Events

AdvaMed® Cybersecurity Summit

November 10, 2026
9:00 AM – 6:30 PM

Capitol Building with blue sky from side view, Washington DC

Navigate evolving threats and requirements impacting medtech cybersecurity to protect your organization.

AdvaMed® Cybersecurity Summit

November 10, 2026
9:00 AM – 6:30 PM

  1. Overview
  2. 2026 Agenda
  3. 2026 Speakers
  4. Registration & Location

AdvaMed® Cybersecurity Summit

November 10, 2026
9:00 AM – 6:30 PM

As health care systems become more connected, medtech leaders are navigating increasingly complex risks that demand practical strategy, cross-functional coordination, and quick execution. The AdvaMed® Cybersecurity Summit, November 10 in Washington, D.C., is designed for cybersecurity professionals navigating these critical issues. AdvaMed’s interactive program moves beyond foundational concepts to focus on how cybersecurity is operationalized in practice—where risk, regulation, and rapidly evolving threats converge.

Throughout the Summit, attendees will hear from experts across industry and government, offering critical perspectives on emerging threats and real-challenges shaping medtech. Close out your Summit experience with our high-impact networking reception designed to create candid conversations and meaningful connections that extend beyond the event.

Register now to begin preparing your cybersecurity roadmap to better protect your organization. Join the interest list to receive program updates.

The 2025 Summit Covered

  • Cross-sector collaboration models for addressing shared cyber threats
  • Evolving FDA cybersecurity framework, including considerations for AI/ML-enabled medical devices
  • Medical device end-of-life and end-of-support cybersecurity planning and risk management
  • Building a culture of security across organizations, emphasizing executive leadership, cross-functional accountability, and embedding cybersecurity into product development and business operations
  • Global regulatory developments shaping cybersecurity policy
  • Frontline perspectives from health care delivery organizations on device security, operational impact, and incident response expectations

Why Attend

AdvaMed’s Cybersecurity Summit is designed for experienced cybersecurity professionals looking to move beyond theory and into real-world application. The 2026 program will deliver practical insights into today’s most complex and evolving challenges, with a focus on how cybersecurity strategies are implemented, operationalized, and sustained in practice across health care and medtech environments.

Attendees will Gain
  • Insights into emerging cyber threats and regulatory updates
  • Strategies to strengthen cybersecurity programs across their products lifecycle

Who Should Attend

This program is designed for cybersecurity leaders across responsible for shaping and executing cyber strategy, including:

  • Medtech cybersecurity experts
  • Engineers, security professionals, and IT leaders in medtech
  • Risk management leaders
  • Chief Information Security Officers

2026 Agenda

Built around the issues shaping today’s cyber landscape, the 2026 agenda delivers timely discussions on evolving threats, regulatory developments, product security, incident response, and public-private collaboration. Explore the sessions below to see what’s in store at this year’s Summit.

Agenda as of 7/9/2026

Start TimeTopic/Details
All Sessions Will Be Interactive Throughout
8:15 am – 9:00 am Continental Breakfast and Registration Open  
9:00 am – 9:05 am  Welcome Remarks  
9:05 am – 10:05 am From the FDA – Premarket Cybersecurity Expectations and Submission Deficiencies 

FDA leaders share perspectives directly with medical device manufacturers on the state of cybersecurity in premarket submissions. This session provides an open forum for FDA to highlight current areas of focus, common submission deficiencies, and emerging expectations, with time reserved for Q&A.
10:10 am – 11:10 am   Submission Stories – How Manufacturers Are Navigating the New Premarket Cybersecurity Landscape 

The premarket cybersecurity landscape has shifted in recent years, and manufacturers are navigating those changes in real time. This panel brings together industry representatives to share experiences, good and bad, with the submission process. Panelists will offer accounts of how regulatory expectations are playing out in practice. The result is a session built around the ongoing submission friction points MDMs experience.  

Speakers:  
– Michelle Jump, CEOMedSec 
Dan Lyon, Global Director of Product Security, Boston Scientific 
– Dewey Phan, Director of Cybersecurity Quality Assurance, Olympus
11:15 am – 12:15 pm  False Claims, Real Consequences – Cybersecurity Liability and the Civil Cyber-Fraud Initiative 

An emerging legal theory is gaining traction in regulatory and enforcement circles: medical device manufacturers may face exposure under the False Claims Act where they make false or misleading cybersecurity-related representations (whether in regulatory submissions, government contracts, or certifications) and subsequently seek or cause federal reimbursement for devices with material cybersecurity deficiencies. This session examines the legal framework behind that theory, recent enforcement actions, what the DOJ’s Civil Cyber-Fraud Initiative posture suggests about where liability risk is heading, and how cybersecurity teams can engage with legal to mitigate risk.  

Speakers:  
– Kennedy Luvai, Senior Data & Privacy Counsel, bioMérieux
– Jessica Wilkerson, Technical Lead, Cybersecurity – Quality Partnering and Digital Controls Team, Roche 
 
12:15 pm – 1:25 pm  
 
Networking Lunch   
1:30 pm – 2:30 pm  After a Breach – Incident Response, Public Disclosure, and Multi-Party Coordination 

Ransomware gangs and hacktivist groups have demonstrated both the capability and willingness to target healthcare infrastructure, and recent incidents show a manufacturer’s response is only part of the problem. The harder challenge is what follows: providing credible, trusted assurance to patients, hospital customers, and regulators. This session walks through a representative intrusion scenario across a manufacturer’s network and installed device base, including notification decisions, coordination with CISA and law enforcement, public disclosure under pressure, and multi-party vulnerability coordination involving shared components.

Speakers:  
Erin Bissonnette,  Sr. Principal Specialist, Division Quality, Stryker  
Chris Reed, Senior Director of Cybersecurity Policy, Global Regulatory Affairs, Medtronic  
2:35 pm – 3:35 pm  One Product, Many Markets – Navigating EU and APAC Cybersecurity Challenges 

U.S.-based manufacturers navigating global markets face cybersecurity regulatory requirements that diverge from FDA expectations. This session examines the EU framework (including the Cyber Resilience Act and NIS2 Directive alongside EU MDR) and key Asia Pacific jurisdictions, comparing agency priorities, identifying where requirements conflict or align, and highlighting emerging developments including the IMDRF cybersecurity work item led by Singapore’s Health Sciences Authority. Speakers will address common pitfalls and practical strategies for achieving global compliance without duplicative controls.  

Speaker:
Chris Reed,  Senior Director of Cybersecurity Policy, Global Regulatory Affairs, Medtronic 
3:40 pm – 4:40 pm   The Clinical Side – How Health Systems Manage Medical Device Cybersecurity 

Health systems are managing legacy devices, compressed patching cycles, and procurement decisions increasingly shaped by cybersecurity posture with finite staff and competing clinical priorities. This panel of HDO representatives examines the operational reality behind the receiving end of the manufacturer-HDO relationship: how health systems process and act on security alerts and advisories, how cybersecurity factors into procurement decisions, how OTA updates are evaluated and managed at scale, and where SBOM ingestion stands in practice.  
4:40 pm – 4:45 pm  Closing Remarks   
4:45 pm – 6:30 pm  Networking Reception 

Speakers

The AdvaMed® Cybersecurity Summit features an exceptional lineup of cybersecurity leaders from across industry, government, and health care. Explore the 2026 speakers below and learn from the experts driving the future of medtech cybersecurity.

Erin Bissonnette, Sr. Principal Specialist, Division Quality, Stryker

Erin Bissonnette brings over two decades of experience in the pharmaceutical and medical device industries, with the last 7 years dedicated to advancing product security in med devices. Most recently, Erin led a transformative initiative to remediate years of accumulated cyber debt in just 12 months. In the session “Strategizing for End of Support,” Erin will candidly share insights from that journey: expect real talk, hard-won lessons, and practical tips for anyone facing down technical debt in their own organization. 

Michelle Jump, CEO, MedSec

Michelle Jump is the CEO at MedSec, where she is responsible for providing strategic leadership, training and advisory services to the medical device industry in the area of cybersecurity compliance, global regulations, standards, product security program development, and security risk management. Ms. Jump has a passion for bringing technology-based solutions to healthcare, actively participating in a variety of domestic and international standards, as well as relevant industry and governmental initiatives to support security within the healthcare industry.

Ms. Jump holds a Master of Science in Regulatory Science from the University of Southern California and a Master of Science in Biotechnology from California State University. She is also RAC certified and a Certified HIPAA Administrator. 

Kennedy Luvai, Senior Data & Privacy Counsel, bioMérieux

Dan Lyon, Global Director of Product Security, Boston Scientific 

Dewey Phan, Director of Cybersecurity Quality Assurance, Olympus

Chris Reed, Senior Director of Cybersecurity Policy, Global Regulatory Affairs, Medtronic

An active leader supporting Medtronic’s product security programs and reports to Medtronic’s Chief Regulatory Officer. Advise product teams on cybersecurity regulatory strategy and working on key regulatory legislation/guidance/standards such as FD&C 524B. Also spent over 21 years with Eli Lilly and Company including building Lilly’s product security program supporting Digital Health including connected diabetes management products.

Actively engaged as a leader in many medical device security and digital health industry initiatives such as the Healthcare Sector Coordinating Council’s Cybersecurity Working Group Executive Committee, AdvaMed® Cybersecurity Working Group chair, MDIC Cybersecurity Working Group chair and various standards groups including the AAMI Device Security WG. 

Jessica Wilkerson, Technical Lead, Cybersecurity – Quality Partnering and Digital Controls Team, Roche

Jessica Wilkerson is a medical device cybersecurity policy expert, coming to Roche after spending over five years at the FDA as a Senior Cyber Policy Advisor and the Medical Device Cybersecurity Team Lead. At FDA, she helped draft the 2025 Premarket Cybersecurity Guidance and implement FDA’s new explicit medical device cybersecurity regulatory authorities, known as Section 524B, as well as respond to numerous medical device cybersecurity vulnerabilities and incidents. Prior to FDA, she spent five years as a staffer with the Energy and Commerce Committee in the US Congress, where she advised congressional members on complex cybersecurity topics, and investigated cybersecurity issues in the health, energy, telecommunications, and other critical infrastructure sectors. She has a JD from the Catholic University of America’s Columbus School of Law, and a BA in Policy Studies from Syracuse University, as well as minors in Computer Science and Mathematics.  

Pricing

AdvaMed® members receive the best rates so check to see if your company is a member here.

  • AdvaMed Accel® Member Companies: $795
  • AdvaMed® Member Companies: $1,125
  • Non-Members: $1.675
  • Government/Academic: $800

Location

The Cybersecurity Summit reception and event will be at the Hogan Lovells office located at 555 13th St NW, Washington, DC 20004.

Have questions? Contact us to get support.

Hear From Us

Sign up to receive emails highlighting our upcoming events, early registration savings, and engagement opportunities for the medical technology community.