You are here

Cybersecurity Summit

November 6, 2019
Arlington, VA

The AdvaMed Cybersecurity Summit brings together experts across the device security spectrum. Experts will provide in-depth and timely updates on the state of medical device cybersecurity, including issues related to FDA requirements and cybersecurity management practices.

Register for the Cybersecurity Summit and save 20% when you register for the Health Data Stewardship and Privacy Summit as well! You will recieve your discount code in the confirmation email after you register.

Click Here for Agenda


Download Agenda

8:00 am – 8:45 am

Registration Open and Continental Breakfast

8:45 am – 9:00 am

Welcome Remarks
Zach Rothstein, Esq., Vice President, Technology & Regulatory Affairs, AdvaMed

9:00 am – 9:30 am

Legislative Update
Fielding Greaves, Senior Director, State Government & Regional Affairs, AdvaMed

9:30 am – 10:00 am

Regulatory Update
Seth Carmody, Cybersecurity Project Manager, FDA

10:00 am – 10:45 am

International Update
Michelle Jump, Vice President of Cyber Program Initiatives, Nova Leah

This session will include discussion of final guidance documents and whitepaper reviews on Canada, Australia and France.

10:45 am – 11:15 am

Networking Break

11:15 am – 12:00 pm

Artificial Intelligence
Mike Taborn, Architect, Healthcare Sector, Intel IOT Group

With the fast adoption of AI to various applications in medical devices, it is important to revisit threat models, assets, and how best to ensure a secure system given the new threat vectors that are bound to be developed. This presentation will discuss areas to consider and some ways to address the additional characteristics involved in securing medical devices.

12:00 pm – 1:00 pm

Networking Lunch

1:00 pm – 1:45 pm

Use of Security Standards vs. Security Best Practices; What’s the difference?
Anura Fernando, Chief Innovation Architect, UL

This session will examine some key points that every organization should consider when adopting standards, guidance documents, and best practices as a foundation for their quality processes.  The discussion will be driven by a case study of the HSCC JSP and how it relates to a variety of different standards.

1:45 pm – 2:30 pm

The Different Colors of Penetration Testing
Stephanie Domas, Vice President of Research & Development, MedSec

Ever heard the term blackbox penetration test? Or white box? Or maybe even Greybox? In this presentation we'll dive into not only what these terms mean, but what they look like when executing the hands on hacking. We'll look at how giving certain pieces of information to testers affect the focuses, the layers of attack, and the type of results you'll receive.

2:30 pm – 3:30 pm

Hospital Perspectives on Medical Device Cybersecurity

  • Chris Tyberg, Division Vice President, Information Security, Abbott Medical Devices
  • Nidhi Luthra, Global Cyber Risk Officer, Abbott
  • Hussein Syed, CISO, RWJ Barnabas Health

Perspectives of hospital Chief Information Security Officers (CISO) on the challenges of managing cybersecurity risks and the impact of medical devices on the clinical environment. Discussion on current medical device security topics like Software Bill of Materials, Urgent/11 and patching and how CISOs want to work with medical device manufacturers. 

3:30 pm – 4:00 pm

Networking Break

4:00 pm – 4:45 pm

The Path of Least Resistance: Lessons Learned from Hacking Connected Medical Devices

  • Brian Barrett, Advanced Security Testing Leader, Deloitte
  • Phil Englert, Global Clinical Technology Leader, Deloitte

Default and hardcoded credentials. No encryption. Kiosk break-out. These are just a few of the security flaws that haunt connected medical devices in the healthcare system. In this presentation, Brian Barrett from Deloitte, will discuss the unofficial top 5 security flaws that he and his advanced security testing team have observed from over 50+ recent connected medical device security testing engagements.  This session will showcase the following:

  • Vendor-agnostic vulnerabilities from various medical devices,
  • Present the linkage between vulnerability remediation and certain types of FDA premarket cybersecurity guidance design controls
  • Discuss injecting raw CVSS scores with technical context based on “exploitability” in order to drive practical remediation action plans
  • Discuss some of the recent hacking trends, tools and techniques that Brian is seeing in both the MedTech as well as the Auto industry

4:45 pm – 5:15 pm

Risk Quantification Case Study
Brendan Fitzpatrick, Vice President, Cyber Risk Engineering, Axio

One of the biggest obstacles to achieving cybersecurity maturity is a language barrier; security leaders speak tech, risk managers speak insurance, the legal team speaks contracts, CFO’s speak ROI, and the C-Suite and Boards of Directors speaks duty of care and financials.  In practice, that translates to business leaders not understanding how operations can be impacted by a cyber event, money being spent in the wrong places, and a lack of coordination of critical functions. How can utilizing cyber risk quantification as part of an organization’s cybersecurity strategy serve as the great translator to help prioritize investments and make better enterprise-wide decisions?

5:15 pm – 6:15 pm

Networking Reception 



The Cybersecurity Summit will take place November 6 at the DoubleTree by Hilton Hotel Washington DC - Crystal City.

Click here to reserve your room

Room Rate: $174.00
Room Block Cutoff: Oct. 15, 2019


DoubleTree by Hilton Hotel Washington DC - Crystal City
300 Army Navy Drive
Arlington, VA  22202

Registration Fees

AdvaMed Member Registration: $995.00

Accel Member Registration: $695.00

Government and Non-Profit Registration: $695.00

Non-Member Registration: $1,295.00

Note: Early-bird pricing is available for AdvaMed Members and Non-Members. Register by October 25, 2019 for $200 off your registration!