Agenda

________________

 

Get UpdatesRegister

Day 1

Tuesday, June 13, 2023

All times below are Eastern Time
}

08:30AM – 09:15AM

In Person

Registration & Networking Continental Breakfast

}

08:45AM – 09:15AM

Online

Log In – Online Attendees

09:15 AM

}

09:15AM – 09:30AM

v

Opening

Opening Remarks from the Chairs

Brendan Kwolek
Chief Information & Digital Officer, Halton Healthcare

Kashif Parvaiz
Chief Information Security Officer, University Health Network

09:30 AM

}

09:30AM – 10:15AM

Session 1

Case Study: The Hospital for Sick Children – Lessons Learned in Responding to a Cyber and Ransomware Attack

Expand/collapse session description...

Healthcare organisations are seeing more cyber attacks, many of which also include ransomware attacks.

The Hospital for Sick Children (SickKids) recently dealt with a major cybersecurity incident (Code Grey) that began at 9:30 p.m. on Sunday, December 18.

It was a serious and difficult situation, particularly under the threat of ransomware, with staff working quickly to bring all impacted systems back online as quickly as possible by implementing back up procedures for systems.

Key Session Takeaways Include:

  • How did SickKids prepare for cyber attacks ahead of time, to mitigate the protection impacts on care and patient data
  • How did continuity of care continue as systems went offline
  • What unique aspects of a ransomware attack needed to be addressed
  • What responses were taken, when were they taken, and is there anything they would do differently?

Nimira Dhalwani
Chief Technology Officer, The Hospital for Sick Children

10:15 AM

}

10:15AM – 11:00AM

Session 2

Planning for “Code Grey”: Securing Canada’s Healthcare Sector

Moderated by: Nitin Bedi, Offering Leader, GRC and Assurance, ISA Cybersecurity

Expand/collapse session description...

Unprecedented levels of sophisticated cyber attacks are being launched daily against the healthcare sector. Sophisticated crime gangs and state-sponsored disrupters have healthcare facilities in the crosshairs, creating chaos with phishing campaigns and ransomware attacks.

Join this must-see session with thought leaders and decision-makers in the healthcare sector to learn about the cyber threats plaguing our healthcare system.

Key Session Takeaways Include:

  • Gain an understanding of why protecting healthcare presents unique challenges
  • Understand which threats are most concerning
  • Gather practical advice on how you can help protect the healthcare industry from cyber threats, even in today’s challenging environment

Jeff Curtis
Chief Privacy Officer, Sunnybrook Health Sciences Centre 

Kajeevan Rajanayagam
Cyber Security Manager, University Health Network (UHN)

Adam Kohler
Director, Systems Engineering, Forescout

11:00 AM

}

11:00AM – 11:30AM

Break

Morning Break

11:30 AM

}

11:30AM – 12:15PM

Session 3

Staffing Challenges: Recruiting, Retaining, and Mentoring Staff in Today’s Complex Job Market

Expand/collapse session description...

Although most public and media attention has been directed toward the crisis of finding nurses and doctors, it is equally challenging to meeting staffing requirements in Cybersecurity. Healthcare organizations are in a particularly challenging situation in that they are competing against each other, but also the private market.

With emerging literature and data we are finding the role of CSIO becoming increasingly stressful. From being on call 24/7 to the high stakes decision making taking place many times a day, it takes a specific type of person to excel in this role.

Key Session Takeaways Include:

  • What is the current landscape for cyber employment, and tech in general
  • What impact does public sentiment play when attitudes for the healthcare system is negative
  • How can organizations create excitement for the role, appeal to values and purpose, and provide tangible mentorship and career advancement opportunities
  • How should we focus on the individual during incidences, particularly concerning health and welfare during a period of stress with a heavy workload
  • What is the data showing us? What has been staff feedback?

Brendan Kwolek
Chief Information & Digital Officer, Halton Healthcare

12:15 PM

}

12:15PM – 01:15PM

Break

Networking Lunch

01:15 PM

}

01:15PM – 02:00PM

Session 4

An Architect’s View: Securely Delivering Care and Enabling Work From Anywhere

Expand/collapse session description...

The healthcare delivery environment has become increasingly complex, and dynamic, due to the strategic efforts to drive a more distributed care delivery model to expand patient’s access to care. Lee Gardner is here to share how your Health IT and Cybersecurity teams can reduce complexity, eliminate inefficiencies, and enable a consistent, secure, and reliable digital experience so your clinical and non-clinical workforce can access the necessary applications, services, and data, to provide patient-centric care, from anywhere in the world.

Join this session to learn more about:

  • What your Network and Security Architects are challenged with in an ever-evolving threat landscape.
  • How healthcare leaders are ensuring continuity of care, reducing total cost of ownership, streamlining operations, and achieving cyber transformation.
  • What challenges arise out of a point solution approach for IT and Security professionals.

Lee Gardner
Healthcare Industry Architect, Palo Alto Networks

02:00 PM

}

02:00PM – 02:45PM

Session 5

Ontario Health – Minimize Threats, Maximize Recovery: Scaling Cyber Security Capabilities Across the Healthcare Sector

Expand/collapse session description...

The healthcare sector remains a prime target for cybercriminals. To strengthen the healthcare sector’s cyber resilience and security posture, Ontario Health established a Provincial Cyber Security Model that allows the sector to enhance the protection of patient information and help mitigate operational service disruptions while safeguarding the province’s digital health assets.

During this session, Ontario Health will further elaborate on the evolution of the model, including its incident response notification guidance and how the next phase will better strengthen the cyber capabilities of health service providers and contribute to a more resilient digital health system in Ontario.

Key Session Takeaways

  • Critical shifts to Ontario Health’s Provincial Cyber Security Model
  • Importance of information sharing at scale across the healthcare sector
  • Operational next steps for the acute sector

Lyndon Dubeau
VP, Innovations, Connected Health, Ontario Health

02:45 PM

}

02:45PM – 03:15PM

Break

Afternoon Break

03:15 PM

}

03:15PM – 04:00PM

Session 6

Leadership in Cybersecurity Panel: Where are Leaders Focusing Their Attention and What Threats are They Anticipating in the Future

Moderated by: Kashif Parvaiz, Chief Information Security Officer, University Health Network

Expand/collapse session description...

Cybersecurity threats appear quickly and are becoming more innovative and hostile. This presents an ever present threat to hospital operations and patient safety.

Join in the discussion as our panel of cybersecurity leaders discuss some of their thoughts on where we are and were we need to be in the world of cybersecurity defence.

Key Session Takeaways Include:

  • What’s next in terms of cyber threats to hospital operations
  • What are they currently working on
  • How should hospitals prepare and respond, whether big or large
  • What do they want to be focusing on
  • Educating and preparing the board
  • What are the KPIs from the board perspective – building standardization

Dennis Young
Director IT, CISO, North York General Hospital

Mark Watmough
Director of Digital Operations, VHA Home HealthCare

Sam Fielding
Chief Information Officer, Southlake Regional Health Centre

Penny Longman
Director, Information Security & Data Stewardship, Fraser Health

04:00 PM

}

04:00PM – 04:10PM

v

Closing

Closing Remarks from the Chairs

Brendan Kwolek
Chief Information & Digital Officer, Halton Healthcare

Kashif Parvaiz
Chief Information Security Officer, University Health Network

04:15 PM

}

04:15PM – 05:00PM

In Person

Networking Reception

Day 2

Wednesday, June 14, 2023

All times below are Eastern Time
}

08:15AM – 09:15AM

In Person

Registration & Networking Continental Breakfast

}

08:45AM – 09:15AM

Online

Log In – Online Attendees

09:15 AM

}

09:15AM – 09:30AM

v

Opening

Opening Remarks from the Chairs

Brendan Kwolek
Chief Information & Digital Officer, Halton Healthcare

Kashif Parvaiz
Chief Information Security Officer, University Health Network

09:30 AM

}

09:30AM – 10:15AM

Session 7

New Data Governance and Cyber Resiliency Standards for Healthcare

Expand/collapse session description...

Healthcare organizations are targets of cyber attacks including, social engineering attacks, ransomware attacks, and data exfiltration. Establishing standardized baseline cybersecurity controls at each healthcare organization is becoming more vital to the protection of patient data, and care.

With this in mind, with the support of Public Safety Canada and HealthCare CAN, the Digital Governance Standards Institute is developing a standard to support cyber resilience in the healthcare system. What will the standard look like, and what do you need to know going forward?

Key Session Takeaways Include:

  • What should be the minimum requirements for cyber security in healthcare organizations
  • How can we establish standards across different provinces, and organizational sizes
  • What should best practices look like
  • What are the next steps and how can you provide input

Darryl Kingston
Executive Director, Digital Governance Standards Institute, Digital Governance Council

Jonathan Mitchell
Vice-President, Research and Policy, HealthCareCAN

10:15 AM

}

10:15AM – 11:00AM

Session 8

Reducing Cyber Risk in Healthcare

Expand/collapse session description...

Healthcare remains one of the biggest targets for cyberattacks globally. Healthcare data is comprehensive and provides all of the materials cyber criminals need for their nefarious purposes. Moreover, the use of IoT/OT devices and shared workstations mean that healthcare IT is susceptible to threats, including ransomware and data breaches.

New data extracted from the HHS/OCR data breach portal shows us that in 2022 there were 546 major data breaches due to Hacking/IT, which reflects a 4 percent increase over the 521 major data breaches due to Hacking/IT in 2021. These data breaches in 2022 included the sensitive and private healthcare records of over 43 million people.

Join this session to learn how to:

  • Detect threats in healthcare networks early in the kill chain
  • Protect standard and non-standard devices such as OT/IoT anywhere
  • Improve SecOps efficiency with unparalleled visibility and automation

Anthony James
Vice President, Product Marketing, Infloblox

11:00 AM

}

11:00AM – 11:30AM

Break

Morning Break

11:30 AM

}

11:30AM – 12:15PM

Session 9

Canadian Cyber Threat Exchange (CCTX) – The Year in Review: An Inside Look at the Incidents, Notable Hackers, System Vulnerabilities, and Outcomes Over the Past Year

Expand/collapse session description...

Every year there are Global cyber incidents in healthcare settings that seem improbable, and many others that seem clever. Despite our best efforts, hackers somehow manage to get through. What trends are we seeing, and what can we learn from these breaches?

Key Session Takeaways Include:

  • What vulnerabilities are being exploited most, and how can we reverse this?
  • Which codes are being deployed, and by whom? What emerging threats are we seeing?
  • What incidents are being defeated, and how?

Jennifer J. Quaid
Executive Director, Canadian Cyber Threat Exchange (CCTX)

12:15 PM

}

12:15PM – 01:15PM

Break

Networking Lunch

01:15 PM

}

01:15PM – 02:00PM

Session 10

Managing Cyber & Operational Risks: What Are the Bare Minimum Controls and What Would Be Considered an Acceptable Standard in the Current Risk Climate for Cyber Protection?

Moderated by: Raheel Qureshi, Partner, Cyber Consulting, Calian

Expand/collapse session description...

Securing information and infrastructure environments is difficult for any industry but particularly difficult for healthcare. Our panelist will address what is vital to remaining productive and resilient in an environment that is continuously under attack.

 

  • Understand the landscape of healthcare’s attack ecosystem and highlight some of the common pitfalls
  • What controls do hospitals need to think about in order to ensure a secure digital health care information system

Kashif Parvaiz
Chief Information Security Officer, University Health Network

Ryan Hartman
Information Security Officer, Kingston Health Sciences Centre

Pravine Balkaran
CISO, Head of Cyber Security, Calian

Joshua Linkenhoker
Enterprise Security Advisor, Proofpoint

02:00 PM

}

02:00PM – 02:30PM

Break

Afternoon Break

02:30 PM

}

02:30PM – 03:15PM

Session 11A

Where Cyber & Clinical Risk Intersect – The Missing Dimensions of an Effective Healthcare Vulnerability Management Program

Moderated by: Kashif Parvaiz, Chief Information Security Officer, University Health Network

Expand/collapse session description...

Healthcare cybersecurity teams continue to struggle with both cyberattacks and keeping up with the velocity of vulnerabilities as they continue to rise in the number the frequency at which they’re disclosed.  While cybersecurity teams continue to leverage traditional vulnerability management approaches, there are additional aspects that can be incorporated into the assessment process to further aid in prioritization as well as greater upfront risk reduction. 

With the threat landscape continuing to evolve and with no signs of slowdown in resulting attacks, adoption of new techniques is paramount for risk reduction. This session will discuss additional lens with which healthcare security teams can leverage to prioritize vulnerabilities across the entirety of their environment. 

Key Session Takeaways:

  • Understand why traditional vulnerability management approaches are limited in effectiveness particularly in healthcare organizations
  • How do cybersecurity teams adapt to the changing vulnerability landscape?
  • What additional dimensions to vulnerability assessment can be leveraged to help focus their remediation efforts for the greatest attack surface reduction?
  • Practical next steps to start the evolution of your vulnerability management program

Mohammad Waqas
Principal Solutions Architect, Global Healthcare, Armis

}

02:30PM – 03:15PM

Session 11B

CIO Roundtable

Moderated by: Brendan Kwolek, Chief Information & Digital Officer, Halton Healthcare

Expand/collapse session description...

The challenges unique to the CIO role necessitates some information sharing and lessons learned; yet, it is imperative to be vigilant against divulging your strengths, vulnerabilities and areas of focus.

In this closed-door CIOs only session, you will be free to gather with your peers to exchange ideas, strategies, findings, and other areas of concern in private.

03:20 PM

}

03:20PM – 04:05PM

Session 12

Where Do We Go From Here? And How Do We Get There? A Practical Plan For This Year & Beyond

Moderated By: Mohammad Waqas, Principal Solutions Architect, Global Healthcare, Armis

Expand/collapse session description...

Drawing upon the discussions we have heard over the last couple of days, this fireside chat will highlight the most salient solutions to the challenges we are all facing.

Through a unique question and answer session we will build out how we as a collective can best proceed to protect our systems, be more resilient to cyber incidents – and ultimately ensure patient care services are maintained.

Kashif Parvaiz
Chief Information Security Officer, University Health Network

04:05 PM

}

04:05PM – 04:10PM

v

Closing

Closing Remarks from the Chairs

Brendan Kwolek
Chief Information & Digital Officer, Halton Healthcare

Kashif Parvaiz
Chief Information Security Officer, University Health Network

Join Our Mailing List

Receive news on relevant upcoming conferences and Early Bird deals.

hbspt.forms.create({ region: "na1", portalId: "4856279", formId: "5067510e-0af2-46e6-8bd5-c03e933acb44" });