Cyber threats are evolving as fast as medical technology. With increasing connectivity and advancing device capabilities, the risk to patients and health systems is greater than ever—and staying ahead of the curve is no longer optional.
The 2025 Cybersecurity Summit in Washington, D.C. is designed around the issues keeping you up at night. You’ll hear from hospital CISOs about what they really need, share practical strategies with cyber peers, and prepare your 2026 cyber roadmap to better protect your organization. View the preliminary agenda!
Registration is open so secure your spot today. Sign-up for event updates to stay informed.
The 2025 Program Will Explore
- Global Trade & Supply Chain Security
- Impact of tariffs, export controls, and geopolitical tensions on medical device cybersecurity
- Ensuring component integrity and managing supply chain risk
- Hospital & Clinical Environment Security
- Real-world device security challenges in healthcare delivery organizations (HDOs)
- Collaboration between manufacturers and hospitals on vulnerabilities and incident response
- FDAs Shifting Cybersecurity Regulations
- Evolving FDA expectations for secure-by-design and total product lifecycle (TPLC) approaches
- Role of SBOMs, integration with Quality System Regulations, and considerations for AI/ML
- Privacy & Cybersecurity in Connected Health
- Intersection of HIPAA and cybersecurity in connected medical devices
- Managing data breach risks and regulatory compliance
- Vulnerability Disclosure & CISA Collaboration
- Coordinated vulnerability disclosure (CVD) processes
- Public-private partnerships and resources from CISA for threat mitigation
- Vulnerability scoring in practice and building robust postmarket cybersecurity programs that scale
- End-of-Life Cybersecurity Strategies
- Managing risks of EOL/EOS devices
- Best practices for policy development, communication, and secure device retirement
Schedule*
View the preliminary 2025 agenda below to start your planning or download it here. Sign-up to receive the latest speaker and program updates.
Kick off the 2025 Cybersecurity Summit with our Welcome Reception, hosted at AdvaMed’s D.C. office November 12 at 5:30 PM. This is your opportunity to connect with fellow attendees, speakers, and cybersecurity leaders in a relaxed setting to prepare for meaningful conversations and collaboration during the Summit!
*Please note this schedule is subject to change.
| Time | Details |
|---|---|
| 8:15 am – 9:00 am | Continental Breakfast and Registration Open |
| 9:00 am – 9:05 am | Welcome Remarks Zach Rothstein, Executive Director, AdvaMedDx, AdvaMed |
| 9:05 am – 9:55 am | The Regulator’s Perspective: Navigating the FDA’s Evolving Cybersecurity Framework The U.S. Food and Drug Administration (FDA) continues to refine its medical device cybersecurity expectations, placing greater emphasis on a “secure by design” approach and a total product lifecycle (TPLC) perspective. This session will feature a senior FDA official from the Center for Devices and Radiological Health (CDRH) to discuss the latest premarket and postmarket expectations. Key topics will include the integration of cybersecurity into Quality System Regulations, the role of the Software Bill of Materials (SBOM) in transparency and vulnerability management, and the agency’s focus on emerging technologies like Artificial Intelligence (AI) and Machine Learning (ML) in medical devices. Speakers: – Justin Post, Policy Analyst (Cybersecurity), Center for Devices and Radiological Health (CDRH), FDA – Suzanne Schwartz, Office Director, Office of Strategic Partnerships and Technology Innovation, Center for Devices and Radiological Health (CDRH), FDA |
| 9:55 am – 10:45 am | The Inevitable Sunset: Strategizing for End-of-Life and End-of-Support The lifecycle of a medical device inevitably includes an end-of-life (EOL) and end-of-support (EOS) phase, which presents significant cybersecurity challenges for both manufacturers and healthcare providers. This session will provide best practices for developing and communicating clear EOL/EOS policies. It will cover how to transparently communicate timelines, manage residual risks in legacy devices, and provide guidance to customers on secure device retirement and transition, a topic of increasing focus for regulators and healthcare organizations. Speakers: – Erin Bissonnette, Sr. Principal Specialist, Division Quality, Stryker |
| 10:45 am – 11:35 am | Building a Culture of Security: Embedding Cybersecurity into the Corporate DNA Technology and policies alone are not enough to ensure robust cybersecurity. This session would focus on the “human element” of security, featuring a Chief Information Security Officer (CISO) from a leading medical device manufacturer. The discussion would cover strategies for fostering a security-conscious culture across all departments, from R&D to marketing, and the importance of executive leadership in championing cybersecurity as a core business imperative. Speaker: – Stacie Brough, IT Director, Baxter Global Product Security – Risk & Compliance, Baxter –Nidhi Luthra, CISO, Baxter |
| 11:35 am – 12:25 pm | Fireside Chat with Jessica Wilkerson, Techchnical Lead, Cybersecurity – Quality Partnering and Digital Controls Team, Roche Moderator: Chris Reed, Senior Director of Cybersecurity Policy | Global Regulatory Affairs, Medtronic Speaker: Jessica Wilkerson, Technical Lead, Cybersecurity – Quality Partnering and Digital Controls Team, Roche |
12:25 pm – 1:35 pm | Networking Lunch |
| 1:35 pm – 2:25 pm | Dimensions of Cybersecurity, Lightning Rounds Moderator: Randy Horton Speakers: TBD |
| 2:25 pm – 3:15 pm | Global Standards and Regulatory Activity Speakers: Michelle Jump, CEO, MedSec |
| 3:15 pm – 4:05 pm | ISACs, ISAOs and Industry Collaboration Speakers: – Greg Garcia, Executive Director, Health Sector Coordinating Council Cybersecurity Working Group, Health Sector Council –Zach Rothstein, Executive Director, AdvaMedDx; Staff Lead, AdvaMed Cybersecurity Working Group |
| 4:05 pm – 4:55 pm | Coordinated Defense: The Power of Vulnerability Disclosure with CISA The Cybersecurity and Infrastructure Security Agency (CISA) plays a crucial role in facilitating coordinated vulnerability disclosure (CVD) and sharing threat intelligence across critical infrastructure sectors, including healthcare. This session will discuss the importance of public-private partnerships in identifying and mitigating vulnerabilities, the process for reporting and coordinating disclosures, and the resources and support CISA provides to medical device manufacturers to enhance their cybersecurity posture. |
| 4:55 pm – 5:00 pm | Closing Remarks Zach Rothstein, Executive Director, AdvaMedDx, AdvaMed Chris Reed, Director of Cybersecurity Policy | Global Regulatory Affairs, Medtronic and Chair, AdvaMed Cybersecurity Working Group |
Pricing
AdvaMed members receive the best pricing on our signature events. Check to see if your company is a member here.
- AdvaMed® Member Companies: $1,025
- AdvaMed Accel® Member Companies: $655
- Government/ Non-Profit: $665
- Non-Members: $1,425
Location
November 12, 2025
- Join us for the pre-event Welcome Reception on Tuesday, November 12 from 5:30 PM – 6:00 PM at the AdvaMed office, 1301 Pennsylvania Ave NW, Washington, D.C. 20004.
November 13, 2025
- The Cybersecurity Summit will be held from 9:00 AM – 5:00 PM ET at Hogan Lovells, 555 13th St NW, Washington, DC 20004. Networking lunch will be provided from 12:25 PM – 1:35 PM ET.
Traveling to Washington, D.C. for the Summit? Explore nearby hotels and secure your accommodations early for the best selection and rates. While AdvaMed is not partnered with any hotel in D.C., we encourage attendees to book soon as space may fill quickly.
2025 Speakers
Randy Horton
Randy Horton is Chief Solutions Officer at Orthogonal, a software developer for Software as a Medical Device (SaMD), digital therapeutics (DTx) and connected medical device systems. Randy (and Orthogonal’s) mission is to improve patient outcomes faster by accelerating the development of of SaMD by fusing the best of modern product development and software engineering practices with deep MedTech expertise in device compliance, safety and effectivness.
Horton co-chairs for AAMI Software Management Working Group #10 and the associated Technical Inforamtion Report #115 committe working on guidance for the Appropriate Use of Public Cloud Computing in Support of Medical Device Functions.
Much of Randy’s career has been centered on working with healthcare and life sciences organizations from a digital transformation angle to tackle the problems summarized in The Quadruple Aim: Improving the individual experience of care, improving the health of populations, reducing the per capita costs of care, and improving the work life of those who deliver care.
Horton regularly speaks on SaMD and related topics at a variety of industry conferences and webinars including ones hosted by RAPS, AdvaMed, AAMI, KENx, HLTH/VIVE, the Healthcare Products Collaborative (f.k.a. Xavier Health) as well as numerous for-profit conferences. Horton has also guest lectured at Yale, Northwestern, the University of Michigan, University of Chicago and University of California – San Francisco/Berkeley.
An undergraduate of the University of Michigan who was then in the first graduating class from Michigan’s School of Information, Randy credits much of his passion for creative thinking and being a connector of people and ideas to his years as a Montessori preschool student.
Michelle Jump
Michelle Jump is the CEO at MedSec, where she is responsible for providing strategic leadership, training and advisory services to the medical device industry in the area of cybersecurity compliance, global regulations, standards, product security program development, and security risk management. Ms. Jump has a passion for bringing technology-based solutions to healthcare, actively participating in a variety of domestic and international standards, as well as relevant industry and governmental initiatives to support security within the healthcare industry. Ms. Jump holds a Master of Science in Regulatory Science from the University of Southern California and a Master of Science in Biotechnology from California State University. She is also RAC certified and a Certified HIPAA Administrator.
Justin Post
Justin Post is currently a Policy Analyst (Cybersecurity) in the Immediate Office – Digital Health within CDRH’s OPEQ. The Immediate Office – Digital Health contributes to FDA’s digital health policy and to digital health related programs and activities. It also provides leadership and support to OPEQ staff with premarket and postmarket reviews in alignment with FDA guidance documents with digital health content. As part of the Immediate Office – Digital Health, Justin is primarily focused on premarket and postmarket cybersecurity policy development and implementation across OPEQ’s Office of Health Technology (OHT) 1 through 8.
Chris Reed
An active leader supporting Medtronic’s product security programs and reports to Medtronic’s Chief Regulatory Officer. Advise product teams on cybersecurity regulatory strategy and working on key regulatory legislation/guidance/standards such as FD&C 524B. Also spent over 21 years with Eli Lilly and Company including building Lilly’s product security program supporting Digital Health including connected diabetes management products. Actively engaged as a leader in many medical device security and digital health industry initiatives such as the Healthcare Sector Coordinating Council’s Cybersecurity Working Group Executive Committee, AdvaMed Cybersecurity Working Group chair, MDIC Cybersecurity Working Group chair and various standards groups including the AAMI Device Security WG.
Suzanne Schwartz
Hear From Us
Sign up to receive emails highlighting our upcoming events, early registration savings, and engagement opportunities for the medical technology community.