Medtech Cybersecurity Risk Mitigation Conference

A Special Thanks to Our Sponsors

Day One Agenda
Tuesday, October 29

8:30  ZOOM SIGN-ON & VIRTUAL COFFEE

8:50   CHAIRPERSON’S OPENING REMARKS

9:00  MDM & HDO SHARED RESPONSIBILITY TO PREPARE FOR OPERATING DEVICES WITH LEGACY OPERATING SYSTEMS
• Addressing HDO concerns with legacy products
• Collaboration on continuous vulnerability monitoring
• Determining end-of-product life cycle & support cutoff
• Preparing for end-of-support of the operating system during the lifecycle of a medical device
Dr. Hans-Martin von Stockhausen, Principal Key Expert Cybersecurity
SIEMENS HEALTHINEERS

(ADD TO CALENDAR)

9:45   PANEL DISCUSSION: OUTLINING THE FDA’S FOCUS & EXPECTATIONS FOR CYBERSECURITY MEASURES INCLUDED IN PREMARKET SUBMISSIONS
• Strategies to document & describe security protocols
• Consideration of security risk management within submissions
• Lessons learned to troubleshoot submission obstacles
Matthew Cerny, INTEGRA LIFESCIENCES
Tim Hanson, ETIOMETRY
Sivaram Rajagopalan, BAXTER
Milton Yarberry, ICS

(ADD TO CALENDAR)

10:30   COFFEE & NETWORKING BREAK

11:00   INTEGRATION OF CYBERSECURITY REQUIREMENTS INTO DESIGN CONTROL
• Effective cross-functional collaboration with quality & R&D
• Proactive incorporation of security within the product design
• Threat modeling & risk assessment across development
Robert Smigielski, Manager, Product Security
B BRAUN MEDICAL

(ADD TO CALENDAR)

11:45   PANEL DISCUSSION: GENERATIVE AI CAPABILITIES IN HEALTHCARE & RAMIFICATIONS FOR CYBER PROFESSIONALS
• Examples of corporate policy governing AI use as a development tool
• Potential of increased threats from generative AI growth
• Ways to incorporate generative AI into security operations
• Expectation to learn AI skillset as a function of the cybersecurity role|
Jacob Combs, TANDEM DIABETES CARE
Ivan Pandiyan, GE HEALTHCARE
Jason Aboud, FORMERLY WITH GENENTECH

(ADD TO CALENDAR)

12:30   FIRESIDE CHAT: FDA PERSPECTIVE ON PRE & POST MARKET SECURITY OPERATIONS
• Importance of cybersecurity within premarket submissions
• Clarification of proposed amendments to premarket guidance
• Opportunity to increase patches & post launch updates
Interviewee: Jessica Wilkerson, Senior Cyber Policy Advisor, FDA
Facilitator: Robert Smigielski, Manager, Product Security
B BRAUN MEDICAL

(ADD TO CALENDAR)

1:00  VIRTUAL COFFEE & NETWORKING BREAK

1:30 SMART PATCHING: CONTEXTUAL STRATEGIES FOR EFFICIENT UPDATES
Implement updates thoughtfully and less frequently, focusing on what truly matters. Indiscriminate
patching, without a clear connection to design history and regulatory risk assessments, is
indefensible and leads to unnecessary fixes driven by vague concerns. Learn to assess exploitability
in a traceable and defensible way, prioritizing only critical issues to save time, money, and security
resources. Expand vulnerability visibility across products and releases to make informed, scalable
decisions across your entire portfolio.
Jason Sinchak, Founder & CEO
ELTON CYBER

(ADD TO CALENDAR)

2:15   PANEL DISCUSSION: DISSECTING THE DATA BREACH AT CHANGE HEALTHCARE & EXTRACTING VALUABLE LESSONS
• Timeline of ransomware attack & developments
• Analysis of the immediate & subsequent threat responses
• Application of lessons learned from internal or external incidents
• Steps to improve communication & transparency across healthcare
Brett Tucker, CARNEGIE MELLON UNIVERSITY
Ivan Pandiyan, GE HEALTHCARE
Phil Englert, HEALTH-ISAC

(ADD TO CALENDAR)

3:00 GROUP DISCUSSION: OPTIMIZING BUDGETARY RESOURCES TO DELIVER
DEPARTMENTAL OBJECTIVES
• Making critical decisions on where to invest available funds
• Appealing to the C-Suite for more departmental funding
• Security tools with largest return on investment
Brett Tucker, Technical Manager, Cyber Risk Management
SOFTWARE ENGINEERING INSTITUTE | CARNEGIE MELLON UNIVERSITY
(ADD TO CALENDAR)

3:30   CLOSING REMARKS & END OF DAY 1

Day Two Agenda
Wednesday, October 30

10:30 ZOOM SIGN-ON & VIRTUAL COFFEE

10:50 CHAIRPERSON’S OPENING REMARKS

11:00  STRENGTHENED POSTMARKET SURVEILLANCE PRACTICES TO ENCOURAGE PATCH
MANAGEMENT & SOFTWARE UPDATES
• Continuous vulnerability monitoring across product lines
• Providing adequate vulnerability disclosures within timeframe required
• Routing threat intelligence back into product security design
Perumal Poopathy, Cybersecurity Officer
SIEMENS HEALTHINEERS
(ADD TO CALENDAR)

11:45 DEEP DIVE INTO CYBERSECURITY DEVELOPMENTS WITHIN THE EUROPEAN UNION
• Interpreting EU MDR & IVDR requirements for connected devices
• Overview of the Network & Information Security Directive 2
• Enforcement actions of the EU Cybersecurity Act since 2019
• Current & future outlook of AI governance by EU regulators
• Impact of the European Health Data Space regulation
Manan Hathi, Sr. Manager, Regulatory Advocacy Digital
STRYKER
(ADD TO CALENDAR)

12:30 VIRTUAL COFFEE & NETWORKING BREAK

12:45 IMPLEMENTING A PATCH MANAGEMENT STRATEGY AFTER PRODUCT LAUNCH
• Timeline from vulnerability discovery to patch implementation
• Obstacles overcome in patch development & installation
• Steps to monitor patch for additional vulnerabilities
• Regulatory considerations for software patches in medtech
Inhel Rekik, BRACCO MEDICAL TECHNOLOGIES
Oleg Yusim, ILLUMINA
(ADD TO CALENDAR)

1:30 DATA PROTECTION & SECURE STORAGE FOR DEVICE OUTPUT
• Secure transfer & storage of data collected through devices
• New opportunities to utilize device data for secondary purposes
○ R&D & quality control
○ Postmarket surveillance
• Considerations for privacy laws & data ownership
• Impact of the European Health Data Space regulation
Soundharya Nagasubramanian, VP, Data Management , Security and Privacy
VAPOTHERM
(ADD TO CALENDAR)

2:00 CLOSING REMARKS & CONFERENCE CONCLUSION