CyberMed Summit 2019

Solving the Last Mile Problem

In the two years since the first CyberMed Summit was held in the shadow of the WannaCry ransomware attack, great strides have been made to protect patients who depend on medical technology for life and limb. From closer collaboration between device vendors and security researchers, to robust regulatory guidance that promotes awareness and buy-in across health-care delivery organizations, we have made meaningful gains and won hard-fought victories. But significant work remains to protect our health-care systems from cyber attacks.

Notable voices in clinical medicine, security research, medical device manufacturing and public policy gather at UC San Diego School of Medicine on November 14 and 15, 2019 discuss how to bring recent advances in health-care cybersecurity to the place of maximal impact – the patient’s bedside.

CyberMed Summit 2019: Solving the Last Mile Problem bring together international experts and include simulated cyber crisis exercises in a hospital setting.

Speakers and Content

Thursday, November 14th 2019


The CyberMed Summit aims to be the premiere clinically-oriented healthcare cybersecurity conference. To this end, education and awareness is a primary component of our mission. For the first time, the CyberMed Summit begins with a series of “primer” sessions designed to welcome those new to the healthcare cybersecurity discussion and provide education in a number of important areas that allow attendees to receive the highest yield out of subsequent conference content. Primers will be open to everyone.

Clinical Cybersecurity: Consequences and Challenges

Chrisian Dameff, MD and Jeff Tully, MD

This introductory primer takes you to the bedside and demonstrate that cybersecurity issues are patient safety issues. As physicians and security researchers, Christian and Jeff possess a unique, clinically-oriented perspective that has helped to bridge the worlds of security and medicine and has served as the inspiration for the CyberMed Summit event.

The Medical Device Policy and Regulatory Environment

Suzanne Schwartz, MD, MBA and Joshua Corman

SBOM, ICS-CERT, NHISAC, CVE- alphabet soup got you down? Looking to learn the difference between pre and post-market guidance? Does the FDA do medical device recalls, anyway? This primer, hosted by the FDA’s own Dr. Suzanne Schwartz and policy guru Josh Corman, will provide a 30,000 foot overview of the regulatory and policy space surrounding medical devices and highlight current trends, debates, and coming attractions in this arena.

Security for the Healthcare Delivery Organization

Debra Breummer

Today’s healthcare delivery organization faces a challenging balancing act, juggling patient care and workflow alongside privacy and regulatory considerations- and that’s before security even gets factored into the mix. Debra Bruemmer, leader of the Clinical Information Security Resiliency team at Mayo Clinic, bring ideas and lessons from her experience at one of the world’s top clinical institutions to share ideas to help your organization develop a safe and strong security posture focused on patient safety.

Medical Device Security Workshop

Jay Radcliffe

Capacity: 52 Attendees - Registration required

In this workshop participants learn about different medical devices and explore their attack surfaces. A collection of connected medical devices on-premise can be scanned, taken-apart, and explored. Some of the topics in the course include: network scanning for medical devices, firmware analysis, vulnerability hunting, Wireless/RF analysis, and hardware analysis and assessment.

This course will be customized in real time to attendee skill levels, so feel free to register no matter what your technical background!

Lightning Talks

Why We Need a Software Bill of Materials

Beau Woods

Known but unmitigated vulnerabilities are among the greatest threats to our nation, according to a 2017 White House executive order. Opaque supply chains can mask these issues for a decade or more, even in newly developed products. Recent high profile disclosures show that supply chain risks can manifest many layers deep, making transparency critical to anticipating and avoiding harm. This session will discuss the concept of a software bill of materials, illustrate the potential advantages to such a framework, and detail the current policy status of proposals to incorporate SBOM into law.

Healthcare Cybersecurity and Health and Human Services

William Welch

Learn about the Department of Health and Human Services’ Cybersecurity Health Sector Cybersecurity Coordination Center (HC3) from its Cyber Engagement Lead, William Welch, as he presents an example of the information sharing and coordination capabilities of the HC3 team as they joined forces with the FDA, ASPR, and DHS to amplify and answer questions regarding the recent Urgent/11 vulnerabilities disclosure.

Research and Coordinated Disclosure

Marie Moe

You know Marie Moe from her legendary presentations on healthcare security from the perspective of a patient dependent on a connected medical device, now join her for an exploration of her latest foray into the ever controversial and challenging world of coordinated disclosure.

Cyber-Informed Consent

Andy Coravos and Meg Doerr

We expect clinicians to educate patients about the risks and benefits of treatment plans, but are practitioners capable of communicating about cybersecurity risks? Informed consent guru Meg Doerr and digital medicine expert Andy Coravos join forces to present a new frontier in the practice of connected medicine- cyber-informed consent.

Clinical Cybersecurity Simulation #1

A highlight of the CyberMed Summit since its inception, this clinical simulation will thrust an un-suspecting clinician into a scenario derived both from established security research and medical pathophysiology- challenging them to save lives in the setting of a cybersecurity crisis.

Keynote Address

Greg Garcia

​Greg Garcia, Executive Director for Cybersecurity of the Healthcare and Public Health Sector Coordinating Council will review the significant achievements produced by the various task groups of the SCC in 2019, as well as give an overview of new and exciting opportunities for continued stakeholder collaboration.

Evening Reception

It’s been a long day! Time to relax and network with new and old friends and colleagues while enjoying the warm San Diego evening and some delicious food and drink.

Thursday, November 14th 2019

Cybercrisis Tabletop Exercise

Adam Brand and Beau Woods

Capacity: 104 Attendees - Registration Required

This exercise will build directly from the previous day’s clinical cybersecurity simulation, expanding the concept beyond the bedside to encompass challenges faced at the institutional, local, and regional levels. A dynamic, multidisciplinary scenario will push attendees to respond in real-time to an evolving and complex situation.

Lightning Talks

MITRE’s Ecosystem-Wide Role in Healthcare Cybersecurity

Steve Christey Coley

MITRE, a not-for-profit organization, has been actively supporting FDA and other government organizations in improving cybersecurity for many stakeholders across the healthcare ecosystem, through a variety of exploratory, tactical, and strategic tasks. There’s, like, a LOT of stuff happening. We will cover much of our recent and ongoing work, including a progress report on the CVSS Rubric for Medical Devices.

Cyber Disaster Preparedness

Julian Goldman, MD

Harvard’s Julian Goldman presents lessons learned during the creation and execution of a powerful cybersecurity research collaboration.

Clinical Cybersecurity Simulation #2

Return to the sim lab for the world premiere of a brand-new clinical cybersecurity simulation exercise- taking place for the first time in the operating room!

VIP Keynote

Josh Corman

Bring the CyberMed Summit to a close with Josh Corman as he walks down the last mile and lays out his vision for the future of healthcare cybersecurity.