4 percent increase over the 521 major data breaches due to Hacking/IT in 2021. These data breaches in 2022 included the sensitive and private healthcare records of over 43 million people.

Join this session to learn how to:

• Detect threats in healthcare networks early in the kill chain
• Protect standard and non-standard devices such as OT/IoT anywhere
• Improve SecOps efficiency with unparalleled visibility and automation

Every year there are Global cyber incidents in healthcare settings that seem improbable, and many others that seem clever. Despite our best efforts, hackers somehow manage to get through. What trends are we seeing, and what can we learn from these breaches?

Key Session Takeaways Include:

• What vulnerabilities are being exploited most, and how can we reverse this?
• Which codes are being deployed, and by whom? What emerging threats are we seeing?
• What incidents are being defeated, and how?

Session description coming soon…

For anyone tasked with cybersecurity, it is not a question of if an attack or breach will occur, but when. This requires a deliberate, careful and process -driven plan to deflect and recover from an attack.

Key Session Takeaways Include:

• The practical realities of handling an incident response
• Your legal and practical obligations during an incident
• Important steps you need to take for a data breach, including ransomware

The challenges unique to the CIO role necessitates some information sharing and lessons learned; yet, it is imperative to be vigilant against divulging your strengths, vulnerabilities and areas of focus.

In this closed-door CIOs only session, you will be free to gather with your peers to exchange ideas, strategies, findings, and other areas of concern in private.

Drawing upon the discussions we have heard over the last couple of days, this fireside chat will highlight the most salient solutions to the challenges we are all facing.

Through a unique question and answer session we will build out how we as a collective can best proceed to protect our systems, be more resilient to cyber incidents – and ultimately ensure patient care services are maintained.