In this 6-week course we will explore the role of data governance in establishing a robust and successful Analytics Program within a healthcare provider organization and identify best practices for building such a program. The course is roughly divided in half: the first half focuses on data governance writ large. The second half looks at some best practices for presenting data visually and engaging people across the organization in the use of data.
Course Outcomes
By the end of this course, you’ll know how to:
• Effectively determine a Data Vision and Strategy with the right stakeholders at the table
• Apply Data Governance best practices of content management, data quality and analytics prioritization
• Assess options for tools to visualize your data
‚Ä¢ Create a phased approach of data maturity that will allow you to broaden and deepen data decisions 
• Build a data driven culture in your organization

In this 7 webinar series learn about Medical Device Security.  Each webinar episode is 90 mins long and includes time with industry-leading experts.  Join us for the entire webinar series or choose the episodes that fit your needs!

 

Episode 1 (1.5 hours) – Medical Device Cybersecurity – Thought Leaders 

July 6th 11:30 – 1:00 pm eastern 

 

Kicking off our Medical Device Cybersecurity webinar series are the Thought Leaders.  An expert panel representing Government Agencies, Physicians, MDM’s, HDO’s and Hackers will discuss today’s challenges, initiatives and possible solutions to the unbelievably complex problem of securing medical devices and protecting patient safety.  This discussion is perfect for executives and cyber practitioners who want to better understand the complexities of medical devices and how to mitigate risk at an enterprise level.  It will also feature topics covered in more detail during the rest of the webinar series.        

 

Episode 2 (1.5 hour) – Aligning Healthcare Cybersecurity for Connected Medical Devices

July 23rd 1:00 – 2:30 pm eastern

Two publications released by health industry public-private partnerships have impacted Medical Device Security more than any others.  A new law to, Recognize Cybersecurity Best Practices, was passed into law in 2021 based on one of them.  By adhering to the best practices detailed in the 405(d) Publication Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients, Healthcare Delivery Organizations (HDO) can potentially avoid fines, audits and post breach oversight from the Office for Civil Rights (OCR).  The second document is the Medical Device and Health IT Joint Security Plan is a cross-sector strategy for securing medical devicesJulie Chua, Erik Decker and Rob Suarez will discuss the publications and how they can be leveraged to improve cybersecurity postures, to increase patient safety and to reduce the risk of data loss.  

 

Episode 3 (1.5 hour) – Public Private Partnerships to Secure Medical Devices

Aug 5th 2:30 – 4:00 eastern 

 

Public-Private Partnerships have created task forces of health care industry stakeholders, cybersecurity experts, and any Federal agency as a response to the cybersecurity threats and laws that require compliance.  This presentation features the leaders from three important task groups that will assist attendees in understanding: Software Bill of Materials (SBoM), Securing Legacy Medical Devices and Contract Language Standards for Medical Devices.  

-        SBoM – a recent Presidential Executive Order called for the creation of an electronic SBoM

-        Legacy – learn the best practices for securing legacy and unsupported medical devices

-        Contracts – a framework of medical device security language designed to reduce the risk HDO’s

 

Episode 4 (1.5 hour) – Medical Device Discovery and Monitoring Tools 

Aug 17th 11:30 – 1:00 pm eastern

 

HDOs have recently turned to sophisticated security software architects in hopes of tackling this Wicked Problem of securing connected medical devices.  Their solutions automatically discover the entire inventory of medical devices, monitors network traffic for details, analyzes the device details that have been integrated with known and active vulnerabilities, determines anomalous device behavior and seamlessly provides policies to network enforcement tools to intelligently secure devices.  All of this is done simultaneously.  All of this previously unavailable and unrelated information is correlated in real time, prioritizing device risk and escalating alerts.  Jeff and Ben will explain how the technology works and can be applied to solve many of the problems associated with securing connected medical devices and operational technology.  

 

Episode 5 (1.5 hours) – Operationalizing, Standardizing and Contextualizing. 

Aug 31st 11:00 – 12:30 pm eastern 

 

Despite the increased awareness and assessment of operational technology (OT) security events and vulnerabilities using medical device discovery and security monitoring tools, HDO’s struggle to operationalize the tool data into traditional IT security defenses.  Effective OT security solutions must create one accurate inventory of OT assets, to include medical devices, and the important details about them, integrated with discovery and security monitoring tools.  

 

When an OT security event occurs, the detailed context about the affected devices is required.  Contextsupport the response and remediation steps that should consider the current operation of the device. The context includes elements such as maintenance history, current usage details, device owner, device location and the latest software, firmware versions, etc.

 

In addition, these solutions should provide orchestration, automation, and remediation response-based workflow.  Today we will discuss these solutions, integration, the workflows and how they ensure the safety and availability of OT, including medical devices and healthcare facilities systems.

 

Episode 6 (1.5 hours) – Mayo Clinic – Next Gen Tools for Medical Device Cybersecurity 

Sept 15th 11:30 – 1:00 pm eastern 

 

Over the last several years, Mayo has worked to align the health industry’s cybersecurity efforts to include medical device security providing actionable examples how Mayo Clinic’s program evaluated and operationalized medical device security technology.  The audience will learn the limitations of traditional cybersecurity solutions, why there is a need for a more targeted technology and the best practices Mayo found for implementing a medical device security solution.  Areas Mayo found most successful include defining mission, goals & objectives, determining needs, aligning to frameworks and Mayo’s existing security solutions which will be shared.  The presentation attendees will leave with clear understanding of the complex ecosystem and the Best Practices Mayo has implemented to secure their medical and OT devices.

 

Episode 7 (1.5 hour) – A Business Case for Next Gen Medical Device Solutions

Sept 27th 11:30 – 1:00 pm eastern 

 

New medical device and OT security technology is built on the powerful capabilities of artificial intelligence (AI) and machine learning (ML).  They are delivering the ability to secure what is, according to HHS, one of the most significant risk to patients and hospitals, the Internet of Medical Things (IoMT).  Due to limited budgets, these specialized solutions are dismissed, and traditional network security tools, designed for laptops, desktops and servers, are acquired instead. But perimeter security alone is failing over and over. 

 

What compliance, infosec and information technology specialists do not understand is how these tools also benefit operational cost savings and asset management improvement for the hospital’s most expensive equipment.  By deploying medical device security solutions to reduce cybersecurity risk levels, improve compliance and increase patient safety, a hospital can increase revenue, decrease costs and improve patient satisfaction as a result of new utilization management functionality.  This session will equip attendees with the information they need to construct a compelling business case and ROI for the technologies required to secure connected medical and OT devices.         

Ty Greenhalgh and Special Guests:

  • Jessica Wilkerson – FDA Policy Advisor
    • Jessica Wilkerson is a Cyber Policy Advisor with the All Hazards Readiness, Response, and Cybersecurity (ARC) team in the Center for Devices and Radiological Health (CDRH) within the Food and Drug Administration (FDA). As part of ARC, she examines issues and develops policy related to the safety and effectiveness of connected medical devices. She received a B.A. in Policy Studies and minors in Computer Science and Mathematics from Syracuse University, and a J.D. from the Catholic University of America’s Columbus School of Law.
  • Jeff Tully – Physician, Hacker, Activist
    • Jeff Tully is a security researcher with an interest in the intersections between medical technology and patient safety. His work on 911 infrastructure vulnerabilities, exploitation of HL7 protocols, and simulations of hacked medical devices has been featured at RSA-C, DEF CON, Black Hat, and in the national media. He is a co-founder of the CyberMed Summit, a clinically focused healthcare cybersecurity conference, and during his day job as an anesthesiologist focuses primarily on the delivery of oxygen to various tissues.
  • Greg Garcia – Conduit Driving Cybersecurity for the Healthcare Industry 
    • Greg Garcia is the Executive Director for Cybersecurity of the Health Sector Coordinating Council, the convening organization for critical healthcare infrastructure organizations working in partnership with HHS and other government agencies to protect the security and resilience of the sector, patient safety and public health.
  • Rob Suarez – Medical Device Manufacturing Expert with BD
    • Rob Suárez serves as Chief Information Security Officer and oversees cybersecurity across the BD’s enterprise, IT and manufacturing systems. Rob currently chairs the Cybersecurity Steering Committee for the Medical Device Innovation Consortium and the Cybersecurity Working Group for AdvaMed. He was also one of three leaders to co-chair the public-private Healthcare and Public Health Sector Coordinating Council (HSCC) Med Tech Cybersecurity Risk Management Task Group, which issued the seminal Medical Device and Healthcare Information Technology Joint Security Plan (JSP) in 2019.
  • Julie Chua – Head of HHS’ GRC Division
    • Julie Chua is the Director of Governance, Risk Management and Compliance (GRC) Division within the U.S. Department of Health and Human Services (HHS) Office of Information Security (OIS).  Julie is also the Federal Lead for the implementation of the Cybersecurity Act (CISA) of 2015, Section 405(d): Aligning Healthcare Cybersecurity Approaches.  This public-private partnership effort is one of many HHS cybersecurity initiatives to help push forward the cybersecurity and resiliency of the HPH sector.
  • Erik Decker – CISO & Privacy Officer
    • Erik Decker is the Chief Information Security Officer for Intermountain Healthcare, a multi-state integrated delivery network based in Salt Lake City, Utah.  He is currently Co-Leading a Department of Health and Human Services (HHS) task group of more than 250 industry and government experts across the country for implementing the Cybersecurity Act of 2015, 405D legislation within the Healthcare sector. Erik is the previous Chair of the Association for Executives in Healthcare Information Security (AEHIS) Board.  In 2019 he was awarded the ISE® North America Executive: Academic/Public Sector. In 2018 he served as an expert witness to the House Committee on Energy and Commerce, Subcommittee on Health. In 2017 he was awarded the Chicago CISO of the Year.
  • Rob Suarez – Medical Device Manufacturing Expert with BD
    • Rob Suárez serves as Chief Information Security Officer/VP and oversees cybersecurity across the BD’s enterprise, IT and manufacturing systems. Rob currently chairs the Cybersecurity Steering Committee for the Medical Device Innovation Consortium and the Cybersecurity Working Group for AdvaMed. He was also one of three leaders to co-chair the public-private Healthcare and Public Health Sector Coordinating Council (HSCC) Med Tech Cybersecurity Risk Management Task Group, which issued the seminal Medical Device and Healthcare Information Technology Joint Security Plan (JSP) in 2019.
  • Samantha Jacques – 
    • Samantha Jacques is the Vice President of Clinical Engineering at McLaren Health Care, headquartered in Grand Blanc, Michigan. McLaren is an integrated health network including 15 hospitals, ambulatory surgery centers, imaging centers and Michigan’s largest network of cancer centers. She is the vice-chair of the AAMI Healthcare Technology Leadership Council and a member of the Healthcare Sector Coordinating Council. She is active in ACCE, the Medical Device Serving Community and CHIME and has recently co-authored a book entitled “Introduction to Clinical Engineering”. Prior to McLaren, she was Director of Clinical Engineering at Penn State Health and Texas Children's Hospital. She has a PhD in Biomedical Engineering and is a fellow of the American College of Healthcare Executives.
  • Mike Powers – Director of Clinical Engineering, Intermountain Healthcare
    • Mike Powers is a Clinical Engineering Director at Intermountain Healthcare, headquartered in Salt Lake City, Utah.  Intermountain is a health network including 23 hospitals, a medical group, ambulatory surgery centers, insta-care clinics, and imaging centers.  He co-leads a task group for the Health Sector Coordinating Council on Legacy Medical Device Cybersecurity.  He is a member of the AAMI Healthcare Technology Leadership Committee. Prior to Intermountain, he was the Clinical Engineering Quality Manager at ChristianaCare Health System. He has a MBA in Healthcare Administration from Wilmington University and is a Certified Healthcare Technology Manager, Diversity Professional and Medical Device Auditor. 
  • Alex Wolfe – Cybersecurity Specialist, Cleveland Clinic
    • Alex Wolf is a Cyber Security Specialist at the Cleveland Clinic Foundation. He has held a number of roles in Information Technology over the last nine years. The last four years have been dedicated to cybersecurity including roles in alerting, monitoring, and risk management of both IT and OT devices. Alex has earned GSEC and GNFA certificates from SANS. Alex has spent the last year contributing to the HSCC Model Contract Language project. During that time, he has been a subgroup lead for the performance section of the model contract language project.
  • Jeff Horne – Chief Technology Officer, Ordr 
    • Jeff Horne is currently the CSO at Ordr where he is responsible for security direction both within Ordr products and internal security. Before joining Ordr, Jeff was the VP of Information Security for Optiv where he was responsible for all Security Operations, Governance Risk and Compliance, Endpoint, Internal Incident Response, Physical Security, and Employee Security Awareness groups. 
      • SpaceX - Senior Director of Information Security for SpaceX 
      • Accuvant - Vice President of R&D and Chief Architect 
      • Webroot Software - Director of Threat Research 
    • Jeff began his career as a Vulnerability Researcher at Internet Security Systems where he was responsible for vulnerability discovery, exploit creation, IDS evasion research, and behavioral detection of malware. Jeff is well known for his insight in interviews for numerous news channels and publications, speaking roles at various security conferences, as well as authoring several vulnerability disclosures and patents.
  • Benjamin Stock – Director of Healthcare Product Management, CBET Ordr 
    • Benjamin Stock is the Director of Healthcare Product Management at Ordr. Previously, Ben worked as the Director of Clinical Equipment Systems and Project Support at SSM Health in St. Louis, MO. With more than 15 years of experience in healthcare technology management, his wealth of knowledge in the Clinical Engineering space allows him to be a wonderful advocate for Ordr healthcare customers.  
  • Kurt Griggs - HTM Manager Mayo Clinic
    • Kurt’s career has focused on Auditing and Security Management of Information Technology since 1999.  Mayo Clinic employed Kurt as an IT/IS Audit leader for 8 years and within the last 2 years as a Senior Information Security Analyst in the Health Technology Management department. He co-leads the evaluation and implementation of Mayo’s recent Medical Device and IoT Security solution.  Kurt remains a Mayo Clinic subject matter expert on medical device security and the integration of security technologies into their ecosystem. Mr. Griggs is an active member of the Department of Health and Human Services 405(d) Group which is currently expanding the medical device security recommendations of the award-winning HHS national publication of best practices, “Health Industry Cybersecurity Practice. He is also an active member of the H-ISAC’s Medical Device Security Information Sharing Council (MDSISC) Group which is responsible forbringing together stakeholders in the medical device security arena to develop solutions, identify best practices and facilitate the exchange of information that will result in a more efficient and secure use of medical devices and related practices. 

And many more!

Episode 1 (1.5 hours) – Medical Device Cybersecurity – Thought Leaders 

Date: July 6th at 11:30 – 1:00 pm eastern 

 

Episode 2 (1.5 hour) – Aligning Healthcare Cybersecurity for Connected Medical Devices

Date: July 23rd at 1:00 – 2:30 pm eastern

 

Episode 3 (1.5 hour) – Public Private Partnerships to Secure Medical Devices

 Date: Aug 5th at 2:30 – 4:00 eastern 

 

Episode 4 (1.5 hour) – Medical Device Discovery and Monitoring Tools 

Date: Aug 17th at 11:30 – 1:00 pm eastern

 

Episode 5 (1.5 hours) – Operationalizing, Standardizing and Contextualizing. 

Date: Aug 31st at 11:00 – 12:30 pm eastern 

 

Episode 6 (1.5 hours) – Mayo Clinic – Next Gen Tools for Medical Device Cybersecurity 

Date: Sept 15th at 11:30 – 1:00 pm eastern 

 

Episode 7 (1.5 hour) – A Business Case for Next Gen Medical Device Solutions

Date: Sept 27th at 11:30 – 1:00 pm eastern 

 

Price: $599.00
No. Seats: