December 11-12 | San Francisco


Day One
Tuesday, December 11 2018

Day Two
Wednesday, December 12 2018

Breakfast & Registration

Connected Device – Regulatory Framework Evolution

Chair’s Opening Remarks

  • Greg Garcia Executive Director for Cybersecurity, Healthcare Sector Coordinating Council

The Fast Evolving IoT World – How Can You Ensure Your Patients’ Data is Safe?


  • Introduction of NIST and recent projects in cybersecurity
  • Addressing the increasingly connected world and devices – where should you save your patients’ data and how do you know it’s safeguarded?
  • Understanding the healthcare system and network infrastructure to mitigate cybersecurity risks

How Are You Handling Your Legacy Products from an Infrastructure Perspective?

  • Joern Lubadel Director of Service & IT Healthcare Support, B Braun Medical US


  • Legacy products’ network and infrastructure healthcheck
  • Risks of migrating and upgrading
  • Validating the security and compliance: it’s not a check box exercise
  • Experience and lesson learned

Technology Opportunities and Challenges

Securing Connected Devices: Use Cases of Cyber AI


The cyber-threat landscape is changing. In addition to high-speed attacks, today’s most sophisticated threat-actors are playing a longer game – one that is silent and stealthy. Their objective is to disrupt operations, undermine trust, or simply learn trade secrets by going undetected inside networks.

Digital environments are changing too. Increasing digitization, the surge of IoT devices, and the cloud mean that network boundaries are more porous than ever. Securing the perimeter simply isn’t possible.

To defend against threats that are continually evolving, tomorrow’s cyber security must go beyond looking for yesterday’s attacker – it must find what it doesn’t know to look for. AI technologies have led to the emergence of self-learning, self-defending networks that achieve this – detecting and autonomously responding to in-progress attacks in real time. These cyber immune systems enable the security team to focus on high-value tasks, can counter even machine-speed threats, and work in all environments, including the cloud.

In this session, learn about:

  • Overview of the challenges posed by the advanced threat landscape and increasingly complex business networks
  • How IoT and industrial IoT are complicating security teams’ efforts to secure patient data, IP, and business networks
  • Why AI is uniquely able to detect threats or vulnerabilities introduced by connected devices
  • Real world use cases of customers who are using cyber AI to defend their connected devices, comply with policies, and secure their organizations

Morning Refreshments & Speed Networking

Navigating the Connected Devices Regulatory Landscape

  • Robert Ezzel Associate Director of Global Regulatory Affairs, Sanofi


  • First tip – be engaging and open with the FDA
  • Sanofi’s journey in joint partnership to develop connected devices – what does
    it look like?
  • How to re-define your regulatory pathway for pre-certification and can we
    learn something from Apple?

A Shift of Mindset – How to Develop a Secured and Compliant Connected Device


  • From pharma/ device manufacturer to tech – a forward looking step and change of mind and skill sets
  • How to develop a secured and compliant connected device, particularly from a software perspective
  • Thinking ahead – your launch designation and compliance landscape, comparing and contrasting US and EU requirements

Panel Discussion: Security Challenges for Network Connectable Devices in Healthcare Ecosystems

  • Justin Heyl Cybersecurity Director Business Development, Innovations & Strategic Partnerships , UL LLC
  • David Presuhn Connected Device Management Expert, Boston Scientific
  • Matthew Jones Clinical Engineering Security Specialist, Intermountain Healthcare
  • David Scott Product Security Officer, BD


  • Differences between remote/mobile and clinical environments
  • Integration into healthcare delivery organizations
  • Application of FDA draft cybersecurity guidance

Lunch & Networking

Collaboration with Your Multiple Stakeholders

How Can a Healthcare Payer Embrace Disruption through Innovation?

  • Timothy Berendt Director of Innovation, Blue Cross Blue Shield of Massachusetts


  • A complete organizational and cultural change for real innovation – how to execute this?
  • A different approach: progress inside and outside of a skunkworks operation
  • The KYC benefits: develop a product that your customers want and will use

INTERACTIVE WORKSHOP: Cybersecurity For Medical Devices Is A “Team Sport”

  • David Snyder Principal Consultant, 42tek
  • Deb Muro Chief Informtaion Officer, El Camino Hospital
  • Jason Johnson Information Security Officer, Marin General Hospital
  • Matthew Jones Clinical Engineering Security Specialist, Intermountain Healthcare
  • Christine Sublett President & Principal Consultant, Sublett Consulting, LLC


Interoperability and compatibility of network-connected medical devices in hospitals and clinics have been key concerns for pharma and device manufacturers and now cybersecurity, too.

This interactive workshop will focus on how pharma and device developers can collaborate with hospitals and clinics to help make sure these medical devices are set up and managed to protect patients’ privacy and safety. Through exercises and open discussion, pharma and device manufacturers can reflect on the perspectives of hospitals and clinics regarding best practices. This highly interactive and hands-on session will be conducted by a team with
diverse backgrounds, including a hospital CIO, a clinical engineer, a hospital information security officer, and two neutral cybersecurity consultants to facilitate and moderate. By the end of this session, you will be equipped with:

  • Considerations during procurement, integration and operations
  • Defining best practice for device inventory management and monitoring device behavior and network traffic for potential cybersecurity attack indications
  • Ways of thinking about the issues in term of people, process, and technology
  • Views on how connected medical device cybersecurity can be approached as a ‘team sport’ involving collaboration among manufacturers, regulators, providers (hospitals and physicians), supply chain, and patients
  • Understanding of how hackers plan their attacks
  • Ideas for ways potential risks may be mitigated

There will be group exercises and case studies for the best learning experience.

An afternoon networking break will be served half-way through this session.

Chair’s Closing Remarks

  • Greg Garcia Executive Director for Cybersecurity, Healthcare Sector Coordinating Council

Close of Day 1