Cyber threats are evolving as fast as medical technology. With increasing connectivity and advancing device capabilities, the risk to patients and health systems is greater than ever—and staying ahead of the curve is no longer optional.
The 2025 Cybersecurity Summit in Washington, D.C. is designed around the issues keeping you up at night. You’ll hear from hospital CISOs about what they really need, share practical strategies with cyber peers from global companies, and prepare your 2026 cyber roadmap to better protect your organization. View the 2025 agenda!
The 2025 Program Will Explore
- Global Trade & Supply Chain Security
- Impact of tariffs, export controls, and geopolitical tensions on medical device cybersecurity
- Ensuring component integrity and managing supply chain risk
- Hospital & Clinical Environment Security
- Real-world device security challenges in healthcare delivery organizations (HDOs)
- Collaboration between manufacturers and hospitals on vulnerabilities and incident response
- FDAs Shifting Cybersecurity Regulations
- Evolving FDA expectations for secure-by-design and total product lifecycle (TPLC) approaches
- Role of SBOMs, integration with Quality System Regulations, and considerations for AI/ML
- Privacy & Cybersecurity in Connected Health
- Intersection of HIPAA and cybersecurity in connected medical devices
- Managing data breach risks and regulatory compliance
- Vulnerability Disclosure & CISA Collaboration
- Coordinated vulnerability disclosure (CVD) processes
- Public-private partnerships and resources from CISA for threat mitigation
- Vulnerability scoring in practice and building robust postmarket cybersecurity programs that scale
- End-of-Life Cybersecurity Strategies
- Managing risks of EOL/EOS devices
- Best practices for policy development, communication, and secure device retirement
Schedule*
View the 2025 agenda below or download a copy of it. Sign-up to receive the latest speaker and program updates.
Kick off the 2025 Cybersecurity Summit with our Welcome Reception, hosted at AdvaMed’s D.C. office November 12 at 4:30 PM. This is your opportunity to connect with fellow attendees, speakers, and cybersecurity leaders in a relaxed setting to prepare for meaningful conversations and collaboration during the Summit!
*Please note this schedule is subject to change. Agenda as of 11/6/25
| Time | Details |
|---|---|
| 8:15 am – 9:00 am | Continental Breakfast and Registration Open |
| 9:00 am – 9:05 am | Welcome Remarks Zach Rothstein, Executive Director, AdvaMedDx, AdvaMed |
| 9:05 am – 9:55 am | The Regulator’s Perspective: Navigating the FDA’s Evolving Cybersecurity Framework The U.S. Food and Drug Administration (FDA) continues to refine its medical device cybersecurity expectations, placing greater emphasis on a “secure by design” approach and a total product lifecycle (TPLC) perspective. This session will feature a senior FDA official from the Center for Devices and Radiological Health (CDRH) to discuss the latest premarket and postmarket expectations. Key topics will include the integration of cybersecurity into Quality System Regulations, the role of the Software Bill of Materials (SBOM) in transparency and vulnerability management, and the agency’s focus on emerging technologies like Artificial Intelligence (AI) and Machine Learning (ML) in medical devices. Speakers: – Justin Post, Policy Analyst (Cybersecurity), Center for Devices and Radiological Health (CDRH), FDA – Linda Ricci, Deputy Director, Office of Strategic Partnerships and Technology Innovation (OST), CDRH, FDA |
| 9:55 am – 10:45 am | The Inevitable Sunset: Strategizing for End-of-Life and End-of-Support The lifecycle of a medical device inevitably includes an end-of-life (EOL) and end-of-support (EOS) phase, which presents significant cybersecurity challenges for both manufacturers and healthcare providers. This session will provide best practices for developing and communicating clear EOL/EOS policies. It will cover how to transparently communicate timelines, manage residual risks in legacy devices, and provide guidance to customers on secure device retirement and transition, a topic of increasing focus for regulators and healthcare organizations. Speaker: – Erin Bissonnette, Sr. Principal Specialist, Division Quality, Stryker |
| 10:45 am – 11:35 am | Building a Culture of Security: Embedding Cybersecurity into the Corporate DNA Technology and policies alone are not enough to ensure robust cybersecurity. This session would focus on the “human element” of security, featuring a Chief Information Security Officer (CISO) from a leading medical device manufacturer. The discussion would cover strategies for fostering a security-conscious culture across all departments, from R&D to marketing, and the importance of executive leadership in championing cybersecurity as a core business imperative. Speakers: – Stacie Brough, IT Director, Baxter Global Product Security – Risk & Compliance, Baxter –Nidhi Luthra, CISO, Baxter |
| 11:35 am – 12:25 pm | Fireside Chat with Jessica Wilkerson, Technical Lead, Cybersecurity – Quality Partnering and Digital Controls Team, Roche Moderator: Chris Reed, Senior Director of Cybersecurity Policy | Global Regulatory Affairs, Medtronic Speaker: Jessica Wilkerson, Technical Lead, Cybersecurity – Quality Partnering and Digital Controls Team, Roche |
12:25 pm – 1:35 pm | Networking Lunch |
| 1:35 pm – 2:25 pm | Lightning Talks in MedTech Cybersecurity: An Hour of Thought Provoking Ideas In this session, a series of expert speakers will each share a gold nugget insight you can take back to work and put into action. Talks include: – Cybersecurity in premarket review: reducing your regulatory attack surface – Federal policy changes + FDA personnel losses and turnover + an evolving cybersecurity threat landscape = ? – How post-market cybersecurity monitoring can become a profit center. – A folk song about passwords that Woody Guthrie would have written if he were alive today Moderator: Randy Horton, Chief Solutions Officer, Orthogonal Speakers: – Steve Silverman, President, The Silverman Group – Brendan O’Leary, Independent Consultant, All Too Wellness, LLC |
| 2:25 pm – 3:15 pm | Notable Cybersecurity Developments of 2025 This year’s review explores the rapidly evolving landscape of medical device cybersecurity, highlighting global regulatory updates, client expectations, and industry best practices. From strengthened postmarket focus to the growing specificity of regulators, the past year marked a pivotal step toward more resilient, secure connected healthcare systems. Speaker: Michelle Jump, CEO, MedSec |
| 3:15 pm – 4:05 pm | The Epidemic of Cyber Threats Against Humans and Machines: The Imperative for Shared Problem Solving As cyber threats increasingly target both people and the technologies that support care, the health sector faces an urgent call for collaboration. This session explores how the Health Sector Cyber Working Group brings providers and medical device manufacturers together to tackle complex cybersecurity challenges. The presentation will share insights on finding common ground, building consensus amid differing priorities, and advancing collective defenses. Attendees will gain a practical look at how shared problem-solving—even when perspectives diverge—can strengthen the sector’s resilience against an ever-growing cyber threat landscape. Speaker: – Greg Garcia, Executive Director, Health Sector Coordinating Council Cybersecurity Working Group, Health Sector Council |
| 4:05 pm – 4:55 pm | A View from the Front Lines: A Dialogue with Healthcare Delivery Organizations This session will feature a keynote of a prominent hospital CISO, offering invaluable perspectives on the real-world challenges of securing medical devices within a clinical environment. The discussion will cover the critical need for seamless collaboration between manufacturers and hospitals, the impact of device vulnerabilities on patient care and hospital operations, and the evolving expectations of healthcare delivery organizations (HDOs) regarding device security features, transparency, and incident response support. Speaker: – Samantha Jacques, PhD, FACHE, AAMIF, FACCE, Vice President of Clinical Engineering, McLaren Health |
| 4:55 pm – 5:00 pm | Closing Remarks Speakers: Zach Rothstein, Executive Director, AdvaMedDx, AdvaMed Chris Reed, Director of Cybersecurity Policy | Global Regulatory Affairs, Medtronic and Chair, AdvaMed Cybersecurity Working Group |
Speakers
Erin Bissonnette, Sr. Principal Specialist, Division Quality, Stryker
Erin Bissonnette brings over two decades of experience in the pharmaceutical and medical device industries, with the last 7 years dedicated to advancing product security in med devices. Most recently, Erin led a transformative initiative to remediate years of accumulated cyber debt in just 12 months. In the session “Strategizing for End of Support,” Erin will candidly share insights from that journey: expect real talk, hard-won lessons, and practical tips for anyone facing down technical debt in their own organization.
Greg Garcia, Executive Director, Health Sector Coordinating Council Cybersecurity Working Group, Health Sector Council
Greg Garcia is the Executive Director of the Health Sector Coordinating Council Cybersecurity Working Group, the government-recognized critical infrastructure industry advisory council of more than 470 healthcare providers, pharmaceutical and medtech companies, payers and health IT entities partnering with government to identify and mitigate cyber threats to health data and research, systems, manufacturing and patient care.
In 2006, Greg was appointed by President George W. Bush as the nation’s first Assistant Secretary for Cybersecurity and Communications with the U.S. Department of Homeland Security (since reorganized as the Deputy Director of the Cybersecurity and Infrastructure Security Agency). One of his signal achievements in this role was conceiving and initiating creation of the National Cyber and Communications Integration Center, the nation’s 24×7 public-private partnership for cybersecurity watch, warning, analysis and incident response.
He also served as executive director of the Financial Services Sector Coordinating Council, stood up the I.T. Sector Coordinating Council, and held senior executive positions with Bank of America, 3Com Corporation, Information Technology Association of America, and American Electronics Association, all with the responsibility of driving change in public policy and business operations to strengthen the security and resiliency of the nation’s critical infrastructures.
Greg served as a professional staff member on the Committee on Science in the U.S. House of Representatives, where he helped draft and shepherd enactment of the Cyber Security Research and Development Act of 2002.
Greg is a former member of the Information Security and Privacy Advisory Board, a government/industry committee advising the Secretaries of Commerce and Homeland Security, and the Director of OMB, on national information security and privacy policy.
Greg is a 2024 recipient of the Malcolm Baldrige Foundation Award for Leadership Excellence in Cybersecurity.
Randy Horton, Chief Solutions Officer, Orthogonal
Randy Horton is Chief Solutions Officer at Orthogonal, a software developer for Software as a Medical Device (SaMD), digital therapeutics (DTx) and connected medical device systems. Randy (and Orthogonal’s) mission is to improve patient outcomes faster by accelerating the development of of SaMD by fusing the best of modern product development and software engineering practices with deep MedTech expertise in device compliance, safety and effectivness.
Horton co-chairs for AAMI Software Management Working Group #10 and the associated Technical Inforamtion Report #115 committe working on guidance for the Appropriate Use of Public Cloud Computing in Support of Medical Device Functions.
Much of Randy’s career has been centered on working with healthcare and life sciences organizations from a digital transformation angle to tackle the problems summarized in The Quadruple Aim: Improving the individual experience of care, improving the health of populations, reducing the per capita costs of care, and improving the work life of those who deliver care.
Horton regularly speaks on SaMD and related topics at a variety of industry conferences and webinars including ones hosted by RAPS, AdvaMed, AAMI, KENx, HLTH/VIVE, the Healthcare Products Collaborative (f.k.a. Xavier Health) as well as numerous for-profit conferences. Horton has also guest lectured at Yale, Northwestern, the University of Michigan, University of Chicago and University of California – San Francisco/Berkeley.
An undergraduate of the University of Michigan who was then in the first graduating class from Michigan’s School of Information, Randy credits much of his passion for creative thinking and being a connector of people and ideas to his years as a Montessori preschool student.
Samantha Jacques, Vice President of Clinical Engineering, McLaren Health
Samantha Jacques, PhD, FACHE, AAMIF, FACCE is the Vice President of Clinical Engineering at McLaren Health. She manages medical technology throughout the McLaren system including 13 hospitals, ambulatory surgery centers, imaging centers, and Michigan’s largest network of cancer centers. Prior to McLaren, she was Director of Clinical Engineering at Penn State Health and Texas Children’s Hospital. She is also Vice Chair of the Health Sector Coordinating Council – Cybersecurity where she advises the US Government on behalf of the health sector. She has previously sat on the Boards of healthcare associations including AAMI and ACCE. She has also published a book titled “Introduction to Clinical Engineering” and adjunct teaches in the field of cybersecurity.
She has a BS in Biomedical Engineering from Milwaukee School of Engineering and a PhD in Biomedical Engineering from Louisiana Tech University.
Michelle Jump, CEO, MedSec
Michelle Jump is the CEO at MedSec, where she is responsible for providing strategic leadership, training and advisory services to the medical device industry in the area of cybersecurity compliance, global regulations, standards, product security program development, and security risk management. Ms. Jump has a passion for bringing technology-based solutions to healthcare, actively participating in a variety of domestic and international standards, as well as relevant industry and governmental initiatives to support security within the healthcare industry. Ms. Jump holds a Master of Science in Regulatory Science from the University of Southern California and a Master of Science in Biotechnology from California State University. She is also RAC certified and a Certified HIPAA Administrator.
Brendan O’Leary, Independent Consultant, All Too Wellness, LLC
Brendan O’Leary advises technology developers, healthcare organizations, trade and professional associations, and others on digital health and medical technology development, evaluation, and regulation.
Brendan worked at the FDA for 14 years in a variety of roles focused on medical devices, diagnostics, and digital health. Most recently, he served as the founding Deputy Director of the FDA’s Digital Health Center of Excellence. Throughout his career at the FDA, Brendan contributed to hundreds of precedent-setting decisions and co-authored dozens of policies that continue to provide the foundation for the FDA’s digital health efforts. He frequently represented the FDA on digital health and other topics at conferences and professional society meetings, in press interviews, and in interactions with Congress. Brendan also made significant contributions to the federal government’s response to SARS-CoV-2.
Early in his career, Brendan designed and developed tools that were used by NASA astronauts to repair the Hubble Space Telescope. He has a B.S. in Mechanical Engineering from the University of Maryland, College Park.
Justin Post, Policy Analyst (Cybersecurity), Center for Devices and Radiological Health (CDRH), FDA
Justin Post is currently a Policy Analyst (Cybersecurity) in the Immediate Office – Digital Health within CDRH’s OPEQ. The Immediate Office – Digital Health contributes to FDA’s digital health policy and to digital health related programs and activities. It also provides leadership and support to OPEQ staff with premarket and postmarket reviews in alignment with FDA guidance documents with digital health content. As part of the Immediate Office – Digital Health, Justin is primarily focused on premarket and postmarket cybersecurity policy development and implementation across OPEQ’s Office of Health Technology (OHT) 1 through 8.
Chris Reed, Senior Director of Cybersecurity Policy, Global Regulatory Affairs, Medtronic
An active leader supporting Medtronic’s product security programs and reports to Medtronic’s Chief Regulatory Officer. Advise product teams on cybersecurity regulatory strategy and working on key regulatory legislation/guidance/standards such as FD&C 524B. Also spent over 21 years with Eli Lilly and Company including building Lilly’s product security program supporting Digital Health including connected diabetes management products. Actively engaged as a leader in many medical device security and digital health industry initiatives such as the Healthcare Sector Coordinating Council’s Cybersecurity Working Group Executive Committee, AdvaMed Cybersecurity Working Group chair, MDIC Cybersecurity Working Group chair and various standards groups including the AAMI Device Security WG.
Linda Ricci, Deputy Director, Office of Strategic Partnerships and Technology Innovation (OST), CDRH, FDA
Linda Ricci began her career developing artificial intelligence solutions in the defense industry before moving to the medical device industry as a software engineer. She helped to develop several diagnostic cardiology devices and has participated in all phases of product life cycle development. Ms. Ricci has held several roles since joining the FDA in 2005 across the product lifecycle and currently is the Deputy Director for the Office of Strategic Partnerships and Technology Innovation (OST). During her time at FDA, she has led activities in several critical areas for the center including cybersecurity, digital health, and emergency response. She has degrees in Electrical Engineering, Medical Engineering, and Public Health.
Zach Rothstein, Executive Director, AdvaMedDx®
Zach Rothstein is Executive Director for AdvaMedDx®. In this role, Zach directs the policy, advocacy, communications, regulatory, payment and legislative strategy and operations of the association, which represents manufacturers of in vitro diagnostic (IVD) clinical tests in the U.S. and abroad. Prior to this position, Zach was AdvaMed®’s Senior Vice President for Technology and Regulatory Affairs where he led the association’s efforts on digital health, software, cybersecurity and postmarket policy matters. Rothstein also participated in all aspects of the MDUFA V negotiation process, and served as AdvaMed®’s lead coordinator for its COVID-19 Action team. Zach is also a member of the World Health Organization’s Digital Health Technical Advisory Group’s Roster of Experts.
Steve Silverman, President, The Silverman Group
Steve Silverman is the President of The Silverman Group, a consultancy that serves medical product companies on regulatory, strategy, and policy issues. Steve also provides regulatory guidance to MedTech investors. In addition, Steve serves as an expert witness on medical product regulatory matters.
Before this, Steve worked as Vice President, Technology and Regulatory Affairs, with AdvaMed, the leading medical-device trade association. Steve focused there on product quality and compliance, pre-market approval, and device advertising and promotion. Adding to this, Steve was a Senior Expert with McKinsey & Co., where he counseled pharmaceutical, medical device, and other clients on regulatory strategies, product compliance and quality, and stakeholder communication.
Steve’s professional experience includes nearly two decades in federal service, with extensive time in senior FDA roles. At FDA, Steve directed the CDRH Office of Compliance, where he led device-quality initiatives, engaged Congress and the press, and guided the office’s reorganization. Steve’s FDA roles include Assistant Director, CDER Office of Compliance, where he oversaw implementation of drug regulations, policy, and public communications about prescription and over the counter drugs. Steve began his FDA work as an Associate Chief Counsel, where he led enforcement actions against drug and medical device companies. Steve’s past work includes positions with the US Department of Justice and the Federal Trade Commission.
Jessica Wilkerson, Technical Lead, Cybersecurity – Quality Partnering and Digital Controls Team, Roche
Jessica Wilkerson is a medical device cybersecurity policy expert, coming to Roche after spending over five years at the FDA as a Senior Cyber Policy Advisor and the Medical Device Cybersecurity Team Lead. At FDA, she helped draft the 2025 Premarket Cybersecurity Guidance and implement FDA’s new explicit medical device cybersecurity regulatory authorities, known as Section 524B, as well as respond to numerous medical device cybersecurity vulnerabilities and incidents. Prior to FDA, she spent five years as a staffer with the Energy and Commerce Committee in the US Congress, where she advised congressional members on complex cybersecurity topics, and investigated cybersecurity issues in the health, energy, telecommunications, and other critical infrastructure sectors. She has a JD from the Catholic University of America’s Columbus School of Law, and a BA in Policy Studies from Syracuse University, as well as minors in Computer Science and Mathematics.
Pricing
AdvaMed members receive the best pricing on our signature events. Check to see if your company is a member here.
Virtual Rates
- AdvaMed® Member Companies: $1,025
- AdvaMed Accel® Member Companies: $655
- Government/ Non-Profit: $665
- Non-Members: $1,425
In-Person Rates
- AdvaMed® Member Companies: $1,025
- AdvaMed Accel® Member Companies: $655
- Government/ Non-Profit: $665
- Non-Members: $1,425
Have questions? Contact us to get support.
Location
The official Summit is a hybrid event so attendees can choose to join us virtually or in-person.
November 12, 2025
- Join us for the pre-event Welcome Reception on Wednesday, November 12 from 4:30 PM – 5:30 PM at the AdvaMed office, 1301 Pennsylvania Ave NW, Washington, D.C. 20004.
November 13, 2025
- The Cybersecurity Summit will be held from 9:00 AM – 5:00 PM ET at Hogan Lovells, 555 13th St NW, Washington, DC 20004. Networking lunch will be provided from 12:25 PM – 1:35 PM ET.
Hear From Us
Sign up to receive emails highlighting our upcoming events, early registration savings, and engagement opportunities for the medical technology community.