SecureWorld Healthcare Virtual Conference 2025

Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

Session description to come.

Hospitals are more than just places of healing; they are critical infrastructure vital to national security. This session explores the unique challenges faced by healthcare security teams in safeguarding patients, staff, and sensitive data during large-scale events. From natural disasters to cyberattacks and pandemics, we’ll examine how to build resilience, ensure continuity of care, and protect this vital sector. We will discuss how Operational Technology plays into the security of the org.

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

Neurodiversity. What is it, what are the traits, and why are people with these traits attracted to the cybersecurity fields?

Rick Doten has managed technical cybersecurity staff for more than 25 years. He’s observed how we have special skills and abilities to perform the work we do; things like identifying patterns, spotting anomalies, learning new information quickly, troubleshooting, and being able to hyperfocus on a tasks until they’re resolved. Rick highlights how some traits help you naturally be good at some cybersecurity roles.

This has been a special interest of Rick’s for the last couple years, and he have taken dozens of hours of clinical training to become a certified clinical specialist in Autism and ADHD. He discusses topics such as executive functions, which are the cognitive skills that regulate emotions, impulse control, attention, time management and others, how to manage focus and distractions, and what motivates people.

He’ll talk about accommodating these executive functions, how to better gain motivation and focus, and even how people with neurodiversity can be better in interviews.

Rick provides techniques, tools, and even apps to help people with neurodiversity be more productive and successful. He lists apps and life hacks to help initiate tasks, manage time, working memory, and reduce procrastination.

Rick’s goal is to celebrate how it’s okay that we are different, because the cybersecurity community is a tribe of neurodivergent people who accept, support, and encourage each other.

In this session, we’ll go over the code for a multi AI agent system that operates over patient data. We’ll go over what makes it insecure, demo exploits, and then take a look at how to mitigate these threats.

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

The human element of security is one of the most difficult to predictand therefore to secure. Additionally, one of our biggest challenges is building a security awareness program for those who may have never been subjected to one by understanding the aversion to buying into the security program. We have great written resources and guidance from things like NIST 800-53, but it’s much more challenging to overcome the sociological elements of the human factor that prevent success of security-aware cultures, such as aversion to technology, fear, uncertainty, doubt, and simply non-malicious human error. As security professionals, we may lose sight of the fact that the professionals we support also have other jobs. So learning and focusing on security controls can be stressful and daunting.

Incorporating change management methodologies rooted in the psychology of human behavior, such as ADKAR (Awareness, Desire, Knowledge, Ability, and Reinforcement), can assist us as security professionals in facilitating more impactful cultural change through understanding why employees we support act and react the way they do and what other environmental or social factors may influence their decision-making and thought processes. It can also help us gain buy-in from our leadership, nudging from the bottom up, while leading by example from the top down.

The ADKAR change model has been proven to help individuals understand and accept change so companies can successfully innovate and become more efficient. As security professionals, we have to be conscious that security program costs contribute to the rising costs of healthcare, goods, and services. And we often have to find unique and strategic ways to ingrain ownership of security functions within other departments to augment our limited resources. Building a security ambassador program using these change facilitation concepts will help drive cost-effective ownership of the security program throughout the entire organization, creating a deeper business resilience, reducing risk, and truly leading by example—proving we are stronger together.

While threat actors tend not to be picky when it comes to which organizations they target, healthcare provides a lucrative opportunity and is an industry threat actors keep coming back to. The sheer volume and value of the data these organizations contain, the lack of data hygiene, and an inclination to negotiate or pay a ransom due to regulatory pressures are some of the reasons healthcare organizations are so vulnerable to cyber attacks (and why threat actors are so successful).

As the number and cost of healthcare data breaches continues to rise, as a healthcare security practitioner it’s important to get a clear picture of just how this damage is done. In this presentation, we’ll step inside the minds of a threat actor to outline who they are, their motivations, and techniques they use to be successful. We’ll also share real-life scenarios of successful breaches that have had an impact on patients themselves. Attendees will walk away with best practices their organization can utilize to reduce the risk of exposing patient information and healthcare data to the wrong hands.

Takeaways:

• Why healthcare is one of the most targeted industries
• The motivation of threat actors to target healthcare
• How threat actors operate
• The tactics and techniques used to successfully infiltrate healthcare systems and databases
• Whether SaaS applications are an enabler (or detractor) to threat actors
• Best practices your organization can implement today to prevent a cyber attack

Questions: 

1. Why is healthcare one of the most targeted industries?a. Challenges range from end user access to medical records and services, to medical operations (and equipment) that any incident might jeopardize human lives, all the way to the production floor with pharmaceutical production.
   b. Volume and value of the data these organizations contain, the lack of data hygiene, and an inclination to negotiate or pay a ransom due to regulatory pressures
   c. Understanding the threats involved around these fields will enable us to further protect against them.
   d. What CISOs are worried about the most.
2.  More specifically, why do threat actors and groups target healthcare? (why are they after me?!)
   a. The profile of these threat actors
   b. Their psychology and motivation
   c. Why they specifically target healthcare
   d. And how successfully are they at targeting healthcare companies
3. How do these threat actors operate?
   a. State sponsored vs. online crime
   b. Initial access, access brokers, lateral movement. Share examples. How does this happen?
   c. Patch management, legacy medical devices,
   d. Extortion vs double-triple-quadruple extortion
   e. Whether SaaS apps are an enabler or detractor to threat actors
4. Can you share specific examples of major healthcare attacks that have impacted human lives? Example: cyber attack on an Israeli hospital
5. What can security leaders and practitioners do to protect customers and organizations from being breached. Best practices to prevent.
6. How does a SaaS security solution help to prevent advanced and complex threats?

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

The healthcare industry stands at the threshold of its most significant cybersecurity transformation in over a decade with the December 2024 HIPAA Security Rule update. This presentation unpacks the sweeping changes proposed in the Office of Civil Rights’ 330+ page Notice of Proposed Rulemaking, highlighting how these modifications will reshape healthcare cybersecurity practices.

At its core, the update eliminates the ambiguous “addressable” implementation specifications that have long allowed healthcare organizations to sidestep crucial security measures. The new rule mandates specific security controls including bi-annual vulnerability scanning, annual penetration testing, encryption requirements, multi-factor authentication, and network segmentation.

We’ll explore how these changes reflect the evolution from paper-based records to today’s digital healthcare ecosystem, and why traditional compliance approaches will no longer suffice. The presentation will detail practical implications for healthcare organizations, including new documentation requirements, specific timeframes for access management, and enhanced backup and contingency planning protocols.

Whether you’re a healthcare administrator, IT professional, or compliance officer, understanding these forthcoming requirements is crucial for maintaining HIPAA compliance and protecting patient data in an increasingly complex threat landscape.

In an era dominated by the digitization of health records, the internet of medical things, and the relentless rise of artificial intelligence, the proliferation of Protected Health Information (PHI) demands heightened cybersecurity efforts from healthcare providers. A pivotal 2018 whitepaper revealed that the healthcare industry generated a staggering 30% of the world’s data volume that year. Fast forward to 2025, where the compound annual growth rate of healthcare data has surged at an astonishing 36%, outpacing manufacturing by 6%, financial services by 10%, and media & entertainment by 11%. As the custodians of this digital deluge, healthcare practitioners must remain vigilant.

References: Coughlin et al Internal Medicine Journal article “Looking to tomorrow’s healthcare today: a participatory health perspective”. IDC White Paper, Doc# US44413318, November 2018: The Digitization of the World – From Edge to Core”.

This presentation not only delves into a spectrum of cybersecurity best practices but also provides crucial insights into crafting an effective Incident Response (IR) plan. As we explore the labyrinth of strengths and weaknesses in cybersecurity measures, we’ll guide you through the essential components your IR plan should encompass. Join us in securing the future of healthcare data while fortifying your practice against the evolving landscape of digital threats.

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

When a data breach or other cyber incident happens, having a plan in place can mean the difference between a quick recovery and unwanted headlines and irreparable harm to stakeholder trust.

This presentation will provide a comprehensive overview of the current cyber landscape, focusing on both global and domestic government-related threats and incidents. We will delve into recent high-profile attacks, explore emerging trends, and discuss the evolving tactics employed by cybercriminals and nation-states. Additionally, the presentation will examine the ongoing challenges faced by governments in protecting critical infrastructure, securing sensitive data, and mitigating the risks posed by cyber espionage. By understanding the latest developments in the cyber threat environment, attendees will gain valuable insights into safeguarding government networks and systems.