Print Page   |   Contact Us   |   Report Abuse   |   Sign In   |   Join HiNZ
2017 Cybersecurity in Health Speakers
Share |

Read more about the Cybersecurity in Health Symposium on 1 August 2017.

Peter Plowman, Senior Manager (anti) Fraud and Security, Kiwibank

Peter Plowman is a passionate defender against deceit, money pretending to be something it’s not, and theft. As the Senior Manager, (anti) Fraud and Security in Kiwibank…he sees a lot of the methods people employ for fraud and theft, whether digital, physical or both and works hard with his team (and others) to prevent, detect and respond/recover to them.

“Know thy enemy (and know thyself).”

(Cyber) War….what is it good for? Absolutely nothing”….or so the song (Edwin Starr) would have you believe. I disagree. The study of the ‘art of war’ can help you to prepare for an inevitable event. Do you know who your attackers really are?…Are you sure? Do you have an overinflated sense of your castle defences and an underestimation of the value of the contents?

Hector Rodriguez, WW Health Chief Information Security Officer, Microsoft

Hector Rodriguez is Microsoft’s Worldwide Health Chief Information Security Officer. He leads Microsoft’s work in health cloud compliance, health standards and cybersecurity. Hector works to ensure that healthcare security, privacy and compliance are foundational to Microsoft’s healthcare digital transformation strategy. His work is aligned with a covered entity’s “Triple Aim” objectives to improve the patient experience, improve population health and reduce costs. Hector works extensively with industry groups including WEDI-SNIP, HL/7, AHIP, HIMSS, HITRUST and CAQH. He is currently a board advisor of the Samueli Institute for health research and a founding member of the HITRUST Business Associate Council. Hector is a notable speaker for Microsoft’s executive briefing center, partner conferences, and HIMSS on “Cybersecurity and the Trusted Healthcare Cloud” and “Healthcare Digital Transformation”. Hector began his career in 1982 as a software engineer at Bell Research Laboratories and has been in the IT business for over 30 years.

Taking a “Cybersecurity First” Approach to Drive Healthcare Digital Transformation
Cyberattacks such as the recent Wannacry ransomware attack scared everyone and caused organizations to pause and rethink their security posture and to question their digital strategy. But with patients’ medical information more accessible and mobile, we have the potential to vastly improve health care by adopting digital solutions and technologies including telemedicine, mobility, wearables, IOT, Big Data and AI. However, this also introduces new security and privacy concerns. In this discussion we’ll explore why Security, Privacy, and Regulatory Compliance are foundational to Healthcare’s Digital Transformation, it’s importance to Healthcare customers and how modern security solutions and strategies can provide the framework for ensuring patient and customer data is safe.”

Dr Alan T Litchfield, Director, Service and Cloud Computing Research Lab

Dr Alan T Litchfield’s career in IT and computing covers several decades and spans engagement in publishing, systems design, database design and build, and then into academic research. Dr Litchfield’s vision for the future of cloud computing sees an environment in which a person’s devices is aligned to services and in which we are no longer encumbered with the client-server architecture that has predominated computer technology. Dr Litchfield is Director of the Service and Cloud Computing Research Lab at the School of Engineering, Computer and Mathematical Sciences at the Auckland University of Technology. He is a partner in the consulting firm, AlphaByte, past President of the Association for Information Systems (AIS) Special Interest Group on Philosophy in Information Systems, inaugurating Programme Leader for the degree Master of Service Oriented Computing (MSOC), and member of International Standards Organisation (ISO) working group responsible for 20000 and more recently a new ISO technical committee to create standards for blockchains, member of the Institute of IT Professionals (MIITP), Institute of Electrical and Electronics Engineers (IEEE), Association for Computing Machinery (ACM), International Institute for Information Design (IIID), TeX Users Group (TUG), and the Association for Information Systems (AIS). Areas of research cover service and cloud computing, applications of blockchain technologies, and the philosophy of science.

Ki-Ngā-Kōpuku: A Distributed Security Model for Cloud Computing
While mechanisms for security in the cloud exist, common vulnerabilities to attack persist and so we contend that a new type of security mechanism and model is required. This presentation discusses a distributed security model and architecture that, through redundancy and difficult to detect distribution, presents in an attack scenario multiple sacrificial targets. This approach eliminates a single point of failure and offers high levels of resilience and availability.

Heather Ward, Principal Advisor, National Cyber Policy Office

Heather Ward has been the Principal Adviser in the National Cyber Policy Office of the Department of the Prime Minister and Cabinet since September 2013. The National Cyber Policy Office (NCPO) was established in July 2012 with the purpose of leading the development of cyber security policy advice for government and advising on the investment of government resources in cyber security activities. NCPO launched “Connect Smart” as a new cyber security initiative in mid-2014. It is a public-private partnership to drive improved cyber security – involving banks, telecommunications operators, IT companies, software companies, social media, government agencies, non-government organisations, education institutions and business associations. Connect Smart is about building cyber security capability and encouraging individuals, businesses, government departments and organisations to use the internet in a smart way.

Chris Blackford, Manager ICT Assurance, The Department of Internal Affairs Te Tari Taiwhenua

Chris is a Principle Advisor in the GCIO (Government Chief Information Office). Chris is responsible for lifting assurance capability in government agencies and was central in a recent three year programme to help agencies mature their risk and security practices. A key aspect of this programme has been getting agencies to self-assess their risk and security capabilities and to implement change programmes to attain their desired maturity level. More recently Chris has been driving agencies to strategically assess their ICT assurance activities to allow them to reflect on whether limited resources are focussed in the right areas and ensure that ICT risks are not the cause of the next business related failure, but are integrated with risks at the corporate level. Cloud assurance also falls under the remit of Chris, with the GCIO owning the Cloud Risk framework that agencies follow when taking up cloud services. Chris has 25 years of experience in the banking and IT industry, primarily working in the business/IT interface role.

GCIO’s guidance on assessing Cloud Risk

Following Cabinet’s ‘Cloud First’ policy, GCIO was directed to develop a cloud risk framework. Given one size does not fit all, this presentation will reiterate the principles behind the framework, while reinforcing the need to adequately assess the risks involved in outsourcing some of your key operating functions or processes. While there is downside risk, there is upside opportunity. Cloud offers transformational change at the enterprise level. Balancing the risk/opportunity should be the focus of a cloud strategy. One of the key principles to keep in mind is that the public often doesn’t have a choice in their provider when it comes to government services, so we MUST promote and maintain public trust in our ability to protect the public’s information and private details. This may mean that the cost of dealing with risk exceeds the initial cost of procuring a service.

Phil Weir, Head of Outreach and Engagement, National Cyber Security Centre (NCSC)

Phil’s career to date has involved a diverse array of strategic, policy, and operational work on a wide range of national security issues and most recently cyber security.

The role of the NCSC
The role of the NCSC and the cyber threat picture we see. Vulnerabilities – systems, processes, people and the management of risk. Things to think about.

Sean Au, Founder,

Sean is a blockchain student who has been researching this exciting technology since 2014. He focuses on learning these new technologies, building up live demo's and sharing it with those around him. His latest project was Ubering Energy on the Blockchain. Sean is the chair of the Wellington Blockchain Meetup, a BANZ committee member and spends most of his time trying to keep up with the latest developments in the bitcoin, blockchain and smart contract space.

How secure is your health data on the blockchain?

There has been a lot of hype where all sorts of information is being placed on “the blockchain” and personal health data is no exception. Just what information is placed on the blockchain, how is it done and how secure is it? Sean explores these ideas by explaining what a block is and looks at the underlying blockchain security model in an attempt to demystify what all this hype is about.

Rick Ferguson, Cylance

Rick has been providing customers with solutions to their business-related IT issues for more than 20 years during which time he has worked in Europe, Africa, Asia and Australasia. He began his career in the UK, where he worked for BT. In 1995, he joined Cisco Systems, as Regional Manager for Sub-Saharan Africa and travelled extensively across the continent developing business relationships and opportunities right across the region. In 1998, he accepted a transfer to Australia and ran Cisco’s Enterprise Business in NSW. During the onset of the ‘Year 2000 Millennium Bug’ (aka Y2K), he helped many companies prepare their Y2K risk mitigation plans. In relation to Cyber Security, Rick was appointed as the first ANZ Country Manager for Palo Alto Networks and today works for Cylance, a next generation anti-virus company. Cylance leverages the power of Machine Learning and Artificial Intelligence to prevent modern Cyber threats. Rick lives with him family in Sydney, and has presented papers on Cyber Security at Auscert and other industry forums and is passionate about combating the business challenges created by Cyber Criminals. Rick lives with his family in Sydney.

Fighting security challenges with AI
Modern enterprises need to protect their organisation’s expanding network canvas against vast numbers of both known and unknown threats, and this requires a technologically sophisticated security solution. Traditional security suites can only protect against threats that have been previously identified. Not only are there millions of new threats released each month, but there are millions of new devices added to the internet every day. Through artificial intelligence, enterprises can secure a system against previously unknown threats, in addition to threats that may hide their malicious behaviour while under scrutiny.

Richard Harrison, Chief Information Security Officer, healthAlliance 

Richard is an experienced executive leader practiced in ensuring information security, trust and privacy in digital business. Richard has extensive experience at CEO and COO level in technology driven businesses where security and safety were key requirements. An ISACA Certified Information Security Manager and Certified ISO27001 Lead Implementer Richard has developed Information Security Management Systems in a number of businesses. At healthAlliance Richard is focused on building and delivering an information security transformation strategy and programme designed to embed robust and effective governance over cyber security and risk; improve visibility into the environment and know the unknown; ensure security by design from initiation, design, build and operate; excel in the basic areas of security hygiene and ensure we communicate, educate and build awareness of cyber security risks, changing behaviours and culture as a consequence.

Not if, but when! Preparing for the worst: incident response planning

Liz Schoff, Director, Pleione Consulting, Ltd 

Liz Schoff is a practicing health informatics professional, engaging with customers across New Zealand’s health sector for the last ten years.

Liz views informatics as the intersection of information, people and technology. She is a long-term advocate for establishing health informatics competencies in New Zealand, including several years as the chairwoman of HiNZ. Her professional focus has been capability development for people and delivery of effective technology solutions – integrating teams of health care professionals and technologists.

Liz is currently working with customers who are addressing cyber security risks in the integrated healthcare world.

Patients Leading Cloud-Based Health
Cloud-based health information is growing at an enormous rate. While agencies and organisations work to make a safe transition to cloud-based data, patients have quickly taken the lead for storing and sharing a variety of health-related information over the Internet. What does that mean for security expectations from all parties?

Hayley Power, Senior Engagement Advisor, CERT NZ

Previously, Hayley (alongside ex-GCSB colleagues) owned specialist IT Security company, InPhySec and has international experience having worked in South Africa as a cyber security manager for KPMG. Hayley began her career in cyber security working within the NZ government investigating state sponsored cyber-attacks against NZ businesses and government.

Ted Christiansen, Principal Advisor, Ministry of Health

Ted has been with the Ministry of Health for 9 years and is currently a Principal Advisor in the Digital Strategy and Investment Unit. His focus is on developing and supporting a wide variety of HISO Standards that support health sector IT environment development and operation. Ted works directly with a wide range of health sector agencies (eg DHBs, PHOs and Registration Authorities) in this task. Ted is a CISA with experience in the commercial and public sector.

A Practical approach to Cyber security assessment
The presentation identifies the key HISO Standards that supports cyber security in the health sector. It will identify the Ministry's approach to the adoption of Cloud computing services and provide an outline as to IT security support and advice that the Ministry can provide.

Boris Lamont, Director of Strategic Partnerships

Cybersecurity, not just an “IT” Problem anymore
Attackers are using next generation approaches to gain healthcare data for financial gain, IT requires a synchronised security approach to protect against modern cyberattacks. CNS are experts in Synchronising security efforts across People, Process and next gen Technology

Tim Sewell, Security Manager, Computer Concepts Limited

Tim is responsible for ensuring the security of CCL’s internal systems and managed services, and also works closely with CCL’s clients around security governance and strategy. During his 16 years in the Information Security profession, Tim has been a software developer, penetration tester, security consultant, architect and has run security teams in both New Zealand and Australia, including managing the largest security team in Australasia. Tim is passionate about information security and is currently focusing on developing and enhancing CCL’s information security capabilities and managed security services to help protect its clients and enable secure business growth.

Insights into cybersecurity and how to keep your organisation safe.
Security is a big topic today. It seems like every day there is a new attack, some new variant of ransomware being created and ransomware is making the attackers billions. Join CCL and Fortinet for an interactive session around Security. We will provide information on cyber security threats and ways to protect your organisation from these threats.

Michael (Mike) Gollop, Chief Technology Officer, Conporto Health

Mike Gollop is a senior ICT professional specializing in innovative enterprise solution development. Notable health sector achievements include development of the Canterbury Earthquakes emergency registration system for the Ministry of Health; architecting and creating the fully automated PPP test platform for District Health Boards New Zealand; a white paper published by Microsoft on his work proving Microsoft CRM 3.0 IS able to be securely hosted; and innovative configuration of New Zealand Practice Management Systems enabling them to be deployed as hosted solutions. Mike holds qualifications in development, infrastructure and architecture, and in his spare time likes to get knee deep in bleeding edge technology, with everything from Gaming to Home automation.

Secure structured health sector messaging is sorted, what about unstructured messaging?
Highly sensitive, Identifiable patient information is included in unstructured messages (emails) sent between clinicians and others every single day.  As part of raising the bar on the trustworthiness of health sector information transfer, Conporto Health encourages the New Zealand health sector to stop turning a ‘blind eye’ to this practice and to take appropriate, remedial measures.  As an option, Conporto Health has developed freeware and enterprise versions of a unique, “clopen”, secure email system called “hMael” specifically for the New Zealand health sector.

Graeme Neilson, Chief Research Officer, RedShield Security

Graeme is the Chief Research Officer and a Co-Founder at RedShield Security, a company that shields the world's websites, with offices in New Zealand and the US. Graeme’s career has gone from street performer through software developer to ethical hacker and security researcher. He has spent over 15 years carrying out social engineering and penetration testing for government and corporate clients around the globe and at RedShield is responsible for ensuring their shields are effective against the latest attacks.

Web Attack Favourites

What kinds of attacks happen against websites? Four very different examples of actual attacks seen against real web applications.Hear about how long it take to be attacked, what level of resources attackers deploy and what the favourite attacks and abuses are used against web applications.

Mandy Simpson, Chief Executive, Cyber Toa

Mandy Simpson is Chief Executive at Wellington based consultancy Cyber Toa, helping companies who handle sensitive financial or personal data to dramatically improve their cyber security. She has deep capital markets expertise, including four years as Chief Operating Officer at NZX, where she was an advocate for the development of blockchain technology for financial markets. Prior to that she was Chief Financial Officer for technology company Fronde.

The ins and outs of cyber security
For many organisations information security is a growing concern, and one they may feel they lack the resources or time to adequately address. We'll take a look at the pros and cons of cyber security outsourcing, including a discussion on which areas are best kept in house, and some practical considerations for an outsourced solution.

Steve Walsham, Group Broking Manager – Corporate, Crombie Lockwood

Before emigrating to NZ in 2015 Steve worked for over 24 years in the London insurance market, 22 of which were with Crombie Lockwood’s parent company Arthur J. Gallagher. In London Steve worked in the Major Risks Practice Group and ran their ICT Practice Group; providing strategic risk advice and insurance placements to a wide range of large and complex clients. He continues to provide this risk expertise to Crombie Lockwood clients in NZ and has developed and undertaken specific cyber risk reviews for both commercial and government clients.

Managing cyber risk with insurance?
Is insurance a viable risk management tool for cyber risks? Steve will outline the risks companies face, understanding those risks, the insurance available and the considerations companies face before purchasing insurance protection.

Dr Karolyn Kerr, Consulting Adviser, Conporto Health

Karolyn is the principal of her own consultancy company, Illuminare, which focuses on strategic solutions for information governance and management, alongside ehealth strategy and policy. Following completion of a PhD in Information Systems at the University of Auckland, Karolyn has provided advice on information governance, policy and strategy in health, across government, and private organisations. Karolyn has a background as a Cardiac Care Nurse with over 25 years’ experience in the health sector in New Zealand and the UK. Karolyn has presented widely and internationally on the development of a data quality framework and improvement strategy, and strategic enterprise information management solutions for health care.

Security – Hardware sorted, what about the people and process?
Most data breaches are caused by human error, people performing processes. Do they know the rules? Are there any rules in their organisation? Who agreed to them and communicated them? Governance at the national level needs to be translated into practice at the organisation level, into ways of working that consider the individual the data is about.

Scott Arrol, CEO, NZHIT

Scott is a highly experienced leader and manager with a broad commercial, business development and governance background particularly in the New Zealand health sector. He has spent the past 16+ years at the forefront of significant growth and service delivery changes in both the home-based and aged residential care sectors along with other key areas of the primary health and early childhood education sectors. Scott has held management roles in significant organisations including Healthcare of New Zealand, Radius Health and Kindercare. Scott received a Master in Business Administration (with Distinction) from the University of Waikato, has lectured in strategic management at the Waikato Business School and has been a management mentor for a number of years.

Philip Whitmore, Partner – Cyber Security, KPMG

Philip leads KPMG’s Cyber Security and Technology Risk practices in New Zealand. He has over 20 years practical experience in the provision of cyber security advisory and assurance, IT risk management, IT controls assurance and privacy risk management within New Zealand and the wider Asia-Pacific region. Philip sits on the boards and steering committees for a range of professional and industry bodies, including local chapters of ISACA and (ISC)2.

Brave New World – A focus on understanding the cyber security risks faced

A common key root cause in each of the high profile security and privacy breaches in New Zealand over the last four years, has been the lack of focus on security risk management. With all organisations having limited resources, whether it be time, money or other resources, ensuring cyber security efforts focus on the highest risks presented is critical. Philip will provide us insights into key cyber security risk management processes we should all have embedded in our organisations, and the practical steps we can all take to better manage our cyber security risks.

HiNZ, PO Box 300125, Albany, Auckland 0752, New Zealand.

Membership Management Software Powered by YourMembership  ::  Legal