AEHIS LIVE Archives

Join an exclusive focus group hosted by the CrowdStrike Healthcare team, designed specifically for healthcare executives seeking to enhance their security operations.

In today’s rapidly evolving cyber landscape, healthcare organizations face relentless threats targeting patient data and critical systems. Legacy security information and event management (SIEM) solutions are often overwhelmed, leaving incidents unresolved for hours or even days. This focus group offers a unique platform to connect with peers and explore how AI-powered SIEM solutions can revolutionize your SOC.

What You’ll Gain:
Visionary Insights: Discover the potential of AI-native SOCs to counteract evolving cyber threats with unmatched speed and precision.
Real-World Solutions: Share and learn strategies to overcome the common limitations of legacy SIEM systems in healthcare settings.
Collaborative Innovation: Participate in discussions about AI-driven threat hunting, automated incident response and next-generation technologies like AI-generated parsers that simplify onboarding and setup.

Don’t miss this opportunity to collaborate with industry leaders and uncover practical solutions to modernize your SOC and better protect your healthcare organization’s critical assets.

Speakers:

Todd Felker, Executive Strategist – Healthcare, CrowdStrike

The audience for this focus group is AEHIS members. If you are interested in attending, please contact Andrea Starmer at astarmer@chimecentral.org to be registered.

Privileged Access Management is a critical security pillar to protect the most powerful and targeted accounts and users within a healthcare ecosystem.
Although most healthcare organizations have begun to adopt privileged access management solutions and policies, many struggle to fully secure the breadth of privileged access with limited resources, the need to keep critical systems up and running, and deliver care.

In this session we will explore the challenges and opportunities facing healthcare security teams as they evolve their privileged security strategies, including:
1. Core Privileged Access Management strategies including credential vaulting and management and session management / auditing
2. Extending the scope of privileged security to often overlooked use cases including third party privileged access, DevOps and application to application accounts and access
3. Balancing security with the needs to provide rapid support, uptime and efficiency in delivering care
4. Managing privileged access as more applications and workloads migrate to the cloud
5. Managing vendor and technology sprawl when implementing a holistic privileged access security strategy

By engaging in this discussion, participants will contribute to a better understanding of the privileged access management landscape and help shape the development of solutions that address these challenges effectively.

Speaker:
Joel Burleson-Davis at Imprivata

Come join us for a quick 30 minute Lunch and Learn to go over what the Digital Health Most Wired Survey is and the benefits of completing the survey.  You will be able to ask questions to our DHMW team and also get the latest information on when the 2024 survey will open. 

Topic:  Reimagining the “Swot Analysis”

Date: January 19, 2024

Time: 1:00 PM – 1:30 PM EST

CEUs: 0.5

About:  CHIME innovation has identified the Strategizer ecosystem of visual tools as the most comprehensive and well-integrated set of tools for doing business strategy.

Objectives:

• Discover how to use a Strategizer self-assessment tool to conduct an alternative method of a SWOT analysis.
• Learn how to map the resulting SWOT analysis to Strategizers Business Model Canvas.
• Create a visual blueprint of your existing business, or units within your business, for strategic planning and identifying opportunities for innovation.

Speaker: John Marc Green, Director of Innovation at CHIME

Come join us for a quick 30 minutes to learn about Boot Camp and Certifications.  

Come join us for a quick 30 minutes to learn about Regional Roundups.  We will go over what a Regional Roundup is and answer any questions you may have.  

• Date: October 27, 2023

• Time: 1:00 pm – 1:30 pm EST

• Topic: Workforce and Cybersecurity Education Strategy  

About: 

• Join Kate Pierce, Sr. vCISO & Executive Director of the Subsidy Program at Fortified Health Security, for a 30-minute discussion as she shares her insights about developments and the future of cybersecurity careers in healthcare.

Objectives:

• Identify the current landscape for healthcare cybersecurity professionals

• Discuss the National Cyber Workforce and Education Strategy Career Development opportunities

• Define the steps toward building and growing cybersecurity leaders 

Speaker: 

Kate Pierce

Sr. vCISO & Executive Director of Subsidy Program

With over 21 years of experience working with small, rural, and non-profit healthcare organizations, Kate Pierce has deep insight into the persistent challenge of improving security with increasing limited resources.  During her tenure as the CIO and CISO at a Critical Access Hospital and Health Center, Kate spearheaded the creation of the organization’s security program, encompassing governance, strategic planning, and the selection and rollout of security controls.  To further the cause of cybersecurity in healthcare, Kate actively collaborates with the HSCC CWG and the 405(d) program, and consistently advocates at the federal and state levels to fortify cybersecurity within small, rural, and non-profit healthcare organizations.

Session Description:

Vulnerability and Patch Management are one of the leading systemic risks and security challenges in healthcare. The vast scope of medical devices, IoT, IoMT, and other connected devices, grows larger each year – and with it, the risks and threats. While it’s a massive undertaking, making serious investments and security changes to the medical device infrastructure is paramount. This session will discuss these pain points, successful (and unsuccessful case studies), and help leaders learn from each other on this important security issue.

Target:

All AEHIS members

Speakers:

Will Long, Chief Security Officer, First Health Advisory

AEHIS Board Member (Former Board Chair)

Date: September 15, 2023

Time: 1:00 pm – 1:30 pm EST

Topic: Creating Positive Company Culture 

The month of September has been dedicated to generating awareness surrounding great company culture and discovering possible improvement strategies through employee engagement, feeling connected, and bringing a greater sense of creativity to the workplace. Join the 30-minute conversation on September 15, 2023, at 1:00pm EST, to review and discuss strategies surrounding company culture and how to create an engaging atmosphere.

Learning Objectives:

• Discuss company culture and define your company’s own culture.
• Learn techniques that support and empower employees to provide their best work.

Speaker: 

Reid Stephan, CHCIO, HCISPP, CISSP, VP and CIO of St. Lukes Health System

Session Description:
Healthcare IT security has more on the line than any other industry – the health and well-being of people around the world. Security and operational challenges around connected medical devices, also known as the Internet of Medical Things (IoMT), are becoming more demanding. We are looking to speak to CIOs, CISOs, and other senior cybersecurity leaders within HDOs to discuss:

• • their awareness of growing problems Asimily is hearing are on the horizon for HDO security leadership
• • their perceptions of the IoMT device risks, the overall security market and existing vendors in the market,
• • the top challenges faced by HDOs and how to communicate solutions to them,
• • their organizations’ priorities and plans around IoMT device security, and
• • any experience they and their organization have already had with securing IoMT devices (or IoT)

Target:

All AEHIS members

Speakers:

Rajesh Krishnan, Head of Product Marketing, Asimily

Date: August 18, 2023

Time: 1:00pm – 1:30pm EST

Topic: Closing the Talent Gap 

In a time of high burnout and poor job satisfaction, employees continue to leave their places of employment while leaders struggle to fill their roles.  Join the 30-minute conversation to discuss lessons learned from the previous years, best practices, and how to attract and retain the right people with the right skill set.  

Learning Objectives: 

• Discuss lessons learned from the “great resignation”
• Identify best practices for hiring for retention and lasting contributions
• Understand how to attract the employees through leveraging value proposition

Speaker: Khalid Turk MBA, PMP, PMI-ACP, CHCIO, CDH-E, ITIL

Chief Healthcare Info Tech Officer

Chief Healthcare Info Tech Officer

Session Description:

This discussion will be a deep dive into the business model of Ransomware Actors and the common misconceptions that many have when it comes to proactively and reactively combatting the threat.

Target: 

All AEHIS members

Speakers:

Chris Vincent, CRO, Halcyon

Date: July 21, 2023
Time: 1:00 pm-1:30 pm EST
Topic: Leading with Humanity 

  About: 

• We invite you to join us in exploring ways to lead with empathy and compassion. By learning how to tap into your own humanity, you can positively impact and influence your team while still respecting their own humanity. We look forward to discussing various perspectives on this important topic. 

• Learning Objectives: 

• Describe the term ubuntu and the importance of assessing your own as a leader.
• Understand how to create an environment that puts humans at the forefront.      

Speaker: Keith Jones, MHA, Associate Chief Information Officer at Cone Health

Session Description:

Another day, another breach, another hospital ransomed. We hear it all the time, and so do you, if you’re in healthcare security. If you’ve implemented zero trust architectures or are thinking about it, we want to discuss the topic with the decision-makers/influencers in this field. For those looking to implement and those who have already developed a Zero Trust strategy, we’re seeking to understand the experience, priorities, obstacles, and factors that go into the decision-making process. A verify everything approach can help your organization:

• Reduce the risk of data breaches/attack by arming you with the right levels of visibility and incident management.
• Deliver functional services to users faster, without having to worry about VPNs or the cloud-access issues.
• Innovate without having to worry about locking your front door.

Target: 

All AEHIS members

Speakers:

Tamer Baker, Healthcare CTO, Zscaler

Description: Who will fill those vacant roles? Succession planning is not just about understanding what is coming but the strategic process of training individuals who will align with those roles once they are vacant.  Join us on June 16, 2023, at 1:00pm EST, to learn from top executives about succession planning strategies. 

Learning Objective: 

• Identify essential positions and highlight future vacancies. 
• Select critical competencies and skills for business continuity.  
• Focus on individual development to meet future business needs. 

Speakers:  

Liz Johnson, MS, FAAN, LCHIME, FCHIME, R-CHCIO, RN-BC, CDH-E 

Randy McCleese, FCHIME, LCHIME, CHCIO, CHISL, CDH-E 

Ed Kopetsky, LCHIME, FCHIME

• Date: May 19, 2023
• Time: 1:00 pm EST
• Topic: Building High Performance Teams

About: Developing high performance teams has been described as painful, overwhelming, and time-consuming but it doesn’t have to be.  Join the discussion on May 19, 2023, to discussing building high performance teams who remain engaged and share organizational vision and strategies.

Learning Objectives:

• Identify clear communication on organizational priorities.
• Address and manage employee engagement 
• Discuss strength based conversation strategies 

Speaker: 

Josh Jones, MAJ – CompTIA CASP, ITIL, CHCIO, CDH-E, Chief Technology Officer at Madigan Army Medical Center

Session Description:

As the use of cloud computing continues to grow, the issue of cloud security has become increasingly important. Cloud computing offers a range of potential, but it also introduces new security challenges. We’ll explore your initiatives tied to cloud, including how you’re “making the case” for cloud migration, and the strategies you’ve used to mitigate risk. If time allows, and the group is interested, we may also talk about trends and developments in cloud security, and best practices for organizations that are looking to adopt cloud computing.

Learning objectives:
– Have a better definition of “cloud” and why the term can sometimes feel vague
– Have gained shared insights and learned from others about the successes and challenges of moving to the cloud
– Better understand what to consider when developing a strategy to secure cloud infrastructure 

Speakers:

Todd Felker, Executive Healthcare Strategist, CrowdStrike

Session Description:

Is assuring your vendors’ compliance with HIPAA and other regulatory requirements being completed adequately in your organization? Third Party Risk Management (TPRM) automation and cross department collaboration between IT and Compliance is helping to solve this problem. Join us to provide insight into your pain points and what you’d most like to see in a software product to simplify and accelerate your internal and external TPRM responses, ensuring your vendors are compliant.

Target: 

All AEHIS members

Speakers:

Christopher Lyons, Director, Cyber Security, Genzeon
Derek Walker, VP of Product, Genzeon

Description: 

Recognition efforts have been proven to be one of the most effective and affordable ways to improve employee well-being, encouraging cultural transformation. Join the discussion on April 14, 2023, at 1:00 pm EST, to discuss how to recognize employees to enrich their well-being and increase engagement and commitment to stay. 

Learning Objective: 

1. Understand how employee recognition and well-being are associated. 
2. Recognize the relationship between well-being and critical business outcomes, including employee engagement and retention.
3. Identify the steps leaders should take to increase the well-being of their employees through recognition 

Speaker: 

• Yuri Campbell, FCHIME, FACHE, CHCIO, CISSP, PMP, PMI-ACP, CDH-E 
• Senior Director, Clinical Solution Delivery at WellMed Medical Management, Inc.

Session Description:

Imprivata’s Wes Wright, Chief Technology Officer and Dr. Sean Kelly, Chief Medical Officer and SVP Customer Strategy, will lead this discussion to explore how CHIME members prioritize Governance and Administration, Identity Management, Authorization, Authentication and Access, and other important strategies. Please join the conversation to share your thoughts and compare notes with executives from other hospitals and health systems.

Wes Wright, Chief Technology Officer and Dr. Sean Kelly, Chief Medical Officer and SVP Customer Strategy, Imprivata

Session Description:

With Zero Trust being implemented across the healthcare industry, we seek to discuss the topic with the decision-makers/influencers in this field. For those looking to implement and those who have already developed a Zero Trust strategy, we’re seeking to understand the experience, priorities, obstacles, and factors that go into the decision-making process.

Danny Connelly, CISO,
Americas & Public Sector (former Associate CISO, CDC), Zscaler, Inc

Session Description:

Social engineering attacks remain a favorite tactic for bad actors. Even very high-profile and sophisticated attacks begin with social engineering attacks. Why? Because the bad actors know they work. You, the organization, must be perfect and defend against these all the time; they only have to be successful once. Organizations continue to struggle to thwart these types of attacks, and many things make thwarting this a difficult task. We will explore the types of attacks and how organizations can improve their defenses.

Will Long, MIS, CHISL, CISSP, CPHIMS, Chief Security Officer, AEHIS Board Member (Former Board Chair), First Health Advisory 

Session Description:

With Zero Trust being implemented across the healthcare industry, we seek to discuss the topic with the decision-makers/influencers in this field. For those looking to implement and those who have already developed a Zero Trust strategy, we’re seeking to understand the experience, priorities, obstacles, and factors that go into the decision-making process.

Danny Connelly, CISO,
Americas & Public Sector (former Associate CISO, CDC), Zscaler, Inc

Join us on March 7, 2023, at 12:00 pm EST to learn about the Certified Digital Health (CDH) Program. 

The College of Healthcare Information Management Executives (CHIME) offers a new professional certification for all healthcare professionals looking to become certified and recognized in digital health.  This certification challenges healthcare professionals from all positions and levels of leadership experience to test their knowledge and skills in the digital health space.  Join us for this informational session and learn how CHIME can support you in your professional development.

Join us on March 7, 2023, at 4:00 pm EST to learn about the Certified Digital Health (CDH) Program. 

The College of Healthcare Information Management Executives (CHIME) offers a new professional certification for all healthcare professionals looking to become certified and recognized in digital health.  This certification challenges healthcare professionals from all positions and levels of leadership experience to test their knowledge and skills in the digital health space.  Join us for this informational session and learn how CHIME can support you in your professional development.

Cybersecurity supply chain risk management is the process of identifying and mitigating potential risks that may arise from third-party products and services within an organization’s information technology (IT) infrastructure. Given the growing dependence on information technology infrastructure to deliver care, a healthcare organization should also consider the risk to patients, employees, and the business. The goal is to manage this risk to a level acceptable to the organization.

Speakers: 

Jon Moore JD MS HCISPP

Chief Risk Officer & SVP

Clearwater

Andrew Mahler

VP, Privacy/Compliance/Managed Services
Clearwater 

Description:

In today’s environment, the role of the CIO in Healthcare is ever-changing.  Join us on February 17, 2023, at 1:00pm EST, to discuss the future role of the CIO to increase customer engagement and improve business outcomes.

Learning Objective:

Gain awareness of what’s changed in recent years and recognize critical items CIOs need to address to keep their organizations cutting edge, engage customers, and improve business outcomes.

Speaker: 

Saad Chaudhry, M.Sc., M.PM, CHCIO, CDH-E, Chief Information Officer at Luminis Health 

Traditionally, healthcare organizations have performed high-level, point-in-time risk assessments; however, this approach can be outdated and insufficient for hospitals and health systems that have rapidly changing digital environments, and where vulnerabilities and risks are changing constantly. Additionally, the traditional approach puts stress and strain on already overburdened and limited cybersecurity and IT resources.

During this session, Clearwater CEO Steve Cagle and Chief Risk Officer Jon Moore will review how ClearConfidence, Clearwater’s managed services program designed specifically for hospitals and health systems, addresses these challenges through a combination of people, processes, and technology, that are engaged in an ongoing basis. As a result, the risk analysis provides more meaningful, actionable, and current cybersecurity risk data, and risk mitigation plans are actively managed. Security leaders are confident that they know—and are appropriately responding to—key risks and they can get more accomplished with less of a burden on their internal resources.

Speakers: 

Steve Cagle MBA, HCISPP

CEO 

Jon Moore MS, JD, HCISPP

SVP, Services & Customer Success & Chief Risk Officer 

Session Description:

New Year, New Budget! One budgetary line item that can cause concern is the cost of security insurance. As premiums rise and the insurance industry changes, join Will Long, Chie Security Officer with First Health Advisory to talk more about the topic of Cybersecurity Insurance.  This AEHIS Online Focus Group will cover insurance requirements, trends, and how best to position yourself for a renewal. 

Will Long, Chief Security Officer, First Health Advisory

Description: In the world of cybersecurity, phishing is the number one threat in corporation health and is a key topic in 2022/2023.  Join the conversation on December 2, 2022, at 1:00pm EST where we discuss how to educate teams on identifying, preventing, and reporting phishing attempts. .5 CEU 

Objectives: Identify who is most at risk of falling for phishing attacks, recognize the need for cybersecurity education, discover phishing attack prevention methods 

Agenda: Opening story, examples of phishing threats, educating staff to recognize and report phishing, discover best practices to prevent phishing attempts 

Takeaway: Recognize, act, and best practices

Speaker:  Keith Duemling, CHCIO

Description:

This live AEHIS Webinar will feature First Health Advisory’s Chief Security Officer, Will Long discussing 405d HICP. The webinar will focus on 405d HICP approaches that will reduce your organization’s risk – and help to lower cybersecurity insurance rates and potential fines, as well as simplify auditing and reporting. We will also discuss the basic steps that you can take to improve your organization’s cybersecurity resilience and learn about ways to measure your organization’s performance against the 405d HICP. 

Speaker(s):

Will Long Chief Security Officer First Health

Description: This session focuses on the breakdowns and barriers in communication.  Join the conversation on November 18, 2022, at 1:00pm EST to discuss types of communication and how to ensure that communication is effective in your team. .5 CEU 

Objectives: Understand effective communication strategies, identify individual communication needs, develop communication tools and techniques to take back to your team.  

Agenda: Opening story, identify communication strategies that work, recognize communication breakdown, discover individual communication barriers and develop tools and techniques to break down the barriers. 

Takeaway:  Recognize, act, and best practices 

Speaker: Adrienne Edens, CHCIO

Session Description:

Healthcare organizations are intentionally and often unknowingly adding a range of network and internet connected devices into their networks. From MRI machines to infusion pumps, the HVAC system and even a Tesla pulling up in the parking lot.

While everyone is aware of the risks, many organizations are fragmented at best in their approach to securing these increasingly high risk assets.

Join Armis in this focus group to discuss how HDOs are approaching the converging world of identifying and securing medical devices, operational equipment and “things”. We will discuss strategies for operational responsibility, management and integration into related systems as organizations push forward with connected digital healthcare. 

Oscar Miranda Field CTO for Healthcare Armis 

James Millington Senior Director, Product Marketing Manager for Healthcare Armis

Session Description:

If you weren’t able to attend AEHIS and InfoSec World, we’ll cover off on some of the hottest issues and topics – including notes on Incident Response (“Intentional Resilience”); Third-Party Risk Management; and Global Trends in Healthcare Security. Come chat with your peers, share your ideas, and hear about solutions that others have found that might make your tough job easier.

Participants will get:

• Insights on some of the hottest topics discussed at AEHIS
• Beyond the presentations: we’ll share our notes from sidebar conversations with CISOs, CIO’s, and other security professional in attendance
• Suggestions on new ideas and best practices uncovered during the conference

Todd Felker Executive Healthcare Strategist CrowdStrike    

IT, OT and medical devices are enabling a new generation of connected care, improving outcomes and even reducing costs. But for CISOs that must ensure the security of patient information and the continuity of care, they represent an ever expanding attack surface driving board level concern. 

Attendees of this webinar will leave with insights needed to:
Identify the scope and risk of your IT, OT and medical device landscape
Get ahead of potential breaches by prioritizing high impact vulnerabilities and threats
Integrate with existing security, operations and network investments for improved visibility and ROI 

Speaker(s):

Curtis Simpson CISO Armis

Oscar Miranda Field CTO for Healthcare Armis

Description:
As it becomes harder to retain your top cybersecurity talent and to recruit for those open positions, there is an often-overlooked strategy that can support both near-term needs and long-term goals. By addressing the immediate needs of cybersecurity leaders, a co-innovation partnership model can build a foundation for a desired future state with minimal risk. This webinar will address some common forms of co-innovation partnerships and offer some best practices to help them succeed.

Objectives:

This webinar will address some common forms of co-innovation partnerships and offer some best practices to help them succeed.

Speaker: 

Greg Thomas

Description:

• Health and wellness is paramount for the success of corporations.  Join us for a 30-minute discussion on September 16, 2022, at 1:00pm EST with Ed Marx, to discuss how to identify health and wellness needs and obtain the necessary tools and resources to provide your employees when they need it most. .5 CEU

• Objectives:

• Learn the signs and symptoms of health and wellness needs
• Lean how to tailor resources according to individual
• Obtain tools and techniques to help your employees through difficult times
• Agenda:

Opening story

Identifying health and wellness needs

What’s in your toolbox

When to provide resources

Takeaway: Recognize, act, and best practices

Q&A

Speaker: 

Ed Marx, FCHIME, LCHIME, CHCIO

Jeri Koester, CHCIO 

Traditionally, healthcare organizations have performed high-level, point-in-time risk assessments; however, this approach can be outdated and insufficient for hospitals and health systems that have rapidly changing digital environments, and where vulnerabilities and risks are changing constantly. Additionally, the traditional approach puts stress and strain on already overburdened and limited cybersecurity and IT resources.

During this session, Clearwater CEO Steve Cagle and Chief Risk Officer Jon Moore will review how ClearConfidence, Clearwater’s managed services program designed specifically for hospitals and health systems, addresses these challenges through a combination of people, processes, and technology, that are engaged in an ongoing basis. As a result, the risk analysis provides more meaningful, actionable, and current cybersecurity risk data, and risk mitigation plans are actively managed. Security leaders are confident that they know—and are appropriately responding to—key risks and they can get more accomplished with less of a burden on their internal resources.

Speakers: 

Steve Cagle MBA, HCISPP

CEO 

Jon Moore MS, JD, HCISPP

SVP, Services & Customer Success & Chief Risk Officer 

Description:
In March, the Cyber Incident Reporting for Critical Infrastructure Act of 2022 was signed into law requiring covered entities that experience a cyber incident to report that incident to CISA within 72 hours. And a covered entity that pays ransom must report that payment to CISA within 24 hours. Significantly, the new reporting requirements may apply even if the cybersecurity incident does not involve the unauthorized access or acquisition of personal information.

CISA has yet to define exactly which entities will be subject to the Act’s reporting obligations, though it is widely acknowledged that healthcare, as one of the nation’s 16 critical infrastructures, and the sector responsible for the most valuable cyber asset, PHI, will be included.

Objectives:
Understand the fundamentals of the Cyber Incident Reporting for Critical Infrastructure Act

Learn about ways to measure your organization’s cyber hygiene and preparedness against the 405d HICP

Consider steps that you can take to improve cyber resilience prepare to respond and recover from an incident in record time

Speaker(s):

David Ting, Founder and CTO, with Tausight

Session Description: EVENT CANCELLED

As hospital CISO’s strive to implement more efficient and effective risk management programs they are challenged with a continuous stream of time-consuming, often redundant, and costly security and compliance program assessments that employ primarily manual processes straining their already limited team, IT resources and budgets. For many health systems and hospitals, this diminishes their time to focus on remediation and enhancements towards greater levels of program maturity and cyber resilience. Meanwhile the pressure from executive leadership and Boards is increasing to demonstrate the value and performance of the information security program amidst rising budgetary constraints, compliance mandates, ransomware and other cyber threats, not to mention the costs (and possible denial of coverage) for cyber liability insurance. Manual processes, disconnected sources of risk data, disparate PDF and Excel reports that are static in nature and unpredictable expertise from assessment firms are industry-wide challenges that affect your risk management focus and decision making.

Intraprise Health’s strategy team would like to explore some key questions with you. What are the key risk and remediation management functions and processes that can and should be automated to make your risk management and compliance program more efficient? How can automation give you and your stakeholders more time back to focus on remediation and improvements? What are the methods for creating an enterprise-wide “single pane of glass” view of risks regardless of the source or type of data? Can we achieve risk intelligence and interoperability through open, accepted standards and data normalization? How can risk automation and intelligence serve the needs of the Cybersecurity and IT teams, and better align such needs with the expectations of Board members and executive leaders?

Join us as we explore these questions and our solution strategy to get your feedback on what is needed, what is nice to have and what is not important, and how do we get there?

Speakers:

George Pappas,CEO with Intraprise Health

Vikas Khosia, CSO, with Intraprise Health

Description:

Developing a resume that tells your story can be a daunting task, but it doesn’t have to be.  Join the conversation on August 19, 2022, at 1:00pm EST with Hilary Ross to learn different resume styles, common flaws and how to get the most out of your work history utilizing powerful tools and techniques.

• Objectives:

• Discover new resume styles and resources
• Learn how to recognize potential flaws of your current resume
• Understand how to get the most out of your work history without going overboard
• Obtain tools and techniques for writing a powerful resume
• Agenda:

Opening:  Story of a non-effective resume                          

What does your resume say about you?                            

Recognize the “flaws” and learn how to correct them     

Takeaway: Recognize, act, and best practices                    

Q&A                          

Speaker: 

Hilary Ross

Session Description:

In March, the Cyber Incident Reporting for Critical Infrastructure Act of 2022 was signed into law requiring covered entities that experience a cyber incident to report that incident to CISA within 72 hours. And a covered entity that pays ransom must report that payment to CISA within 24 hours. Significantly, the new reporting requirements may apply even if the cybersecurity incident does not involve the unauthorized access or acquisition of personal information.

CISA has yet to define exactly which entities will be subject to the Act’s reporting obligations, though it is widely acknowledged that healthcare, as one of the nation’s 16 critical infrastructures, and the sector responsible for the most valuable cyber asset, PHI, will be included. 

Learning Objectives:

1. Understand the fundamentals of the Cyber Incident Reporting for Critical Infrastructure Act
2. Learn about ways to measure your organization’s cyber hygiene and preparedness against the 405d HICP
3. Consider steps that you can take to improve cyber resilience prepare to respond and recover from an incident in record time.

Speakers:

David Ting, Founder and CTO, Tausight

Description:

• It’s inevitable, change happens all the time.  The key question is how prepared are you to navigate through change?  Join us for a 30-minute discussion with Karen Wilding, CHCIO on August 5, 2022, at 1:00pm EST to learn how to utilize specific tools that apply to an array of change initiatives. .5 CEU

• Objectives:
• 
  
• Investigate your own personal change preparedness
• Understand how adaptability plays into change management principles
• Learn the skills to keep your team thriving though the change process
• Identify tools to assist your team in navigating through change

Agenda:

Opening story

Investigating change in your own organization

Leading through change

Adopting change management practices

Takeaway:  Recognize, act and best practices

Q&A

Speaker: 

Karen Wilding, CHCIO

Join us to hear Zero Trust explained, the principles of the Zero Trust Model, and how Identity protection, MDR, and CrowdStrike Retainers can ensure that you are prepared for the next apocalypse. 

At the end of this session, attendees will be able to:
– Know what “non-human” accounts are and what next steps can be taken to secure them
– What steps should be taken first before embarking on the Zero Trust Journey
– How to identify and prioritize accounts and applications to protect during the roll-out 

Speaker(s):

Todd Felker Executive Healthcare Strategist CrowdStrike 

Curtis Smiley Regional Services Manager, Healthcare – Falcon Complete CrowdStrike

Jerry Matt Specialist Sales Manager, Healthcare – Identity Protection CrowdStrike

Session Description:

An emerging threat that is challenging healthcare security teams is securing their critical building management systems, so their hospital can remain operational. This focus group will seek to uncover how you approach this problem, including your current tools, best practices, and emerging strategies.

Speakers:

Samuel Hill, Director product marketing, with Claroty

Description:

Today, there are more and more employees leaving their jobs to pursue other opportunities which leaves us in constant turmoil. Join the conversation on July 15, 2022, at 1:00pm to learn how to break down the communication hurdles and misunderstandings so you can break the cycle and coach employees back to productivity. .5 CEU

• Objectives:
• 
  
• Identify leadership effectiveness as it relates to coaching and mentoring
• Understand how to coach to get the results you desire
• Learn how to leverage employee skills
• Identify best practices to take your employees to the next level

Agenda:

Opening story

Identifying the hurdles to effectively coach

Breaking down the skills you need vs the skills you desire

Coaching best practices that produce results

Takeaway: Recognize, act, and best practices

Q&A

Speaker: Sarah Richardson 

Critical Access and Rural Hospitals have limited resources and budgets but face the same cyberthreats as much bigger organizations. In this session, audience members will learn about the NIST framework, learn how to implement it in a smaller organization, and see how to stretch dollars to maximize security. 
A panel including a CHIME CIO, Rural Hospital CIO and InfoSec Expert will discuss the current security challenges facing CAH and Rural organizations. They will discuss how they built and then iterated on security programs. The webinar will include a discussion of what to do in-house and what to outsource. 

Learning Objectives:

• How to map services/tools to NIST Framework 
• How to improve security on a tight budget  
  
• What to do in-house & what to outsource 

Speaker(s):

John Delano Vice President, Ministry and Support Services CHRISTUS Health

Johnathen Inskeep Certified DS / BIT / AABA / NSE II Healthcare Solutions Engineer Critical Insight 

Description:

With team members making the shift to a remote or hybrid models, leaders have been faced with new challenges to reimagine employee engagement.  Join us for a 30-minute session on May 20, 2022, at 1:00pm EST with Chuck Christian to learn the latest tools and techniques to ensure high levels of engagement. .5 CEU

Objectives:

Identify how employee engagement and retention go hand in
hand

Recognize engagement withdraw

Discover engagement best practices

Agenda:

Opening story

The employee engagement and retention handshake

Employee withdraw and reengagement

Discovering best practices discussion

Takeaway:  Recognize, act, and best practices

Q&A

Speaker: 

Chuck Christian, LCHIME, FCHIME, LFHIMSS, CHCIO

Session Description:

On April 12th a set of five vulnerabilities impacting Aethon TUG healthcare robots were disclosed by Cynerio. These vulnerabilities allowed researchers to remotely execute a wide range of attacks including accessing restricted areas, controlling elevators, interacting with patients, dispensing incorrect medications, and many more. This session will provide a deep dive into the findings, discuss how healthcare organizations can protect against them, and cover proactive steps to protect against similar findings in the future. We will also discuss the broader trends related to IoT adoption in healthcare and how organizations are balancing the associated risks and benefits of modern technologies.

Speakers:

Chad Holmes, Product Evangelist, with Cynerio

Description:

• Branding yourself can be difficult in nature. This interactive discussion will lead you through examples and exercises to enhance your personal brand. Join us for a 30-minute discussion on April 29, 2022, at 1:00pm EST with Michael Archuleta to learn how to develop your brand, when to use it, and how to keep it relevant. .5 CEU

Objectives:

• Discover personal brand best practices
• Learn how to capture your brand
• Understand the effects of social media
• Obtains tools and techniques to control your brand

Agenda:

Opening story

Capturing your brand

How well do you present on social media platforms?

What would Google say about you?

Takeaway: Recognize, act, and best practices

Q&A

Speaker: 

Michael Archuleta

Description:

There’s no denying that the past few years have posed some challenges for us to remain engaged and even more so in the virtual environment. Join us for a 30-minute discussion with Dr. Stephanie Lahr on March 18, 2022, at 1:00pm EST to discuss best practices for creating an engaging virtual environment that will leave your attendees wanting more.
.5 CEU

Agenda:

Opening: Opening:  Personal story                                          
Creating an engaging virtual meeting                    
Recognize the “drift off”                                          
Takeaway: Recognize, act, and best practices      
Q&A        

 Outcomes:

• 
  Discover best practices to create an engaging environment
• Learn how to recognize the “drift off” and discover methods for reengagement 
• Differentiate between a successful virtual meeting and a non-successful virtual meeting
• Obtain tools and techniques to facilitate meaningful engagement that will leave attendees wanting more
• 
  

Speaker(s):

Stephanie Lahr, MD, CHCIO

Description:

In today’s day and age, healthcare employees are increasingly reaching the point of burnout.  Join us for a short 30-minute discussion with Brad Marsh on February 18, 2022, at 1:00pm EST, on how to recognize the stages of burnout and learn tools and techniques to assist your employees with coping strategies. .5 CEU

Agenda:

Opening: Burnout story                                             
Recognize the beginning stages                               
Creating a healthy work environment                     
Takeaway: Recognize, act, and environment        
Q&A 

Outcomes:

Understand the IT Leaders role in ensuring a productive and healthy work environment.
Recognize the beginning stages of burnout.
Describe the impact burnout has on employees physical, mental, and emotional health. 
Obtain tools and techniques to assist employees with burnout

Speaker(s):

Brad Marsh, BSN, RN, CEN, CHCIO, CHISL

Join Keith Fraidenburg, Tim Stettheimer and David Finn to hear the insider scoop about the upcoming ViVE event. We’ll talk about what it is, who is presenting, what’s happening with education, entertainment and engagement, and what it all means to YOU, and how you can attend FREE!

In 2018, David Ting, the founder of Imprivata, started a company called Tausight to help healthcare provider organizations be more prepared, confident and resilient as they address pre-breach risk to data – on and off their networks. As he and Frank Nydam, former VP of Healthcare at VMWare, prepare to debut Tausight and its flagship solution, your input on our message/positioning, audience and value to the market would be extremely helpful. Please join this focus group to learn what David, Frank and their team have been up to and to share your thoughts.
 

Speaker(s):

David Ting, Founder and CEO, Tausight

Frank Nydam, Chief Development Officer, Tausight

IBTE: Telephony – A Burning Platform
Speaker:  Scott MacLean, CIO, MedStar Health
Date: January 20, 2022

IBTE: Innovations at Monument Health
Speaker: Stephanie Lahr, CIO, CMIO, Monument Health
Date: January 12, 2022

Join the CHIME Policy team for an end of the year policy wrap-up event!

Cyber attacks in healthcare affect every aspect of an organization but what’s most critical is the impact on patient safety and uninterrupted care delivery. A single cyber attack has the potential to shut down care facilities, destroy critical patient health history, and put at risk a patient’s health and identity. With the ongoing threats to healthcare providers, the Health Industry Cybersecurity Practices (HICP) was created to target these threats while ensuring uninterrupted patient care. This session will explore:



– Understanding the process and aim for using HICP across varied audiences

– Building an aware cybersecurity program by addressing the five most impactful cybersecurity threats every healthcare organization faces and the ten recommended practice areas to address those threats

– Diving into how information sharing among different cybersecurity maturity levels can be leveraged to satisfy other operational objectives

– Examining why cybersecurity should be treated as an enterprise issue and not just an IT challenge



As we cover these compliance requirements and align with governance, risk, and compliance (GRC) systems and processes, we will be looking to solidify our approach and bring the biggest value to solving these pressing needs.

Speakers: 

Chris Logan 

Censinet

Paul Russell 

Censinet

While there are numerous benefits for healthcare organizations that adopt cloud models, introducing sensitive data into the Cloud creates a range of cybersecurity risks. The risks are compounded when housing data in a multi-layered cloud environment such as Amazon Web Services (AWS). 

During this webinar, Clearwater cloud security experts will share insight on how to harden an AWS environment and keep patient data secure in the Cloud. Specific topics to be discussed include:

-Establishing a secure foundation using AWS/CIS controls and best practices

-Securing an AWS architecture based on business and applications development processes

-Learn how your organization can leverage the full power of cloud computing while minimizing the risk of a cyber incident or breach. 

Learning Objectives:

• Acquire knowledge of best practices for hardening a cloud environment such as AWS 
• Understand how to align cloud security initiatives with business and applications development processes 
  
• Gain tips for minimizing cybersecurity risks surrounding maintaining sensitive data in the Cloud 

Speaker(s):

George Jackson Jr. MBA, Ph.D., HCISPP, CISSP, PMP, CRISC Senior Principal Consultant Clearwater
Clearwater
Senior Principal Consultant 

Ravneet Singh MS Senior Principal Consultant Clearwater

Many organizations establish objectives for their cybersecurity program, yet they often lack a comprehensive cybersecurity roadmap. The lack of a clear roadmap leads to difficulties determining cybersecurity priorities and understanding where to invest limited resources. The lack of a complete cybersecurity roadmap also makes it difficult to engage in meaningful strategic conversations with other organization leaders. 
Once you have a strong roadmap defined, the use of cybersecurity metrics provides a powerful way to describe progress and achievements that can bridge understanding between business units. 
During this session, we will focus on how to establish a comprehensive cybersecurity roadmap, including how to use metrics to show progress and to drive change in your organization. 

Learning Objectives:

• Learn how to evaluate your vulnerabilities and risk tolerance to set clear priorities  
• Learn how to set a 3-year roadmap based on your cybersecurity maturity 
  
• Learn how to track cybersecurity progress and achievements using metrics 

Speakers:

John Gomez, CEO Sensato Cybersecurity Solutions

Assessing vulnerabilities and managing risks applicable to medical devices is a resource intensive activity repeated across HDO’s. Finding cybersecurity talent and scaling resources to keep pace with growing threats is expensive. Regulatory guidance encourages the formation of Information Sharing Analysis Organizations (ISAOs) and collaboration within the private sector to enhance management of individual cybersecurity vulnerabilities and risks. In this session, Medigate will explore a crowdsourced approach to assessing vulnerabilities, collaborating with medical device manufacturers, and sharing vetted risk mitigation guidance to turn cybersecurity risk management practices into a team sport where we all benefit.

Speakers: 

Pini Pinhasov

VP of Product 

Medigate

Stephan Goldberg

VP of Sales Engineering & Technology Alliances

Medigate

Healthcare organizations must regularly perform a Security Risk Assessment to maintain HIPAA compliance and fulfill their obligations to PHI security and privacy. Managing compliance can be messy and tedious – especially using spreadsheets and emails and dealing with hundreds of individual clinics and practices. Better understand how to manage security and privacy compliance across multiple locations and have confidence in knowing you are meeting HIPAA compliance requirements for 2021. Completing a HIPAA SRA allows organizations to address risks and vulnerabilities that leave them susceptible to a data breach, resulting in compromised health information. Understand: Current healthcare security landscape, common mistakes when undertaking an SRA, and triggers for performing an SRA 

Learning Objectives:

• Initiatives understand the impact federal and state regulations have upon your compliance 
• What
  to look for when adopting a framework to address cybersecurity
  
• Steps to achieving a comprehensive compliance program 

Speakers:

Vikas Khosla, Chief Security Officer, Intraprise Health

Brian Parks, SVP Security, Intraprise Health 

Join us for a webinar with the Office for Civil Rights (OCR) on the HIPAA proposed rule. In this rule OCR called for a number of policy changes including (but not limited to):

• Creating a different definition of provider than the one defined in the Information Blocking policies;
• Reducing the time you have to provide patients with access to their records;
• Enabling patients to inspect their PHI in person including allowing them to take notes, videos and photographs;
• Prohibiting covered entities from imposing “unreasonable measures” on patients exercising their right of care;
• Requiring providers who have a secure, standards-based API —such as one consistent with those required under Information Blocking policies – to be “readily producible.”
• Considering whether the burden for educating patients on the privacy and security risks of directing their data to a third party app should be required; and
• Expanding a patient’s right of access to extend to having them direct their provider to send PHI in an EHR to a designated third-party.

The awareness and need for medical device security has significantly increased in recent years. As we saw with the global pandemic, wireless medical devices played an essential part in treating patients as healthcare organizations desperately provided care outside the four walls of a hospital. Even with the advancement in technology, organizations continue to struggle keeping up with complete inventory of medical devices connected to the network and vulnerabilities associated. In this focus group, learn how automation and visibility are key in establishing complete inventory of all connected medical devices in your environment.

Speakers: 

Paul Schwartz

Director, Security Solutions

Cerner

Digital Asset Risk continues to evolve in a continuum of care that is ever more reliant on connectivity, with a surface area to protect that is essentially borderless. Comprehensive orchestration and risk management of digital assets is an enterprise-wide approach to identifying, detecting, and responding to patient safety, operations, and overall business threats posed by a surge of ransomware, malware, and collateral threats impacting healthcare. The device and data centric approach supports more secure and efficient capability and maturity as digital transformation pushes business to operate through applications in the cloud, through mobile devices, and 3rd party platforms.

Learning Objectives:

• How
  to utilize and integrate passive, active, and XDR network tools as part of your
  vulnerability management initiatives
• How to reduce risk by getting supply chain, HTM, IT, and clinical teams working together 
• How
  to leverage your CMMS/CMBD for inventory, documentation, integrating with
  applications/tools

Join
Cletis as he discusses innovative ways of using the RHIO during a Pandemic and
how Penn State Health used the RHIO and their Vaccine Management tool through
Salesforce to deliver vaccines to a large population.

Please find event location here: https://chimecentral.zoom.us/j/95410346962

Join the policy experts as we unpack what HIPAA compliance means in the era of information blocking. We will delve into questions around can you accomplish both, where are the pitfalls, and how does this all fit in with consumerism and use of third-party apps? We will walk you through the privacy-related information blocking exceptions, issues members are wrestling with, and take audience questions. An update on the status of the HIPAA rule and capitol hill activity related to privacy will also be covered. Webinar kindly sponsored by Cynergistek.



Speakers:

• Mari Savickis, VP, Public Policy, CHIME
• Andrew Tomlinson, Director, Federal Affairs, CHIME
• Marti Arvin, Executive Advisor, Cynergistek

Join Cletis as he
discusses innovative ways of using the RHIO during a Pandemic and how Penn
State Health used the RHIO and their Vaccine Management tool through Salesforce
to deliver vaccines to a large population. 

Foundation online focus group to gather CISO feedback

Foundation online focus group to gather CISO feedback

Education webinar for CISOs

Education webinar for CISOs

Education webinar for CISOs

Foundation online focus group to gather CISO feedback

Education webinar for CISOs

Foundation online focus group to gather CISO feedback

Education webinar for CISOs

Educational webinars

Educational webinars

Education webinar for CISOs

Education webinar for CISOs

Education webinar for CISOs

Education webinar for CISOs

Education webinar for CISOs

Foundation online focus group to gather CISO feedback

Educational webinars

Foundation online focus group to gather CISO feedback

Foundation webinar to gather CISO Feedback

Education webinar for CISOs

Foundation online focus group to gather CISO feedback

Foundation webinar to gather CISO Feedback

Education webinar for CISOs

Foundation Webinar to gather CISO feedback

Educational webinar for CISOs

Foundation webinar to gather CISO Feedback

Member and Foundation webinar for education of CISO

Educational webinar for CISOs

Member and foundation webinar for education of CISO

Online Educations for CISOs.

Educational webinar for CISOs

Member Orientation for new and existing AEHIS members.

Educational webinar for CISOs

Member Orientation for new and existing AEHIS members.

Educational webinar for CISOs

Educational webinar for CISOs

Member Orientation for new and existing AEHIS members.

Member Orientation for new and existing AEHIS members.

Online Educations for CISOs.

Member Orientation for new and existing AEHIS members.

Member Orientation for new and existing AEHIS members.

Educational webinar for CISOs

Member Orientation for new and existing AEHIS members.

Learn practical ways of working with artificial intelligence in order to achieve better clinical, operational, and financial outcomes.

Member Orientation for new and existing AEHIS members.

Educational Webinar

Educational webinar for CISOs

Educational Webinar for CISOs

Educational Webinar for CISOs

Member Orientation for new and existing AEHIS members.

Member Orientation for new and existing AEHIS members.

Educational webinar for CISOs

Member Orientation for new and existing AEHIS members.

This webinar will provide an overview of the two major public-private partnerships – the National Health Information Sharing and Analysis Center and the Healthcare Sector Coordinating Council.

Member Orientation for new and existing AEHIS members.

Member Orientation for new and existing AEHIS members.

Educational webinar for CISOs

Member Orientation for new and existing AEHIS members.

Educational webinar for CIOs

Member Orientation for new and existing AEHIS members.

How does your security compare with the rest of the healthcare industry? Join us for a security readiness workshop to analyze your current security posture and level of maturity.

Foundation webinar to gather CIO Feedback

Foundation webinar to gather CIO Feedback

Member Orientation for new and existing AEHIS members.

An insider’s look into an important initiative underway at the U.S. Department of Health & Human Services (HHS) that could have important implications for you and your role as a security leader.

A discussion from CHIME and AEHIS Public Policy experts surrounding the latest advocacy and activity in Washington DC.

Member Orientation for new and existing AEHIS members.

Member Orientation for new and existing AEHIS members.

Educational webinar for CSOs

Educational webinar for CSOs

Educational webinar for CISOs and CSOs

Educational Webinar

Educational webinar for members of AEHIS on the functionality and future of AEHIS Interact.

Educational webinar for CSOs

Educational webinar for CISOs and CSOs

Educational webinar for CSOs

Educational webinar for CSOs

Educational webinar for CIOs

Educational webinar for CIOs

Educational webinar for CIOs

Educational webinar for CIOs

Educational webinar for CIOs

Educational webinar for CIOs

Educational webinar for CIOs

Educational webinar for CIOs

Educational webinar for CIOs

Educational webinar for CIOs

Educational webinar for CIOs

Educational webinar for CIOs

You must be logged in to register for this webinar.

Educational webinar for CIOs

Educational webinar for CIOs

Educational webinar for CIOs

Educational webinar for CIOs

Educational webinar for CIOs

Educational webinar for CIOs

Educational webinar for CIOs

Educational webinar for CIOs

This content is available to logged-in AEHIS Members only.

If you are a member, please log in. If you are not a member, contact us to learn more.

Educational webinar for CIOs

Educational webinar for CIOs

Educational webinar for CIOs

Educational webinar for CIOs

Educational webinar for CIOs

Educational webinar for CIOs

Educational webinar for CISOs