The Healthcare Cybersecurity Forum at HIMSS25 in Las Vegas is set to address the increasing cyber threats facing the healthcare industry and the critical need for stronger protections. Industry leaders will come together to share insights from recent attacks and discuss strategies to enhance cybersecurity defenses.
In partnership with the Health Sector Coordinating Council, the forum will focus on the Health Industry Cybersecurity Strategic Plan 2024-2029, emphasizing the importance of shared responsibility and best practices to strengthen resilience across the sector.
The event will kick off with a session led by Chris Tyberg, chair of the HSCC Cyber Working Group, who will unveil the Health Industry Cybersecurity Strategic Plan. This roadmap aims to elevate healthcare cybersecurity from a state of critical risk to greater stability by 2029, outlining key strategies for addressing emerging threats, leveraging advanced technologies, and fostering international collaboration.
Topics of discussion will include strengthening IT infrastructure, safeguarding patient data, and ensuring operational resilience in the face of a complex threat landscape. Josh Howell, healthcare CTO at Rubrik, will highlight the critical role of cyber resilience in safeguarding patient data and ensuring uninterrupted care. While prevention and security are essential, cyber resilience focuses on strategies for rapid recovery post-attack, with a particular emphasis on the financial, legal, and reputational risks associated with cyber incidents.
Erik Decker, vice president and CISO at Intermountain Health, along with Shawn Anderson, the organization’s cybersecurity director, will discuss proactive defense strategies against healthcare cyber threats. They will delve into common infiltration tactics used by cybercriminals and explore vulnerabilities from initial access to pre-attack stages. The session will also cover established cybersecurity principles to fortify critical IT systems like Active Directory.
A roundtable discussion will center on protecting data integrity and privacy standards for secure, interoperable health data. The panel, moderated by Dr. Hannah K. Galvin, CMIO at Cambridge Health Alliance, will explore unified privacy standards to safeguard patient data integrity and promote secure health data exchange. Strategies to balance data privacy with seamless data exchange will be outlined, with a focus on advancing interoperability and enhancing patient care outcomes.
Ashley Mancuso, vice president of MedTech security at Johnson & Johnson, will host a fireside chat on securing medical devices and addressing cybersecurity challenges in healthcare. The discussion will cover strategies for mitigating risks, ensuring compliance, and strengthening resilience in medical device security.
The final session of the day will feature a discussion between Erik Decker and Nate Couture, network AVP information security and CISO at the University of Vermont Health Network, on managing major ransomware attacks. Operational challenges, critical decision points in system restoration, collaboration with law enforcement, and effective recovery strategies will be covered, along with insights into strengthening resilience and applying lessons learned to future cybersecurity threats.
The Healthcare Cybersecurity Forum at HIMSS25 promises to be a comprehensive event focused on mitigating cyber threat risks across the healthcare enterprise. Scheduled for Monday, March 3, from 8 a.m. to 4:45 p.m., attendees can expect a day filled with valuable insights and strategies to protect healthcare organizations from evolving cyber threats.
