AdvaMed Cybersecurity Summit

December 12, 2022 – December 13, 2022
12:00 PM – 3:45 PM ET

Register now

Join AdvaMed for the 2022 Cybersecurity Summit as experts from across the medical device and healthcare cybersecurity industry help you navigate the complex threat environment and the FDA regulatory requirements that continue to evolve.

AdvaMed Cybersecurity Summit

December 12, 2022 – December 13, 2022
12:00 PM – 3:45 PM ET

Register now

  1. Overview
  2. Agenda
  3. Sponsorship

AdvaMed Cybersecurity Summit

December 12, 2022 – December 13, 2022
12:00 PM – 3:45 PM ET

Register now


Medical device cybersecurity has never been more important than it is now, and as device capabilities advance and become more connected the threat landscape continues to grow. The virtual Cybersecurity Summit will address the future of medical device cybersecurity as well as recent changes in the industry landscape including issues related to FDA requirements and cybersecurity management practices.

View the Cybersecurity Summit agenda below and click here to download a copy of the agenda.

Day One
12:00 pm – 12:05 pmWelcome Remarks

Zach Rothstein, Executive Director, AdvaMedDx    
12:05 pm – 12:35 pmComponent Based Cybersecurity for Products  
Colin Morgan, Apracity LLC

For medical devices, we must evolve and think about the components in the product and how to securely configure them on an individual basis, otherwise we may be missing things that create future risk. A single product may have dozens of components and without individual focus, how can we ensure the device is properly secured. In this session, we will discuss what component-based security is, what it means and why it is a critical approach in developing safe and secure products.    
12:35 pm – 1:05 pmFDA Regulatory Update  
Suzanne Schwartz, Director, Office of Strategic Partnerships and Technology Innovation, Center for Devices and Radiological Health, FDA

FDA will provide an overview of the current state of the Agency’s cybersecurity efforts.    
1:05 pm – 1:45 pmUncomfortable Truths: Recent & Imminent Gamechangers to Medical CyberSafety  
Joshua Corman, Vice President, Cyber Safety Strategy, Claroty; Former Chief Strategist, COVID Task Force, Cybersecurity and Infrastructure Security Agency

Healthcare was strained before our recent waves of unpleasantness. Our resilience has been further damaged across material disruptions by rapid evolution in ransomware, a global pandemic, and increasingly brazen adversaries taking advantage of our vulnerability. Our recent crucibles revealed and clarified much – crossing new thresholds regarding public safety, public confidence, and political will for substantive reform. We have a small window to work through our discomfort. History has its eyes on us…    
1:45 pm – 2:00 pmBreak    
2:00 pm – 2:45 pmMedical Device Penetration Testing Best Practices
Chris Reed, Director of Digital Health and Product Security Policy, Medtronic

Medtech and its regulators have embraced the value of penetration testing to validate medical devices can resist current threats. However, penetration testing practices and the outcomes still vary greatly. There is an opportunity to mature best practices, specifical for medical device penetration testing, to help drive consistency and effectiveness of penetration testing validation of security controls. MDIC is close to releasing a best practices document on medical device penetration testing. This session will share the key themes and updated timeline the document is expected to be released.
2:45 pm – 3:45 pmProduct Security Program Evolution
Chris Kohlios, Cyber Risk Senior Consultant, Deloitte Nick Sikorski, Senior Manager, Product Security, Deloitte

Product security has evolved significantly over the past decade. Regulators, customers, and the drive of manufacturers to protect patients has resulted in an increase in maturity throughout the product lifecycle. In this session, we will discuss our observations from the field working with global medical device manufacturers. We will share data points and benchmark information on both where the industry is today and where they are setting their north star over the next two to three years. Coming out of this session, attendees will better understand and be able to compare their maturity with respect to others in the industry and the direction of where product security programs are focusing their budgets and roadmaps in the near term.
Day Two
12:00 pm – 12:05 pmWelcome Remarks
Zach Rothstein, Executive Director, AdvaMedDx
12:05 pm – 12:35 pmLimiting Cyberattack Liability Protection through the SAFETY Act
Brian Finch, Partner, Pillsbury Winthrop Shaw Pittman LLP

This presentation will describe how the SAFETY Act, a federal liability protection statute, can limit or eliminate liability associated with cyberattacks on medical devices. Topics covered will include a primer on the SAFETY Act, the kinds of liability the SAFETY Act limits or eliminates, who can apply for these protections, and how the law fits in with cyber insurance.

12:35 pm – 1:35 pmHidden Hospital Vulnerabilities
Benoit Desjardins, MD, PhD, Professor of Radiology and Medicine and Co lead, Arrhythmia Imaging Research Laboratory, University of Pennsylvania
Mike Kijewski, CEO, MedCrypt
Jessica Wilkerson, Cyber Policy Advisor with the All Hazards Readiness, Response, and Cybersecurity (ARC) team, Center for Devices and Radiological Health, FDA

Join us on a cross-industry panel discussing the current state of security in DICOM. The panel will consist of a regulatory perspective, a hospital CIO, a representative from an imaging vendor, and a rep from a PACS vendor.
1:35 pm – 1:50 pmBreak
1:50 pm – 2:50 pmLessons Learned from Paylocity’s Ongoing Journey into DevSecOps
Randy Horton, Chief Solutions Officer, Orthogonal
Michelle Jump, CEO, MedSec Bruce Parr, Manager of Developer Security Operations – Information/Application Security Teams, Paylocity

DevSecOps (Development Security Operations) is a key modern engineering method for getting ahead of application security issues and fusing best practices for secure software into the normal flow of an organization’s development processes and culture. The Software as a Service (SaaS) industry has been a pioneer in DevSecOps as a result of their needs as cloud-first and digital-first businesses. We in Medtech can learn a tremendous amount to learn about successful DevSecOps from SaaS companies.

In this session, we will have a wide-ranging discussion with Bruce Parr, a DevSecOps expert who has been on a multi-year journey of implementation at the fast-growing and well-regarded SaaS payroll provider, Paylocity. And while payroll processing may not be considered critical infrastructure under the formal definition, try telling that to an entire workforce at a company that doesn’t get paid one Friday because their employer’s payroll vendor is being held ransom by hackers who have taken control of their computers.

In this wide-ranging conversation, Bruce will walk us through Paylocity’s DevSecOps journey: what they’ve learned about it, how they’ve implemented it, what the results have been and where they are headed next. Through the conversation, we’ve tie Bruce’s points back to some of the specific needs of Medtech, SaMD, DTx, and connected medical device systems.

Our goal is for you to leave this session with a quiver full of new ideas for how to apply this powerful new cybersecurity approach in your own organization.
2:50 pm – 3:45 pmMoving Beyond the Baseline: Next Steps for Advancing Cybersecurity Maturity in Health Care
Edison Alvarez, Director, Information Security – Governance, BD
Debra Bruemmer, Senior Manager, Mayo Clinic
Greg Garcia, Executive Director, Cyber Security, Health Sector Coordinating Council
Terry Rice, VP, IT Risk Mgt & CISO of Merck & Co., Inc.
Chris Tyberg, Division Vice President, Chief Information Security Officer, Abbott

The Medical Device Innovation Consortium (MDIC) recently launched the inaugural healthcare cybersecurity maturity benchmark report, revealing numerous opportunities to improve cybersecurity and resilience across the healthcare industry. Join Debra Bruemmer, Senior Manager, Mayo Clinic, Greg Garcia, Executive Director, Cyber Security, Health Sector Coordinating Council, Terry Rice, VP, IT Risk Mgt & CISO of Merck & Co., Inc., and Chris Tyberg, Division Vice President, Chief Information Security Officer, Abbott for an engaging panel discussion on advancing cybersecurity maturity, moderated by Edison Alvarez, Director, Information Security – Governance, BD. Topics will include cybersecurity challenges in healthcare compared to other industries, practical ways organizations can use the benchmark report data and strategies for charting a path toward substantial increases in healthcare’s cybersecurity maturity over time.

Sponsorship Package

Demonstrate your leadership in medtech cyber security management! Co-sponsorship opportunities: 4 available, $5,000 per co-sponsor. Become a Cyber Security Summit Co-Sponsor today!

Sponsor package includes:

  • Logo promotion on conference web site & electronic marketing materials
  • Verbal recognition of sponsorship on each day of the conference
  • Opportunity to contribute advertising artwork for a slide loop to be shown during conference breaks each day (total of 4 breaks)
  • 1 complimentary registration to the conference
  • Attendance list provided post-conference (first name/last name/title/company)

Hear From Us

Sign up to receive emails highlighting our upcoming events, early registration savings, and engagement opportunities for the medical technology community.