Agenda

Healthcare organisations are seeing more cyber attacks, many of which also include ransomware attacks.

The Hospital for Sick Children (SickKids) recently dealt with a major cybersecurity incident (Code Grey) that began at 9:30 p.m. on Sunday, December 18.

It was a serious and difficult situation, particularly under the threat of ransomware, with staff working quickly to bring all impacted systems back online as quickly as possible by implementing back up procedures for systems.

Key Session Takeaways Include:

• How did SickKids prepare for cyber attacks ahead of time, to mitigate the protection impacts on care and patient data
• How did continuity of care continue as systems went offline
• What unique aspects of a ransomware attack needed to be addressed
• What responses were taken, when were they taken, and is there anything they would do differently?

Unprecedented levels of sophisticated cyber attacks are being launched daily against the healthcare sector. Sophisticated crime gangs and state-sponsored disrupters have healthcare facilities in the crosshairs, creating chaos with phishing campaigns and ransomware attacks.

Join this must-see session with thought leaders and decision-makers in the healthcare sector to learn about the cyber threats plaguing our healthcare system.

Key Session Takeaways Include:

• Gain an understanding of why protecting healthcare presents unique challenges
• Understand which threats are most concerning
• Gather practical advice on how you can help protect the healthcare industry from cyber threats, even in today’s challenging environment

Although most public and media attention has been directed toward the crisis of finding nurses and doctors, it is equally challenging to meeting staffing requirements in Cybersecurity. Healthcare organizations are in a particularly challenging situation in that they are competing against each other, but also the private market.

With emerging literature and data we are finding the role of CSIO becoming increasingly stressful. From being on call 24/7 to the high stakes decision making taking place many times a day, it takes a specific type of person to excel in this role.

Key Session Takeaways Include:

• What is the current landscape for cyber employment, and tech in general
• What impact does public sentiment play when attitudes for the healthcare system is negative
• How can organizations create excitement for the role, appeal to values and purpose, and provide tangible mentorship and career advancement opportunities
• How should we focus on the individual during incidences, particularly concerning health and welfare during a period of stress with a heavy workload
• What is the data showing us? What has been staff feedback?

The healthcare delivery environment has become increasingly complex, and dynamic, due to the strategic efforts to drive a more distributed care delivery model to expand patient’s access to care. Lee Gardner is here to share how your Health IT and Cybersecurity teams can reduce complexity, eliminate inefficiencies, and enable a consistent, secure, and reliable digital experience so your clinical and non-clinical workforce can access the necessary applications, services, and data, to provide patient-centric care, from anywhere in the world.

Join this session to learn more about:

• What your Network and Security Architects are challenged with in an ever-evolving threat landscape.
• How healthcare leaders are ensuring continuity of care, reducing total cost of ownership, streamlining operations, and achieving cyber transformation.
• What challenges arise out of a point solution approach for IT and Security professionals.

The healthcare sector remains a prime target for cybercriminals. To strengthen the healthcare sector’s cyber resilience and security posture, Ontario Health established a Provincial Cyber Security Model that allows the sector to enhance the protection of patient information and help mitigate operational service disruptions while safeguarding the province’s digital health assets.

During this session, Ontario Health will further elaborate on the evolution of the model, including its incident response notification guidance and how the next phase will better strengthen the cyber capabilities of health service providers and contribute to a more resilient digital health system in Ontario.

Key Session Takeaways

• Critical shifts to Ontario Health’s Provincial Cyber Security Model
• Importance of information sharing at scale across the healthcare sector
• Operational next steps for the acute sector

Cybersecurity threats appear quickly and are becoming more innovative and hostile. This presents an ever present threat to hospital operations and patient safety.

Join in the discussion as our panel of cybersecurity leaders discuss some of their thoughts on where we are and were we need to be in the world of cybersecurity defence.

Key Session Takeaways Include:

• What’s next in terms of cyber threats to hospital operations
• What are they currently working on
• How should hospitals prepare and respond, whether big or large
• What do they want to be focusing on
• Educating and preparing the board
• What are the KPIs from the board perspective – building standardization

Healthcare organizations are targets of cyber attacks including, social engineering attacks, ransomware attacks, and data exfiltration. Establishing standardized baseline cybersecurity controls at each healthcare organization is becoming more vital to the protection of patient data, and care.

With this in mind, with the support of Public Safety Canada and HealthCare CAN, the Digital Governance Standards Institute is developing a standard to support cyber resilience in the healthcare system. What will the standard look like, and what do you need to know going forward?

Key Session Takeaways Include:

• What should be the minimum requirements for cyber security in healthcare organizations
• How can we establish standards across different provinces, and organizational sizes
• What should best practices look like
• What are the next steps and how can you provide input

Healthcare remains one of the biggest targets for cyberattacks globally. Healthcare data is comprehensive and provides all of the materials cyber criminals need for their nefarious purposes. Moreover, the use of IoT/OT devices and shared workstations mean that healthcare IT is susceptible to threats, including ransomware and data breaches.

New data extracted from the HHS/OCR data breach portal shows us that in 2022 there were 546 major data breaches due to Hacking/IT, which reflects a 4 percent increase over the 521 major data breaches due to Hacking/IT in 2021. These data breaches in 2022 included the sensitive and private healthcare records of over 43 million people.

Join this session to learn how to:

• Detect threats in healthcare networks early in the kill chain
• Protect standard and non-standard devices such as OT/IoT anywhere
• Improve SecOps efficiency with unparalleled visibility and automation

Every year there are Global cyber incidents in healthcare settings that seem improbable, and many others that seem clever. Despite our best efforts, hackers somehow manage to get through. What trends are we seeing, and what can we learn from these breaches?

Key Session Takeaways Include:

• What vulnerabilities are being exploited most, and how can we reverse this?
• Which codes are being deployed, and by whom? What emerging threats are we seeing?
• What incidents are being defeated, and how?

Securing information and infrastructure environments is difficult for any industry but particularly difficult for healthcare. Our panelist will address what is vital to remaining productive and resilient in an environment that is continuously under attack.

• Understand the landscape of healthcare’s attack ecosystem and highlight some of the common pitfalls
• What controls do hospitals need to think about in order to ensure a secure digital health care information system

Healthcare cybersecurity teams continue to struggle with both cyberattacks and keeping up with the velocity of vulnerabilities as they continue to rise in the number the frequency at which they’re disclosed.  While cybersecurity teams continue to leverage traditional vulnerability management approaches, there are additional aspects that can be incorporated into the assessment process to further aid in prioritization as well as greater upfront risk reduction. 

With the threat landscape continuing to evolve and with no signs of slowdown in resulting attacks, adoption of new techniques is paramount for risk reduction. This session will discuss additional lens with which healthcare security teams can leverage to prioritize vulnerabilities across the entirety of their environment. 

Key Session Takeaways:

• Understand why traditional vulnerability management approaches are limited in effectiveness particularly in healthcare organizations
• How do cybersecurity teams adapt to the changing vulnerability landscape?
• What additional dimensions to vulnerability assessment can be leveraged to help focus their remediation efforts for the greatest attack surface reduction?
• Practical next steps to start the evolution of your vulnerability management program

The challenges unique to the CIO role necessitates some information sharing and lessons learned; yet, it is imperative to be vigilant against divulging your strengths, vulnerabilities and areas of focus.

In this closed-door CIOs only session, you will be free to gather with your peers to exchange ideas, strategies, findings, and other areas of concern in private.

Drawing upon the discussions we have heard over the last couple of days, this fireside chat will highlight the most salient solutions to the challenges we are all facing.

Through a unique question and answer session we will build out how we as a collective can best proceed to protect our systems, be more resilient to cyber incidents – and ultimately ensure patient care services are maintained.