global cyber security in healthcare pharma summit · cyber security in healthcare & pharma...

3-4 MAY 2018LONDON, UK

GLOBAL CYBER SECURITY IN HEALTHCARE & PHARMA SUMMIT

BLOCKCHAIN IN HEALTHCARE CONGRESS

www.global-engage .com

#CyberSecurityHealthSummit #BlockchainHealthCongress

WARM WELCOME

Global Engage is pleased to announce the Cyber Security in Healthcare & Pharma Summit and co-located Blockchain in Healthcare Congress, which will be taking place at the Radisson Blu Edwardian, Heathrow in London on 3-4 May 2018.

Cyber Security in Healthcare & Pharma SummitThe number of cyber-attacks in healthcare is on the rise, and the industry must do more to prevent and respond to these incidents. The Global Cyber Security in Healthcare & Pharma Summit 2018 will bring together high-level representatives from around the globe to create a cyber security roadmap for the future. Attendees will come from all areas of cyber security for the healthcare, medical devices and pharmaceutical sectors. Experts will examine the cyber security landscape in these three industries, with particular focus on strategies for protection and incident response, as well as on business/regulatory considerations. Central to the aims of this event is facilitating collaboration and cooperation amongst the diverse stakeholders that will be in attendance.

Blockchain in Healthcare CongressBlockchain is the one of the most talked about technologies of 2017. With the potential exceeding any other to revolutionise the healthcare industry, it is crucial to first understand the nature of blockchain technology, to distinguish the hype from the reality and then to see real-world case studies of how blockchain can be, and is being, applied to healthcare systems. Over two days, the congress will address some of the most achievable possibilities of integrating blockchain within healthcare. Through a mixture of practical workshops, lectures and roundtable discussions specifically designed to help you get to grips with the technology, learn from those already benefitting from blockchain systems and overcome obstacles associated with integration, the congress will help you join the future of the healthcare industry. With enhanced networking sessions, an evening social and a buzzing exhibition room the Congress is one not to be missed!

GLOBAL CYBER SECURITY IN HEALTHCARE & PHARMA SUMMIT / BLOCKCHAIN IN HEALTHCARE CONGRESS 2018

+50 Presentationsfrom expert speakers

+7 Hoursof dedicated networking time

+15 Expert-ledroundtable discussions

Free Pre-Conference WorkshopLed by the NH-ISAC

2-4-12 Congresses, 1 Registration

INDUSTRIES

• Hospital & Healthcare Systems• Medical Devices• Pharmaceuticals• Health Insurance

CYBER SECURITY IN HEALTHCARE & PHARMA SYNOPSIS

BUSINESS & REGULATORY CONSIDERATIONS

• Integrating security into corporate strategy• Policy developments• GDPR & implications post-Brexit• Increasing cooperation across groups & countries• The role of insurance in covering cyber attacks

NATURE OF THE THREAT

• Examining the cyber security landscape in these sectors• Current challenges facing each system

- Healthcare – interoperability; securing medical records; rising IT costs- Medical devices – system design; securing post-market devices; standards for manufacturers- Pharma – clinical trial data; intellectual property; insider threats

STRATEGIES & TECHNOLOGIES FOR PROTECTION

• Vulnerability management / breach monitoring & detection• Best practices – the role of end users; critical infrastructure;

improving IAM programmes• The potential for blockchain, biometrics, tokenization• Incident response – business continuity & resilience• Lessons learned from the financial industry• Case studies

DIMITRA LIVERINetworks and Information

Security Expert, ENISA - The EU Cybersecurity Agency, EU

JIM JACOBSONChief Product and Solution Security Officer, Siemens Healthineers, USA

ROBERT JAMIESONChief Information Security Officer,

Mallinckrodt Pharmaceuticals, USA

CAROLINE RIVETTCyber & Privacy Director, Life Sciences, KPMG, UK

EXPERT SPEAKERS INCLUDE:

See the full list of speakers on pages 5 & 6


Roundtable 1: Business continuity and resilience Roundtable 2: Segmentation

Roundtable 3: A search for the ultimate digital risk and risk investments dashboarding

ROUNDTABLES SESSION 2

Roundtable 1: Data security measures to take in a digital world

Roundtable 2: Developing a cyber security strategyRoundtable 3: Security and privacy implications of

blockchain in life sciences and healthcare

ROUNDTABLES SESSION 1

Roundtables are informal, small-group interactive discussions on key topics in

the field. Discussion leaders will introduce sub-topics/questions for discussion and roundtable attendees are encouraged to

participate actively in the session.

BLOCKCHAIN TECHNOLOGY, OPPORTUNITY AND CHALLENGES

• Understanding how blockchain will affect healthcare• What are the most promising application areas for blockchain

within healthcare?• Market overview and trends• Opportunities and challenges• Overcoming the hype• New business models for democratising health• Blockchain technology and start-ups – where do you get started?

DRUG SUPPLY CHAIN & TRACEABILITY

• Tackling counterfeit drugs through blockchain transparency• Blockchain in drug discovery and development• Blockchain for precision medicine and individualised care

RETHINKING CLINICAL TRIAL MANAGEMENT

• Utilising patient-generated data through “wearables” and IoT devices

• Distributing patient consent and trial results• Trial auditing and clinical safety analyses• Accelerating research/Clinical data sharing

SECURITY & ACCESS

• Cybersecurity via Data Access Management• Security doors and accessibility• Patient and provider identity• Regulation and intellectual property• Ownership and storage of data

APPLYING BLOCKCHAIN TO HEALTH SYSTEMS

• Case studies from existing blockchain systems and trials• Examining infrastructure, costs and scalability• Nationwide interoperability• Designing and executing smart contracts• Incorporating commercial blockchain solutions• Blockchain for healthcare records (EHR/EMR)• Medication prescription blockchain• Public engagement

KATHERINE MERTONHead of Johnson & Johnson

Innovation, JLABS @ NYC, USA

MELEK SOMAIFellow in eHealth & Research at

the Centre for Cryptocurrency Research & Engineering, Imperial

College London

EXPERT SPEAKERS INCLUDE:

JOHN BASS Founder & CEO, Hashed Health

DISA LEE CHOUNDirector, Head Data

Acquisition, UCB

See the full list of speakers on pages 5 & 6


BLOCKCHAIN IN HEALTHCARE SYNOPSIS

EVENT SPONSORS

Platinum Sponsors

Gold Sponsors

Other Exhibitors & Sponsors

CONFIRMED SPEAKERS

RASMUS THEEDEManaging Director, DigitalNations, Denmark

MADIS TIIKSenior Lecturer, Tallinn University of Technology, Estonia

DIMITRA LIVERINetworks and Information Security Expert, ENISA - The EU Cybersecurity Agency, EU

JANET SCOTTExecutive Director, Cybersecurity Engineering, Merck Sharp & Dohme, Czech Republic

ALAN CALDERFounder and Executive Chairman at IT Governance

MARTINE KERSAINT(Track Chair)Clinical Engineering Manager, Biomedical Clinical Engineering - I.S, The Hospital of Pennsylvania, USA

FRANCK CALCAVECCHIAInformation Security Officer, University Hospitals of Geneva, Switzerland

NEIL QUIOGUEDirector of Information Security, McKesson, Ireland

KATRE KUKLASEChief Information Security Officer, Estonian Health Insurance Fund, Estonia

ROBERT JAMIESONChief Information Security Officer, Mallinckrodt Pharmaceuticals, USA

RAM RAMADOSSVice President – Privacy, Information Security, EHR Compliance Oversight, Catholic Health Initiatives, USA

RAMÓN SERRESHead of Information Security, Quality and Risk, Almirall, Spain

IVAN SANCHEZChief Information Security Officer, Sanitas, Spain

STEVE WILLIAMSONDirector, IT Governance, Risk & Compliance, GlaxoSmithKline, UK

SHUJUN LIProfessor of Cyber Security, School of Computing Director, Interdisciplinary Research Centre in Cyber Security, University of Kent, UK

CAROLINE RIVETTCyber & Privacy Director, Life Sciences, KPMG, UK

JASON MEDEIROSSenior Vice President, Hosting, American Well, USA

JIM JACOBSONChief Product and Solution Security Officer, Siemens Healthineers, USA

STEFAN VAN GANSBEKECISO - Director Risk Security & Legal, CM-MC - Mutual health insurance, Belgium

MICHAEL MCNEILGlobal Product Security & Services Officer, Philips Healthcare, USA

WILLIAM HAGESTADSenior Principal Cyber Security Engineer, R&D, Smiths Medical, USA

DENISE ANDERSONPresident, National Health Information Sharing and Analysis Center (NH-ISAC), USA

GARVAN LYNCHSuperintendent Pharmacist, Lynch’s Pharmacy, Ireland

KATRINE VEDELSpecial Advisor, Health Innovation Centre of Southern Denmark and Manager of Colab Plug&Play, Denmark

DAVID DOWEManager, Information Security and Privacy, Trillium Health Partners, Canada

RUI GOMESIT Advisor to Administration Board, University Hospital Coimbra Centre (CHUC), Portugal

TONY CLARKEHead of Information Security, ICON Clinical Research, Ireland

STEVE ABRAHAMSONSenior Director, Product Cyber Security, GE Healthcare, USA

SENIOR REPRESENTATIVEIDBS

SIMON WILSONSenior Cyber Security Manager, Darktrace Limited

STEVE JOHNSONEMEA Information Security Manager, Orion Health

SENIOR REPRESENTATIVEGarrison Technology Limited


CYBER SECURITY SPEAKERS

CONFIRMED SPEAKERS

JIM NASRVP of Technology & Innovation, Synchrogenix, a Certara company

RAY-JADE CHENSuperintendent, Taipei Medical University Hospital, Taiwan

SEAN MOSS-PULTZCEO, Bitmark Inc.

NAVIN RAMACHANDRANSenior Lecturer, Centre for Blockchain Technologies, University College London, UK

DIMITRA PAPADOPOULOUFounder, German Blockchain for Healthcare and Research Association

ADA JONUSECo-Founder and CEO, Lympo

DISA LEE CHOUNDirector, Head Data Acquisition, UCB

AURÉLIE BAYLELegal Consultant, be-studys/University of Montpellier

KATHERINE MERTONHead of Johnson & Johnson Innovation, JLABS @ NYC, USA

SALLY EAVESCo-Founder & CMO, Project Shivom

NICLAS NILSSONHead of R&D Open Innovation, LEO Pharma A/S

STEFAN WEBERChief Operating Officer, modium.io

MELEK SOMAIFellow in eHealth & Research at the Centre for Cryptocurrency Research & Engineering, Imperial College London

JOHN BASSFounder & CEO, Hashed Health

JAAN PRIISALU (Reserved)Researcher, Tallinn University of Technology, Estonia

AJI BAROTBusiness Development Director, HealthUnlocked

NATALIE FURNESSCommunications Director, MedicalChain

MANREET NIJJARCo-founder & ID physician - Identity and Infectious Diseases, Oxford University NHS foundation Trust/NHS England Clinical Entrepreneur Fellow

ABHIMANYU VERMALead - Applied Technology Innovation, Novartis, Switzerland

PASCAL BOUQUETGlobal Head Technology and Architecture for Global Drug Development, Novartis

MARC PILKINGTONAssociate Professor of Economics, University of Burgundy Franche Comté

STUART LACKEYCEO, Solaster


BLOCKCHAIN SPEAKERS

CONGRESS SCHEDULE DAY 1 THURSDAY 3RD MAY 2018

09:00-09:35

08:00-08:50

Global Engage Welcome Address and Morning Chair’s Opening Remarks:


Registration & Refreshments

08:50-09:00

10:00-10:3009:35-10:00

RASMUS THEEDEManaging Director, DigitalNations, DenmarkCybersecurity in a connected world• The cybersecurity threats for healthcare in 2018 – myths and facts• Balancing security protection with an innovative business environment• Relieving the legislative pressure – security vs. compliance

Morning Refreshments / One-to-One Meetings10:30-11:40

GLOBAL CYBER SECURITY IN HEALTHCARE & PHARMA SUMMIT BLOCKCHAIN IN HEALTHCARE CONGRESS

08:00-08:50



08:50-09:00

09:00-09:3509:35-10:00

JIM NASRVP of Technology & Innovation, Synchrogenix, a Certara companyBlockchain for Healthcare and Pharma…one block at a time!Blockchain is relevant for healthcare and pharma. However, it’s not magic—you need to know where and how to use it, and what else to do to get material business results. Blockchain is more than just technology. It is a movement with

economic, business, cultural and technology implications. Healthcare can benefit from blockchain, but we need to separate noise from the signal—that is the aim of this talk. To show you a path through the maze of relevance and practicality. This talk will help to demystify some things and shed light on some other things possibly lost in the hype. The content is based on lessons learned conceiving and implementing blockchain at large scale for public health and later expanded for pharma use cases. What actually works, what doesn’t and where do you start for a given use case

10:00-10:30For sponsorship opportunities contact Nick Best at

Email: [email protected] Tel: +44 (0) 743 208 6048

SOLUTION PROVIDER PRESENTATION

ROBERT JAMIESONChief Information Security Officer, Mallinckrodt Pharmaceuticals, USADigital barbarians at the gate: Winning in the age of cyberWhat we are doing in cybersecurity today is not working. We are continually being exploited by criminal elements, state sponsored actors, and insiders and are unable to stop them using our current cybersecurity practice/technologies. It is time that

we rethink our current practice and shift our paradigm to win at cybersecurity. The concepts of “active defense” and “offensive countermeasures” include how we rethink everything in our digital systems. This thinking is not about technology; rather it is focused on a complete strategic paradigm shift. This presentation will cover the practical aspects of introducing active defense and offensive cyber-countermeasures into your organization with examples and key takeaways.

NAVIN RAMACHANDRANSenior Lecturer, Centre for Blockchain Technologies, University College London, UKBlockchain in Healthcare – Scalability and OwnershipDistributed Ledger Technologies (DLTs, commonly known as blockchains) have been touted as the answer to many of Healthcare’s current problems. In this talk we explore the underlying thinking behind the use of distributed ledgers, and the

problems inherent to current blockchains. We then look forward to the future of next generation DLTs and possible use cases.

SOLUTION PROVIDER PRESENTATION:SIMON WILSONSenior Cyber Security Manager, Darktrace LimitedThe shift to self-learning, self-defending networks• Leveraging machine learning and AI algorithms to defend against advanced, never-seen-before, cyber-threats

• How new immune system technologies enable you to pre-empt emerging threats and reduce incident response time

• How to achieve 100% visibility of your entire business including cloud, network and IoT environments

• Why automation and autonomous response is enabling security teams to neutralize in-progress attacks, prioritise resources, and tangibly lower risk

• Real-world examples of subtle, unknown threats that routinely bypass traditional controls

CONGRESS SCHEDULE


DAY 1 THURSDAY 3RD MAY 2018

12:05-12:30

DIMITRA LIVERINetworks and Information Security Expert, ENISA - The EU Cybersecurity Agency, EUSecurity and resilience for eHealth infrastructures and services • The NIS Directive and what it means for

healthcare organisations in terms of security measures and incident notification obligations

• ENISA's work in supporting the implementation of the NIS Directive; NIS posture in the healthcare sector and good practices

• Securing Smart Hospitals: What IoT in tomorrow's hospital mean in terms of security implications, vulnerabilities and threats and good practices to address them

12:05-12:30

DAVID DOWEManager, Information Security and Privacy, Trillium Health Partners, CanadaCombine and conquer: the benefits of a joint cyber security and privacy office in healthcare

• This session highlights the benefits organizations can experience by combining cyber security and privacy teams in a single organizational unit. Drawing on three years of combined privacy and security experience at Trillium Health Partners, a large multi-site hospital, this session demonstrates how one security office's expertise has broadened from technical expertise to a more nuanced understanding of the impact of regulations on technical requirements associated with systems sharing personal information.

• In addition, organizations benefit from the enhanced visibility into projects and initiatives which find their way to either to the privacy or security offices, and as a result, can better respond to and manage the risks these projects present.

12:05-12:30

DATA PROTECTION, EHEALTH AND INTEROPERABILITY IN HEALTHCARE & MEDICAL DEVICES BLOCKCHAIN IN HEALTHCARE CONGRESSBALANCING SECURITY & BUSINESS

11:40-12:05

11:40-12:05

11:40-12:05

SOLUTION PROVIDER PRESENTATION:RUI GOMES IT Advisor to Administration Board, University Hospital Coimbra Centre (CHUC), PortugalSecuring healthcare information – national practices

• The greatest challenges during the implementation of security initiatives and NISD in healthcare. Competencies and budget

• How can harmonisation be achieved in the Healthcare sector regarding cyber security and what should be the starting point?

• Sharing the experience to deal with the Cybersecurity threats and the strategy deployed to overcome in order to comply with the best practices in the sector

STEFAN VAN GANSBEKECISO - Director Risk Security & Legal, CM-MC - Mutual health insurance, BelgiumReinforcing your company's innovation by implementing an effective digital security strategy

• Addressing emerging digital security risks from intelligent automation - AI, machine learning, RPA, IoT, Blockchain, ...

• Developing your digital security strategy to thoroughly cover intelligent automation related risks

• Creating transparency and trust towards the board

DISA LEE CHOUNDirector, Head Data Acquisition, UCBAJI BAROTBusiness Development Director, HealthUnlocked Curlew ResearchCross-Industry collaboration evaluating how Blockchain can Transform the Pharmaceutical and Healthcare Industry, part of Emerging Trends & Technology PhUSE Workgroup• Collaborating with 17 companies across the industry • Understanding the landscape in the pharma and healthcare settings

• Exploring the areas where Blockchain could be used• Presenting two detailed use cases (a. Smart Contract:

Vendor and Site Oversight; b. Distributed Asset Ledger: Patient Data Access/Transparency) to support future development and implementation for proof of concept.

JAAN PRIISALU (Reserved)Researcher, Tallinn University of Technology, EstoniaBlockchain in Estonian E-Health

CONGRESS SCHEDULE



14:00-14:30RAY-JADE CHENSuperintendent, Taipei Medical University Hospital, TaiwanBlockchain-based personal healthcare record operating system – challenges and opportunities in Taiwan

Taipei Medical University Hospital (TMUH) and Digital Treasury Corporation (DTCO) have been jointly developing a blockchain-based personal healthcare record operating system (phrOS) since winter 2017. With phrOS, we endeavor to empower our patients by increasing data audit transparency as well as creating a seamless cross-hospital and hassle-free insurance claims experience. In a recent field test, we successfully applied blockchain technology to TMUH’s personal health management system, genomic profiles database, smart insurance claims, and patient clinical trials recruitment process. We plan to scale our platform to the entire Taipei Medical Healthcare System in the near future. In order to popularize blockchain application in Taiwan, we created the Healthcare Blockchain Alliance. Our alliance aims to not only promote blockchain, but also to follow Taiwan’s governmental policies regarding the promotion, formulation and standardization of medical data transfer protocols, data-driven medical application development, and public health campaigns.

14:00-14:30

For sponsorship opportunities contact Nick Best atEmail: [email protected]

Tel: +44 (0) 743 208 6048


DATA PROTECTION, EHEALTH AND INTEROPERABILITY IN HEALTHCARE & MEDICAL DEVICES BLOCKCHAIN IN HEALTHCARE CONGRESSRISK REDUCTION & VULNERABILITY MANAGEMENT

14:00-14:30

SOLUTION PROVIDER PRESENTATION:SENIOR REPRESENTATIVEIDBSTitle TBC

12:30-12:45

12:30-13:00

SOLUTION PROVIDER PRESENTATION:ALAN CALDERFounder and Executive Chairman at IT Governance Implementing a cyber resilient strategy

and sustaining compliance with the GDPR and NIS Directive• An overview of the current cyber security landscape; threats,

compliance standards and legislation.• The role of senior management in ensuring compliance and

cyber resilience is a strategic focus. • Implementing accountability frameworks in line with the

GDPR and NIS Directive requirements. • The role of a robust staff awareness programme in

supporting a culture of cyber resilience and compliance.• Embedding data protection by design and by default and a

holistic approach to achieving a cyber resilient posture.

12:30-13:00


Tel: +44 (0) 743 208 6048


Lunch13:00-14:00

STUART LACKEYCEO, SolasterTitle TBC

12:45-13:00

Invitation Out

CONGRESS SCHEDULE



Afternoon Refreshments / One-to-One Meetings15:20-16:10

14:55-15:20

KATRE KUKLASEChief Information Security Officer, Estonian Health Insurance Fund, EstoniaHow to secure data in a connected world• Data ownership and accountability - Examples from the Health Insurance fund: how

to secure data on a national level with different stakeholders- Law supporting cyber security- Justified access to data- Patient empowerment and personal ownership of data- Public awareness

• Preventing fraud (healthcare services, prescription drugs, medical devices) - Security by design on secure platforms- Strong digital identity- Online validation, automatic controls, on time access and verification- Transparency of data usage

• Securing healthcare in collaboration with stakeholders - Collaboration with health care providers and national agencies- Distribution of power – not all in one place- Example: pacemaker hack 29.08.2017

14:55-15:20

14:55-15:20

MADIS TIIKSenior Lecturer, Tallinn University of Technology, EstoniaeHealth in Estonia - Secure data exchange since 2009 • Estonian eHealth System is utilizing the

benefits of national ICT architecture: PKI infrastructure, secure data exchange environment x-road and clear ownership of the data. Full transparency, opt-out approach and citizens’ rights to see all logging information are some of the key-words of Estonian eHealth System.

• Benefits of the national data exchange can come only after integration of all users and acceptance by all stakeholders. This allows to build smart services for citizens and for healthcare providers.

• These developments are very good ground for more personalized medicine. Estonia has all preconditions for successful implementation of personalized medicine – Estonian Genome Bank started giving feedback to donors, we have permissive legislation and trust in society and growing interest among citizens to take more responsibilities.

14:30-14:55

DENISE ANDERSONPresident, National Health Information Sharing and Analysis Center (NH-ISAC), USACollaborative securityThis session will:• Cover the threat landscape for healthcare

• Show the importance of information sharing and the need for a focus on enterprise risk management

• Illustrate with a case study how organizations through collaboration can quickly stay on top of and mitigate threats.

14:30-14:55

14:30-14:55

SEAN MOSS-PULTZCEO, Bitmark Inc.Protecting your personal health data by turning it into digital property• Simple tools for individuals and businesses to generate value from their data.

• Create, transfer, and authenticate digital property.• Trace ownership and attribution without requiring central

authorities or intermediaries.• Case study with UC Berkeley around personal health data.

MANREET NIJJARCo-founder & ID physician - Identity and Infectious Diseases, Oxford University NHS foundation Trust/NHS England Clinical Entrepreneur FellowIdentity & Infectious Diseases: Creating

an epidemic of trust in digital healthcare using Distributed Ledger Technology A story of a personal tale and a problem to solve - highlighting the current issues in identity management in healthcare workers, interwoven with Infectious Diseases treasures and ending with DLT identity solution.

RAM RAMADOSSVice President – Privacy, Information Security, EHR Compliance Oversight, Catholic Health Initiatives, USAChallenges and opportunities in managing cyber risks

• Outline the resource, technology, awareness and financial challenges among small and medium providers to handle emerging security risks and ransomware attacks

• Explore potential opportunities to help small, medium and even large healthcare providers especially from efficient management of cyber risk program

• Call for an active participation by the board members and audit compliance committees in raising the support and investment required for cybersecurity programs

• Highlight key recommendations from the National Cybersecurity Taskforce formed by the Department of Health and Human Services



17:00-18:00

SECURITY ROUNDTABLE DISCUSSIONS SESSION 1:

Table 1: Data security measures to take in a digital worldKATRE KUKLASEChief Information Security Officer, Estonian Health Insurance Fund, Estonia

Where are we moving to with the 4 P-s? • Participatory – data given by patients over several different

devices (pacemakers, smartphones, apps, etc)• Personalized – specific and varied healthcare options due to

data provided by patient• Preventive – patients aware of their own health, making

good decisions• Predictive – technological progress that enables predictions

based on past medical history

Table 2: Developing a cyber security strategyTable 3: Security and privacy implications of blockchain in life sciences and healthcareCAROLINE RIVETTCyber Security & Privacy Director, Life Sciences, KPMG London, UK

Blockchain is often considered to be secure. But is it? Caroline will lead a round table discussion into some of the security and privacy implications of blockchain and other distributed ledger technologies.

17:00-17:30

SHUJUN LIProfessor of Cyber Security, School of Computing Director, Interdisciplinary Research Centre in Cyber Security, University of Kent, UKAddressing Cybersecurity and Cybercrime

via a co-Evolutionary aPproach to reducing human-relaTed risks: Healthcare as a use caseIn this talk, the speaker will introduce an ongoing research project funded by EPSRC (Engineering and Physical Science Research Council), which will develop a new socio-technical framework and corresponding software tools for reducing human-related risks. The framework follows a human-in-the-loop and co-evolutionary approach. He will discuss how such a framework can be applied to a healthcare use case, and how people from the health sector may collaborate with the project team.

17:00-18:00BLOCKCHAIN ROUNDTABLE DISCUSSIONS SESSION 1:

Table 1: How to conciliate Blockchain & the right to be forgotten?AURÉLIE BAYLELegal Consultant, be-studys/University of Montpellier

• Blockchain & GDPR• Can a blockchain contain personal data? (Is the public key a

personal data?) • Who’s data controller in the blockchain?

Table 2: Title TBCSIDDHI TRIVEDI

Table 3: Title TBCMARC PILKINGTONAssociate Professor of Economics, University of Burgundy Franche Comté

Table 4: Title TBCSTUART LACKEYCEO, Solaster

16:10-16:35

FRANCK CALCAVECCHIAInformation Security Officer, University Hospitals of Geneva, SwitzerlandMedical devices: safety or security?Incidents like WannaCry or NotPetya impacting hospitals’ operation shouldn’t be

a surprise. The root causes have been well known for years. However a large majority of medical equipments suppliers are still behind. This talk will focus on the challenges that hospitals have to manage that risk with regards to patient life.

TONY CLARKEHead of Information Security, ICON Clinical Research, IrelandProactive security - Cyber simulations & playbooksMany in the security industry feel that security

breaches are not a matter of 'if ' but 'when'. Cyber simulations and Cybersecurity playbooks can be effective tools to prepare for cybersecurity incidents. This session will outline how to develop a cybersecurity playbook and how to utilise simulations to test incident response processes.

IVAN SANCHEZChief Information Security Officer, Sanitas, SpainTitle TBCThis talk will provide an overview of cyber security strategy development at a large healthcare organization

16:10-16:35

DIMITRA PAPADOPOULOUFounder, German Blockchain for Healthcare and Research AssociationBlockchain for eHealth and innovative collaboration models

• The need of Real World Evidence and the role of blockchain• Social vs Patient centric approach where is the difference? What

is needed to design and develop effective ehealth solutions?• What’s now and what's next on the way of digitizing healthcare

16:10-16:35

16:35-17:00

ADA JONUSECo-Founder and CEO, LympoTitle TBCMonetising and ownership of wearable data16:35-17:00

16:35-17:00

RAMÓN SERRESHead of Information Security, Quality and Risk, Almirall, SpainLessons learnt from an information security strategy execution• Background: our company, where we come

from in terms of information security• Security strategy versus security program• Lessons learnt when tackling the regulatory framework,

funding for security, c-level involvement, program execution.



17:30-18:00

STEVE WILLIAMSONDirector, IT Governance, Risk & Compliance, GlaxoSmithKline, UKGo Agile and stay secure • Software development methodologies based on Agile are characterised by

evolving requirements and adaptive planning, which helps ensure a continuous delivery of business value through application software

• A common cause of security breaches is vulnerabilities in the application layer. Many of these are easily prevented through the use of secure software development practices and penetration testing. However, these practices were not designed with Agile development in mind

• This presentation will discuss how to embed secure development practices throughout the Agile software development lifecycle, with the aim of delivering secure software on the first and each subsequent release

Chair's Closing Remarks / End of Day 1 / Complimentary Drinks Reception - CONTACT NICK BEST ON +44 (0) 743 208 6048 FOR SPONSORSHIP OPTIONS18:00-19:00

17:00-18:00

17:00-18:00

Continued

Table 4: Incident Response

CONGRESS SCHEDULE DAY 2 FRIDAY 4TH MAY 2018

08:40-09:15

KEYNOTE ADDRESS:CAROLINE RIVETTGlobal Cyber Security Lead for Life Sciences, KPMG, UKMalware, resilience, blockchain and the GDPR: Can security enable better healthcare?Digital health technology of sensors, apps, blockchain and AI offer the promise of better health and care for chronically sick people. With our ever increasing reliance on systems, data and technologies in health and life sciences, we become more exposed to the impact of poor security, a previous lack of investment in systems and the requirements of the GDPR legislation. Drawing on her recent

experiences as a CISO and security consultant to some of the world's largest pharmaceutical companies, Caroline will explore the security risks to healthcare and life sciences companies and the potential solutions available.

08:00-08:40



08:40

GLOBAL CYBER SECURITY IN HEALTHCARE & PHARMA SUMMIT

09:15-10:05

09:15-09:40

CYBER SECURITY STRATEGY BLOCKCHAIN IN PHARMA & PRECISION MEDICINE

JANET SCOTTExecutive Director, Cybersecurity Engineering, Merck Sharp & Dohme, Czech RepublicMSD Cyber Incident and Lessons Learned • NotPetya – June 2017: How it got into our network and how it spread• How we recovered• Lessons learned

KATHERINE MERTONHead of Johnson & Johnson Innovation, JLABS @ NYC, USABlockchain start-ups and their integration into the healthcare landscape This talk will be a review of blockchain start-ups in the previous three years, examining what they need to succeed and what large corporations (such as J&J) can do to support their growth.

09:40-10:05

NATALIE FURNESSCommunications Director, MedicalChainWhere are we going now?Explore the future of personalised healthcare with Dr Albeyatti. The CEO and Co-Founder of Medicalchain will discuss the importance of patient-centric healthcare, facilitated by blockchain technology. Gain an understanding of how to improve

service efficiency, interprofessional communication and clinical outcomes by building borderless healthcare around personal health data.

10:05-10:35


Tel: +44 (0) 743 208 6048


Morning Refreshments / One-to-One Meetings10:35-11:45

CYBER SECURITY STRATEGY BLOCKCHAIN IN PHARMA & PRECISION MEDICINESECURING MEDICAL DEVICES

11:45-12:15


Tel: +44 (0) 743 208 6048

SOLUTION PROVIDER PRESENTATION 11:45-12:15


Tel: +44 (0) 743 208 6048

SOLUTION PROVIDER PRESENTATION 11:45-12:15


Tel: +44 (0) 743 208 6048


10:05-10:35

SOLUTION PROVIDER PRESENTATION:SENIOR REPRESENTATIVEGarrison Technology LimitedTitle TBC



12:40-13:05

SALLY EAVESCo-Founder & CMO, Project ShivomProject Shivom – A Blockchain-Powered Digital Genome Repository

12:15-12:40

KEYNOTE ADDRESS:JIM JACOBSONChief Product and Solution Security Officer, Siemens Healthineers, USAPractical solutions for mitigating cybersecurity challenges in connected medical devices

With the rise of sophisticated technologies and software used in connected medical devices, manufacturers are now working vigorously to implement additional safeguards to minimize cybersecurity risks. Until recently, medical device companies haven’t planned a comprehensive security program that takes into account the security of the software for the duration of the lifecycle; however, the FDA has recently encouraged medical device manufacturers to collaborate with ethical hackers, those who uncover and rectify vulnerabilities and flaws, to assist in the development and ongoing management of devices which minimize security flaws. While there is no “one size fits all” solution to device cybersecurity, industry professionals will benefit from a greater understanding of common challenges associated with connected medical devices and solutions for fixing them. This presentation will focus on the following cybersecurity related areas:• The elements of a comprehensive security program• Overcoming the hidden costs of insecure legacy devices• Implementing effective vulnerability management• Information sharing beyond regulatory expectations

12:15-13:05

SECURITY ROUNDTABLE DISCUSSIONS SESSION :

Table 1: Business Continuity & ResilienceNEIL QUIOGUEDirector of Information Security, McKesson, IrelandIn 2017, a number of global ransomware events

impacted a number of organisations resulting in hundreds of millions of dollars in costs from loss of sales to cost of remediation. With this, resiliency has become a focus area for a number of organisations. Has resilience been discussed within your organisation? What does being resilient mean to you and your organisation? Have you identified all components of your business processes including reliance on third parties? How long will your organisation be able to ship products if your manufacturing is impacted? Join us in this round table to discuss and share your experience in improving resiliency in organisations. We won't solve it in one sitting but this will hopefully spark future discussions and collaboration among our organisations.

Table 2: SegmentationJANET SCOTTExecutive Director, Cybersecurity Engineering, Merck Sharp & Dohme, Czech Republic

• What should be considered for segmentation? (network traffic, privileged accounts, data centers, etc.)

• How should they be segregated? (by region of the world, by business units, etc.)

• How much granularity makes sense?• How does your company get the greatest impact with the

least effort?

Table 3: A search for the ultimate digital risk and risk investments dashboardingSTEFAN VAN GANSBEKECISO - Director Risk Security & Legal, CM-MC - Mutual health insurance, Belgium

Why is it so difficult to create a business case for security initiatives? Let us explore and exchange good reporting and dashboarding examples that makes our cyber and digital risk management life easier.

Table 4: GDPR & the relationship between information governance & security

12:15-12:40

JOHN BASSFounder & CEO, Hashed HealthBlockchain's Promise for Speeding Drugs to Market2018 is proving to be a breakout year for blockchain-based solutions for the Life

Sciences industry. This presentation will provide a forum to discuss pharma-related use cases that are active within the Hashed Health ecosystem including:• track & trace• outcomes data collection• clinical trials• reducing the distance between pharma and the consumer• PBMs• registries• value-based / indication-based payments

12:40-13:05

WILLIAM HAGESTADSenior Principal Cyber Security Engineer, R&D, Smiths Medical, USAThe future of cyber warfare in healthcareIs your company or health service protected against cyber warfare? In an increasingly digital

environment, strong cyber defences are essential to survival. Lieutenant Colonel, USMC (Retired) Bill Hagestad will elaborate on the future of cyber warfare in healthcare and the implications for the medtech industry from a corporate and product point of view. Mr. Hagestad is an internationally recognized and respected authority on cyber warfare having published three books on the topic and currently leads the cyber & information security engineering development for Smiths-Medical. Objectives:• To elaborate on the current and future state of play of cyber

warfare in healthcare with a focus on the MedTech industry.• To give a frank assessment of the current preparedness of the

MedTech industry and how to cope with future trends.



14:15-14:40

ABHIMANYU VERMALead - Applied Technology Innovation, Novartis, SwitzerlandTitle TBC• Blockchain Use cases in Pharma• Blockchain and counterfeiting

• Healthcare Blockchain Ecosystem• Why Healthcare needs a Blockchain consortium

14:15-14:40

JASON MEDEIROSSenior Vice President, Hosting, American Well, USABuilding an efficient cyber security program in healthcareBuilding a cybersecurity program can be

complex and costly for any organization, especially companies working with sensitive healthcare information. As healthcare technology systems come under increasing threats, it is more important than ever to weave cybersecurity into your organization’s DNA - from the entry level employee to the C-Suite. This presentation will discuss how to gain insight into what threatens your organization, and how you can enlist your entire workforce to practice continuous cyber self-defense.

14:15-14:40

GARVAN LYNCHSuperintendent Pharmacist, Lynch’s Pharmacy, IrelandIntegrated security plan for medical device software: scalability and the lifecycle• Integrated security plan: key activities to

ensure scaling up operations, lifecycle coverage, successful interaction with regulators.

• Six foundations addressing design, risk management, operations, users, incident response, service enhancements, based on a detailed, ongoing regulatory review.

• Security experience from designing the system and interaction with regulators and sponsors on a novel pharmacy patient and medication monitoring service.

14:40-15:30

BLOCKCHAIN ROUNDTABLE DISCUSSIONS SESSION 2:

Table 1: Expectations and pain points – what problems can blockchain realistically solve for healthcare and how do we go about doing it

NICLAS NILSSONHead of R&D Open Innovation, LEO Pharma A/SAs with many new technologies expectations are high as blockchain promises are made broadly and generously. But how can we move from thinking what great potential blockchain holds for healthcare and pharma to actual implementation and overcoming hurdles and gaps? Looking at Healthcare from the Pharma R&D angle, we will discuss topics that will help identifying realistic pain points, hurdles to achieve solutions and real world use cases – but from both the technical blockchain as well as the healthcare use perspective.Discussion topics include:• Language barrier• Thinking big or small• The true benefits of using distributed ledgers in healthcare

and pharma• Culture of working• Applying open innovation in pharma powered by blockchain

Table 2: How do we accelerate Blockchain adoption in Healthcare?PASCAL BOUQUET Global Head Technology and Architecture for Global Drug Development, Novartis

• Blockchain healthcare promises to improve the way medicines are developed, manufactured and delivered to patients - all while

14:40-15:05

14:40-15:05

MICHAEL MCNEILGlobal Product Security & Services Officer, Philips Healthcare, USATitle TBCThis talk will focus on key security challenges facing medical device manufacturers, and developing a cyber security strategy that addresses these challenges

Lunch13:05-14:15

STEVE JOHNSONEMEA Information Security Manager, Orion HealthTake the red pill: managing the rabbit hole of healthcare threatsMedia headlines and political soundbites

regularly criticise the activities and efforts of the health and social care sector. In addition, 2017 saw the unprecedented impact of Wannacry malware and the difficulties to recover from that incident. It clearly demonstrated that security risks are realised as clinical risks to individuals in care. Against this backdrop, the health and social care sector is being disrupted to enable improvement. There is a clear drive to improve population health and avoid or reduce the need for clinical intervention through proactive health engagement and self-care of chronic conditions at home or with localised care support. Digital health and social care systems from IoT medical devices to in-hospital clinical care systems are rapidly growing in diversity and interconnected complexity to support that initiative. This presents unique challenges to manage risks and emergent threats. In this presentation we'll 'take the red pill and see how deep the rabbit hole goes', looking at the scope and scale of the challenge, some of the less well-known threats and the treatments being applied to keep our health care systems healthy.

PROGRAM STRATEGY, IMPLEMENTATION & EXECUTION BLOCKCHAIN IN HEALTHCARESECURING MEDICAL DEVICES



KATRINE VEDELSpecial Advisor, Health Innovation Centre of Southern Denmark and Manager of Colab Plug&Play, DenmarkInteroperability and infrastructure for point-of-care and mobile devices in the patients’ own home• Learn how Colab Plug&Play – a test and demonstration lab, dedicated to digital healthcare solutions and part of the innovation efforts in the Region of Southern Denmark – engages in public-private collaboration and innovation by utilizing the national infrastructure and standards for interoperability in Denmark.

• Learn how standards and infrastructure components can be used to support both innovation and cyber security at the same time.• Sounds interesting? - Find out how you can be part of it as well.

Conference Close15:55

15:30-15:55

15:30-15:55

increasing the trust between all involved parties.• If there is an increased interest across the industry to adopt

blockchain and create value, initiatives continue to be driven by a limited number of industry members and consultancies.

• An uncoordinated approach runs the risk that benefits to patients and the industry may take many years to mature and materialize, especially considering the environment’s complexity and amount of coordination required to achieve tangible outcomes.

• How do we band all together to accelerate Blockchain adoption?

Table 3: Blockchain for Pharma/Medtech LogisticsSTEFAN WEBERChief Operating Officer, modium.io• Transport in highly regulated environments

• Prescribed and monitored environmental conditions• Falsified medicines• Trust and data portability between a multitude of worldwide actors • Common practical issues and sources of (compliance)

excursions and irregularities

Table 4: Blockchain for Clinical Trials and Life SciencesMELEK SOMAIFellow in eHealth & Research at the Centre for Cryptocurrency Research & Engineering, Imperial College London

• What are the opportunities of blockchain/DLTs in Life Sciences and clinical trials?

• What are the bottlenecks (regulation, etc.) that impede blockchain in Life Sciences?

• What are the current use cases in Life Sciences?

STEVE ABRAHAMSONSenior Director, Product Cyber Security, GE Healthcare, USAThe Greatest Challenge: Post-Market Cyber Risk Management for Medical Devices Managing post-market risk in medical

devices is perhaps the most challenging aspect of medical device cyber security. Different stakeholder groups and interests intersect including patient data protection, patient safety, and device availability. Additionally, cyber security risk must be viewed within the complete context of Healthcare delivery, not as a stand-alone risk category. This presentation will explore best practices for device manufacturers and how collaboration between device manufacturers and health care providers is the key to managing risk. Areas of discussion will include:• Concepts of assessing risk within products placed on the market• Incorporating post market risk management within a cyber

security program• Regulatory considerations: integrating with the Quality

Management System• Creating a shared view of risk within Healthcare

15:05-15:30

NEIL QUIOGUEDirector of Information Security, McKesson, IrelandSo you've implemented your security programme, now what?Your organisation undertook a multi-year effort

to implement a security programme. Now that you are nearly done with the 'Build' phase, you need to move to the 'Run' phase. How ready is your organisation to do 'Run' and continuously improve upon what you have implemented in an ever-changing business environment and cybersecurity threat landscape? In this session, we will talk about some of the lessons learned as an organisation transitioning to the 'Run' phase to help ensure that the programme is sustained for years to come.

15:05-15:30

PRE-CONFERENCE WORKSHOP


WORKSHOPPre-Conference Workshop

Sponsored by:

Join us for a chance to collaborate with other healthcare providers, medical device manufacturers and biotech/pharma stakeholders in a free interactive forum.

Registration is complimentary

Potential Medical Device Agenda topics to include:• Security Testing Before Deploying Critical and High Risk Medical Devices

• IoT Tools Used by Medical Device Manufacturers and Health Systems to Scan Medical Devices• Responsibly Communicating Vulnerabilities to Health Systems

• Life Cycle Management of Connected Medical Devices• More to come….

Potential BioTech/Pharma Agenda topics to include:• Current Pharmaceutical Threat Landscape

• Cloud Security and Compliance• General Data Protection Regulation

• Distributed Trust Models – The Blockchain in Security• More to come….

CPE's may be available to attendees. You must self-certify with an organisation such as ICS2 or ISACA

See NH-ISAC’s presentation at Global Cyber Security in Healthcare and Pharma Summit May 3-4th.Register at www.global-engage.com/event/cyber-security-summit

**NOTE – Attendance Restrictions: NH-ISAC restricts attendance to its respective members, potential members, and related industry interested parties. Companies selling a product of interest are required to provide sponsorship to obtain access to the event, and members

of the media are not allowed. NH-ISAC reserves the right to cancel and/or refund any admission that does not meet our criteria.

Medical Device and Pharmaceutical Security Workshop

Wednesday May 2nd 20188:30am-4:30pm

Radisson Blu Edwardian, Heathrow, London1 Day Prior to Global Cyber Security in Healthcare & Pharma Summit

VENUE INFORMATION

Radisson Blu Edwardian Heathrow,140 Bath Road, HayesMiddlesex, UB3 5AW, England

The award-winning Radisson Blu Edwardian, Heathrow hotel feels anything but an airport hotel. The grand lobby with glass chandelier, ornate marble staircase and striking Eastern artwork all contribute to a luxury stay. Our bedrooms combine modern comfort with attractive furnishings and the latest technology. The hotel offers three fabulous dining options - Steak & Lobster, Bijou Lounge Bar and Indian restaurant, Annayu; and a tranquil spa, Pegasus.

Ideally located 10 minutes from Heathrow Airport by free public transport or the Hotel Hoppa bus, central London can also be reached in 30 minutes. With Crossrail opening in December 2019, it'll soon be even quicker and easier to reach us.


global cyber security in healthcare pharma summit · cyber security in healthcare & pharma...

Documents