SI 2019 CISO Summit Highlights

The SI 2019 CISO Summit sponsored by Deloitte was held October 24 & 25. Co-hosts CHRISTUS VP and CISO Fernando Blanco and BayCare VP and CISO Thien Lam welcomed 21 chief cybersecurity officers and other healthcare IT security executives from across the country to the CISO Summit convened at the Hyatt Regency on the beautiful San Antonio River Walk.

Deloitte’s Raj Mehta kicked off the two-day meeting with a “Cyber Breakout Room” exercise that used an escape-room type game to foster deeper security awareness. Participants were dared to solve seven challenges within 20 minutes focused around unlocking a laptop infected with ransomware.  Seven security executive volunteers did it in eight minutes, breaking the previous Deloitte record of 11 minutes!  The world record-setting game participants included Ron Mehring, Michael Erickson, Alex Ludwinek, Mike Czumak III, Tom August, Preston Jennings and Scott Dresen.

To wrap up the afternoon session, the group tackled “Next-Generation Cybersecurity: Trends and Issues,” exploring the challenges and complexities in the context of healthcare trends such as consumerism, interoperable data and the cloud. Discussion focused on the characteristics of healthcare transformation in the context of:

  1. Agility;
  2. Increasing complexity of eco-system & alliances;
  3. Explosion of connected devices, wearables, IoT & medical devices;
  4. User-friendliness of cyber-risk prevention tactics;
  5. Digital privacy in an era of data sharing; and
  6. Artificial intelligence-related cyber-risk management considerations.

 

"It's All About the Data" chart
“It’s all about data” Click to see full-size.

 

On Day 2, CHRISTUS’ Fernando Blanco introduced case study presentations focused on next-level technical architecture:

  • Memorial Sloan Kettering Cancer Center’s AWS Hybrid Cloud Architecture Design, presented by Mike Czumak, VP & CISO, MSKCC
  • Cloud Security and O365, presented by Preston Jennings, EVP Information Security & CISO, Trinity Health

On cloud, virtual and remote monitoring:

  • Texas Health Resource’s Continuous Monitoring, Event Triage & Reporting, presented by Ron Mehring, VP Technology and Security & CISO, THR
  • Trinity’s Threat Intelligence Investments/Results, presented by Preston Jennings, CISO, Trinity Health

On board and executive management reporting:

  • Strategic Business Risk/Cyber Controls, presented by Tom August, VP & CISO, John Muir Health
  • Offshore Exception Tracking/Reporting, presented by Fernando Blanco, CHRISTUS Health

On future business-model infrastructure:

  • Business Model Evolution, presented by Mike Gomez, VP & CISO, Bon Secours Mercy Health
  • Workforce of the Future, presented by Michael Erickson, CISO, Baptist Health

Fernando Blanco, Thien Lam, and SI Executive Director Janet Guptill wrapped up the 2019 SI CISO Summit by summarizing the sessions, placing them in the context of the ongoing healthcare cybersecurity conversation nationally and globally, and then inviting everyone to the 2020 SI CISO Summit to be hosted by Baptist Health in Louisville in May 2020.

Summit Attendees

Thomas August

VP and CISO, John Muir Health

    Fernando Blanco

    VP and CISO, CHRISTUS Health

      Chris Convey

      VP and CISO, Sharp HealthCare

        Michael Czumak, III

        VP and CISO, Memorial Sloan Kettering Cancer Center

          Scott D. Dresen, MBA, FACHE, FHIMSS

          SVP and CTO/CISO, Spectrum Health

            Michael Erickson

            CISO, Baptist Health

              Michael Gomez

              VP and CISO, Bon Secours Mercy Health

                Todd Greene

                AVP and CISO, Atrium Health

                  Kevin Hamel

                  CISO, Baystate Health

                    James L. Hanson

                    Regional Information Security Officer, Avera Health

                      Todd Hill

                      Director, IT Security and Deputy CISO, Baptist Health

                        Preston Jennings

                        EVP, Information Security and CISO, Trinity Health

                          Thien Lam

                          VP and CISO, BayCare Health System

                            Mark Lantzy

                            CIO, IU Health

                              Alex Ludwinek

                              Director of Cyber Risk Management and IAM, Memorial Hermann Health System

                                Kathryn McClellan CHCIO

                                SVP and CIO, Froedtert Health Inc.

                                  Ron Mehring MBA, CISSP

                                  CISO, VP of Technology & Security, Texas Health Resources

                                    Brad Sanford

                                    CISO, Emory University, Emory Healthcare

                                      Pavel Slavin

                                      VP and CISO, Froedtert Health

                                        Paul VanAmerongen

                                        VP and CISO, UW Health

                                          Not pictured: Barry Beckett, VP and CISO, Houston Methodist

                                          Sponsors

                                          Raj Mehta

                                          Partner, Deloitte

                                            Anant Sethi

                                            Advisory Manager, Deloitte

                                              Not pictured: Anand Dedhia, Manager, Deloitte