AdvaMed Cybersecurity Summit

Medical device cybersecurity has never been more important. Advanced capabilities and ever more connected products means the threat landscape continues to grow. This year’s AdvaMed Cybersecurity Summit features experts from across the medical device and healthcare cybersecurity landscape who will help you navigate this complex threat environment and the FDA regulatory requirements that continue to evolve.

This year’s agenda is filled with timely sessions and dynamic speakers from FDA and Industry. Take a look below for a preview of this year’s sessions on the state of medical device cybersecurity, which include several regulatory updates from FDA, lessons learned from industry experts and a preview of the future of medical device cybersecurity.

Session topics

Day 1

• FDA Regulatory Update
• Cyber Risk Management as a Shared Responsibility 
• Reducing Cybersecurity Risks in Healthcare
• Automation of Medical Device Cybersecurity Risk Management
• Medical Device Product Security

Day 2

• Healthcare and Public Health Sector Coordinating Council (HSCC) Updates
• International Regulatory Update
• Software Bill of Materials (SBOM) Generation: Lessons Learned from the Trenches in Product R&D
• Threat Modeling for Medical Devices
• The Past and Future of Medical Device Cybersecurity

Who should attend?

• Cybersecurity Professionals
• Regulatory Affairs Professionals
• Privacy Officers
• Information and Product Security Professionals
• Data Scientists
• Medical Device Engineers
• Software Developers and Engineers
• Program Managers
• Compliance Professionals

Registration

Click here to check if your company is an AdvaMed member.

• AdvaMed Member Companies: $300.00
• AdvaMed Accel Member Companies : $200.00
• Government /Nonprofit: $215.00
• Non-Members: $550.00

Thank you to our sponsor

2021 AdvaMed Cybersecurity Summit Speakers

• Kyle Erickson, Senior Director Product Security, Medtronic
• Anita Finnegan, Founder & CEO, Nova Leah
• Kevin Fu, Acting Director, Medical Device Cybersecurity, CDRH, FDA
• Greg Garcia, Executive Director for Cybersecurity, Healthcare and Public Health Sector Coordinating Council
• Dr. Hans-Martin von Stockhausen, Senior Product Manager, Cybersecurity, Siemens Healthineers
• Matt Hazelett, Cybersecurity Policy Analyst, Clinical and Scientific Policy Staff, Office of Product Evaluation and Quality, CDRH, FDA
• Ed Heierman, Product Cybersecurity Architect, Abbott
• Jim Jacobson, Principal Cybersecurity Officer, Siemens Healthineers
• Michelle Jump, Vice President of Security Services, MedSec
• Mike Kijewski, CEO, MedCrypt
• Colin Morgan, Managing Director, Apraciti, LLC
• Arnab Ray, Director, Product Cybersecurity, Abbott
• Chris Reed, Director of Digital Health and Product Security Policy, Global Regulatory Strategy, Medtronic
• Inhel Rekik, Senior Director, Information Security Engineering, BD
• Melissa Rhodes, Product Security Program Manager, Medtronic
• Aftin Ross, Senior Science Health Advisor, Office of Strategic Partnerships and Technology Innovation, CDRH, FDA
• David Scott, Senior Director, Product Security, Intuitive Surgical
• Scott Shindledecker, Chief Product Security Officer, BD

2021 AdvaMed Cybersecurity Summit Agenda

Monday, December 6

Welcome Remarks | 12:00 pm – 12:05 pm
Zach Rothstein, Senior Vice President, Technology & Regulatory Affairs, AdvaMed
Director and Lead, AdvaMed Center for Digital Health

FDA Regulatory Update | 12:05 pm – 12:30 pm
Kevin Fu, Acting Director, Medical Device Cybersecurity, CDRH, FDA

From Noise to Protection: Cyber Risk Management as a Shared Responsibility | 12:30 pm – 1:00 pm
Dr. Hans-Martin von Stockhausen, Senior Product Manager, Cybersecurity, Siemens Healthineers
Latest with the “SBOM Initiative”, medical device operators will know the software components contained in their devices and they have access to threat intel published for those components. Determining the resulting device level severity of component vulnerabilities requires vendor support. Combining a vendor internal mechanism for security risk management with operator facing fleet management allows delivery of product level risk information to a minimal possible audience.

Reducing Cybersecurity Risks in Healthcare: Advancing the Journey to Better Secure Medical Devices | 1:00 pm – 1:35 pm
Inhel Rekik, Senior Director, Information Security Engineering, BD
Scott Shindledecker, Chief Product Security Officer, BD
Amid increasing cyberthreats, medical device manufacturers have a responsibly to advance our collective journey to better secure medical devices and protect patient safety and privacy. In this presentation, BD Sr Director of Information Security Engineering Inhel Rekik and BD Chief Product Security Officer Scott Shindledecker will share leading practices they have adopted and recommend to all medical device manufacturers. Topics will include adopting DevSecOps, code signing, communicating third-party software components, and building and maintaining an in-house penetration testing team. From tips for improving communication with customers and patients to putting mature coordinated vulnerability disclosure processes into practice, attendees will learn practical ways to accelerate their own journeys toward improving medical device cybersecurity.

Break | 1:35 pm – 1:45 pm

Automating Medical Device Security Risk Management:
A Medtronic Case Study Using Nova Leah’s Select Evidence | 1:45 pm – 2:25 pm
Kyle Erickson, Senior Director Product Security, Medtronic
Anita Finnegan, Founder & CEO, Nova Leah

Product Security FAQs | 2:25 pm – 3:00 pm
Colin Morgan, Managing Director, Apraciti, LLC
In this discussion, we will cover a variety of popular topics on product security and provide guidance and recommendations to consider in addressing them. Topics will include hardware security concepts, types of security testing that should be performed, what to include in a regulatory submission for cybersecurity, whether or not we should be risk assessing a threat model and more.

Tuesday, December 7

Welcome Remarks | 12:00 pm – 12:05 pm
Zach Rothstein, Senior Vice President, Technology & Regulatory Affairs, AdvaMed
Director and Lead, AdvaMed Center for Digital Health

Healthcare and Public Health Sector Coordinating Council (HSCC) Updates | 12:05 pm – 12:25 pm
Greg Garcia, Executive Director for Cybersecurity, Healthcare and Public Health Sector Coordinating Council

International Regulatory Update | 12:25 pm – 12:45 pm
Matt Hazelett, Cybersecurity Policy Analyst, Clinical and Scientific Policy Staff,
Office of Product Evaluation and Quality, CDRH, FDA
Michelle Jump, Vice President of Security Services, MedSec
Cybersecurity has become an important aspect of regulatory submission requirements across the globe. Expectations have been evolving regularly and it is important to stay up-to-date. This session will provide updates from FDA and an international regulatory cybersecurity expert that will aid attendees in preparing for submissions across the globe.

Current State of SBOM Practices in Healthcare | 12:45 pm – 1:35 pm
Moderator: Chris Reed, Director of Digital Health and Product Security Policy, Global Regulatory Strategy, Medtronic
Ed Heierman, Product Cybersecurity Architect, Abbott
Jim Jacobson, Principal Cybersecurity Officer, Siemens Healthineers
Melissa Rhodes, Product Security Program Manager, Medtronic
Aftin Ross, Senior Science Health Advisor, Office of Strategic Partnerships and Technology Innovation, CDRH
Generating a SBOM may seem like an easy task. Just plug a tool into your development pipeline and the task is complete! However, reality is far from ideal, and the lack of current tooling and standard maturity provides plenty of opportunity for improvement. Also, generating an SBOM is only valuable if we leverage it to reduce cybersecurity risk. Join us as practitioners and policymakers discuss current practice maturity, including an overview of current NTIA/IMDRF efforts to drive maturity in SBOM practices for healthcare.

Break | 1:35 pm – 1:45 pm

Threat Modeling: Special Considerations and Strategies for Medical Devices | 1:45 pm – 2:25 pm
Michelle Jump, Vice President of Security Services, MedSec
Arnab Ray, Director, Product Cybersecurity, Abbott
Threat modeling is not a new practice in security. However, there are specific approaches that lend themselves to more effective and beneficial threat models for medical devices. The threat modeling process must integrate into the quality system at the right place to gain the most benefit. Regulators like the FDA are also expecting to see threat models in their submissions now. Are you ready?

Rethinking Medical Device Cybersecurity: Looking Back to Address the Future | 2:25 pm – 3:00 pm
Mike Kijewski, CEO, MedCrypt
David Scott, Senior Director, Product Security, Intuitive Surgical
Devices that were designed years ago, and at the time were cutting edge technologically based on the best-known practices, no longer meet today’s security needs. What can we learn from the past so as to avoid vulnerability disclosures of new products years from now? This talk will look back to provide learnings on how we can design cybersecurity into medical devices today, trends we need to be aware of, and explore where we should move towards in the next five years.