Healthcare Privacy and Security Offerings at the HIMSS17 Annual Conference

By Aaron Hayden, HIMSS Privacy and Security Committee Member

Cybersecurity has become a topic of great interest to the health sector, in light of the vast number of breaches and other compromises that healthcare organizations have experienced.  Further, in order to realize the value of health information technology, patient information and other data must be kept safe and secure.  This is where cybersecurity plays a key role in patient care and patient safety.  With the many educational offerings at HIMSS17, you can gain the knowledge you need to not only protect your organization’s data, but protect your patients.

The Cybersecurity Forum on Sunday, February 19 will feature a variety of topics pertaining to cybersecurity from leading experts in the health sector. This forum provides an additional opportunity to focus on security topics and join a cohort of colleagues who specialize in securing sensitive information.  Alternatively, you can attend the Medical Device Security Symposium or the Implementing Cyber-Hygiene with the Updated Critical Security Controls workshop on the same day.  

The HIMSS Cybersecurity Command Center, a focal point for all things security-related, will be returning to HIMSS17. Look for it in exhibit Hall A, booth 376.  The HIMSS Cybersecurity Command Center will feature some notable talks on the Tuesday and Wednesday of the conference. Here’s what you can expect to find:

  • On Tuesday, February 21st at 10:00 am, Kevin Johnson, CEO of Secure Ideas, will share his experiences and perspective on stress testing a mature security program through penetration testing. A true pen test mimics the approach of an adversary who is knowledge in evading security controls, but isn’t necessarily familiar with the internal network. The “black box” approach is what defines a real penetration test; this is what makes it a valid test of both technical security controls and, when you engage a pen tester without notifying your IT department, incident response procedures.
  • On Tuesday, February 21st at 2:00 pm, Axel Wirth, Solutions Architect with Symantec, will present a session on defense in depth strategies for protecting medical devices, which are typically network-enabled hosts that are difficult to harden due to embedded operating systems and network architecture constraints. Securing these devices is a similar problem to securing the thousands of “Internet-of-things” devices that have been hijacked to participate in the distributed denial of service (DDoS) attacks plaguing the Net recently.
  • On Wednesday, February 22nd at 1:00 pm, David Houlding, Director of Healthcare Privacy and Security at Intel, will speak to a framework developed by Intel, the Healthcare Breach Security Assessment Program, which analyzes critical security controls through the lens of eight root causes of data breach. The tool is designed to identify the maturity of components of the Information Security Program, gauge readiness for the common types of breach, and help healthcare and life sciences organizations to prioritize resources in the name of reducing the likelihood of a data breach.

During the main conference, you can participate in many cybersecurity sessions. There are at least eight pages of them on the schedule.

Medical device security is emerging as one of the more prominent themes this year. The following sessions are not to be missed if this is an area you want to focus on while at the HIMSS17 conference:


February 20 at 10:30AM: The Evolving State of Medical Device Cybersecurity

Suzanne Schwartz, Associate Director for Science and Strategic Partnerships of the FDA, will present on the challenges of securing medical devices and on new FDA guidance on the clinical operation.

February 20 at 12:00PM: Breaches and Ransomware! How Does Your Security Compare?

Ron Mehring, VP at Texas Health Resources, will share recent research on data breach trends and how information sharing through industry groups can improve security for us all.

February 21 at 8:30AM: The Next Frontier in Medical Device Security

Denise Anderson, President of the NH-ISAC and Dale Nordenberg, MD, Co-Founder and Executive Director, the Medical Device Innovation, Safety and Security Consortium, will discuss on how collaboration and information sharing can address medical device security.

February 22 at 8:30AM: Optimizing Medical Device Safety: A Closed Loop Process

Shelly Crisler of the Department of Veterans Affairs will present on the tracking and reporting of the quality and patient safety component of medical devices.

February 22 at 10:00AM: Securing Wireless Medical Infusion Pumps - A Use Case

Gavin O'Brien, Computer Scientist with National Cybersecurity Center of Excellence of the National Institute of Standards and Technology, will share a standards-based approach to securing medical devices in a production environment.


Other highlights during the main conference cover all aspects of data protection, privacy, and security:


February 20 at 10:30AM: Beyond Audit Logs: Three-Tier Privacy Analytics

Darren Dworkin, CIO at Cedars Sinai, will share his experiences creating a data-driven monitoring and incident response program that can integrate with privacy analysis.

February 21 at 2:30PM: Case Study: Making the Right Investment in Security

Don Lindsey, CIO, Tallahassee Memorial Healthcare, will present on the advantages of creating a security-driven program as opposed to one based solely on compliance concerns.

February 23 at 12:00PM: How to Create Compliant Security Relationships with Vendors

Joe Piccolo, VP of Corporate Compliance at Inspira Health Network will address strategies for creating data use standards, auditing vendor compliance with them, and the regulation that moderates business partnerships.


Enjoy your time at #HIMSS17! I hope these highlights help you to plan your agenda and get the most out of your time in Orlando.


in health and IT meet.