Cybersecurity Issues in Healthcare - Threats and Regulations Part 2

Healthcare is today the number one most targeted industry for cybersecurity threats and data breaches. The sensitive nature of the information collected from patients makes it a lucrative target, as the information is highly profitable on the black market. At the same time, healthcare businesses such as hospitals are particularly likely to pay ransoms when attacks disrupt their life-saving work. With an increasing dependence on technology to care for patients, the threats can only be expected to rise. Attorneys today advising healthcare businesses should know the technical risks and regulations they face as well as the right questions to ask Chief Information Security Officers (CISOs) and the information to provide them with.
In part two (2) of this webinar, our expert panelists begin by reviewing the five titles of HIPAA. Our speakers then give an overview of the HIPAA Privacy and Security Rule and discuss Proposed HIPAA Amendments, its enforcement rule, and HIPAA violations. Finally, they conclude by breaking down the essential elements of the Health Information Trust Alliance Common Security Framework (HITRUST CSF).

Our Mission is to bridge the knowledge gap between law and technology professionals by educating attorneys on technology to attorneys and technology executives on its laws and regulations. Legal Cyber Academy provides a comprehensive tool and evolving knowledge base through exclusive insights from world class cybersecurity, privacy, web 3.0, forensic, and e-discovery legal and technical practitioners. Earn CLE, CPE, and CE credits. (Refunds are available if you do not receive credit) At Legal Cyber Academy We recognize that technology, the cybersecurity threats it faces, and relevant laws and regulation are rapidly evolving, presenting unique challenges and opportunities. Our platform is dedicated to empowering legal professionals with the skills and understanding necessary to navigate the complex landscape of technology in their field, enabling them to effectively advise clients, draft contracts, and navigate legal implications in a technology-driven world. Simultaneously, we strive to equip technology professionals with the legal knowledge they need to make informed decisions, ensure compliance with regulations, and limit liability. By fostering a deep understanding of legal frameworks, we hope to support technology professionals in creating innovative, compliant, and socially conscious technological advancements. Join us in our mission to reshape the way legal professionals and technology experts understand and interact with each other in a rapidly changing technical and legal landscape. Together, they will mitigate risk better, ensure compliance, and actively shape the future of technology and its accompanying laws.

LAW & FORENSICS LLC – FOUNDER; JAMS – NEUTRAL; HARVARD – ADJUNCT;
Danie Garrie, Esq., is the Co-Founder of Law & Forensics LLC, where he heads the Computer Forensics and digital discovery Cybersecurity teams. Daniel has been a dominant voice in the computer forensics and cybersecurity space for the past 20 years, as an attorney and technologist. He is an adjunct professor at Harvard for Computer Forensics, and prior to Law & Forensics, he successfully built and sold several technology start-up companies. Since co-founding Law & Forensics LLC in 2008, Daniel has built it into one of the leading boutique firms specializing in cybersecurity and forensic engineering. He is a mediator, arbitrator, and e-discovery special master for JAMS and is a partner and head of Cybersecurity practice at Zeichner, Ellman & Krause LLP. Daniel earned both a Bachelor’s and a Master’s degree in computer science from Brandeis University, as well as a J.D. from Rutgers Law School. Daniel has led cyber and forensic teams in some of the most visible and sensitive incidents in the United States. He and his team have worked globally for two of the top five banks and dozens of the largest private and public companies in the world. In addition, Daniel has been awarded several patents for advanced cybersecurity and forensic platforms he built with his team, including TableTop.AI, CustodyTrack.IO, and Forensic Scan. Daniel is also well-published in the cybersecurity space and has authored more than 200 articles and books. His work is cited by Black’s Law Dictionary 10th Ed. defining the terms 'software', 'internet', and 'algorithm'. Lastly, he has been recognized by several United States Supreme Court Justices for his legal scholarship and is a trusted source and thought leader for cybersecurity articles and opinions, cited over 500 times to date.

Former CISO/VP Cyber Security | Healthcare Security Advisor | ICIT Fellow
Dave Summitt is a highly accomplished cybersecurity executive with extensive experience in leading and managing cyber security programs and has received industry recognition for his involvement with initiatives that demonstrate thought leadership and outstanding business value. Dave is currently the Vice President of Cyber Security for the Florida Cancer Specialists & Research Institute (FCS) where he is responsible for continuous development and maintaining the cyber security program. In his current role, Dave is responsible for the overall security of FCS’ IT infrastructure. He leads a team of security professionals who are responsible for developing and implementing security policies and procedures, conducting security assessments, and responding to security incidents. Dave is also a member of the organization’s executive leadership team, where he provides guidance and recommendations on security-related matters. Prior to joining FCS, Dave was recruited by and became their first Chief Information Security Officer (CISO) with Moffitt Cancer Center & Research Institute in Tampa, FL where he constructed a comprehensive cyber security program. During his 6-1/2-year time with Moffitt, Dave and his team won numerous awards for his leadership and initiatives. A 21-year federal career with the Department of Defense preceded his entry into healthcare security. Mr. Summitt earned his undergraduate degree in Information Systems Management from the University of South Florida and his master’s in information security with a Digital Forensics concentration from Norwich University. He is a fellow with the Institute of Critical Infrastructure Technology (ICIT) a national cyber security think tank based in Washington DC, a Florida Infragard member, a former member of the Forbes Technology Council and served as an adviser to the Center for Cyber Safety and Education. For several years, Dave has been identified as one of the “Hospital and Health System CISOs to know” by Becker’s Hospital review. Dave has also had the honor of providing testimony before the U.S. Congress concerning security implications to healthcare operations due to phone spoofing and robocalls. He was later appointed by the FCC as Chairperson for the 2020 Hospital Robocall Protection Group, a working group directed by Congress to assist in making recommendations for combating robocalls and phone spam. Dave is a respected leader in the information security community. He is a frequent speaker at security conferences and has written articles for several publications and is getting ready to publish his second season of “3-point Cyber”, a podcast about cyber for the layperson.

Partner | Foley & Lardner LLP
Aaron K. Tantleff, CIPP/E, is a partner in Foley’s Technology Transactions, Cybersecurity, and Privacy; and the Environmental, Social, and Corporate Governance (ESG) practice groups. He represents companies in various technology, privacy, security, information management, open source, and intellectual property matters, such as the development of compliance policies, programs, cybersecurity breach preparation, incident response, big data, and data monetization initiatives. He also regularly represents clients in mergers and acquisitions, outsourcing transactions, strategic alliances, development and licensing arrangements, supply and distribution arrangements, and other strategic and collaborative transactions involving significant technology and intellectual property. Aaron is a frequent speaker on technology, security, privacy, and outsourcing matters, and is regularly quoted in The Wall Street Journal, Reuters, Politico, Fortune, and other top-tier publications on topics such as cyberattacks, privacy law developments, and data protection, including regarding the General Data Protection Regulation (GDPR) and the Asia Pacific Cross Border Privacy Rules. Aaron has been retained for data protection, cybersecurity, monetization of big data/IoT programs, and data breach response, remediation, and simulations by companies across all industries and sizes, domestically and abroad, including several Fortune 100 companies. He has also counseled several state legislators on cybersecurity legislation. Aaron has wide-ranging industry experience, including extensive representation in the financial services, consulting, information technology, software development, technology, oil and gas, energy, chemicals, utilities, communications, consumer markets (retail, wholesale, and distribution), life sciences, pharmaceuticals, health care/health services, manufacturing, media, and transportation (automotive and airline) industries. Prior to joining Foley, Aaron was the global director of intellectual property for a large NASDAQ information technology and software company, as well as the acting associate general counsel for an NYSE-listed global information technology and management consulting company with over $3 billion in revenues. Aaron is an adjunct professor of law at Loyola University Chicago School of Law, where he teaches a course on transactional intellectual property law that focuses on intellectual property licensing, valuation, acquisitions, divestures, joint ventures, and technology development.

Chief Information Security Officer | Christiana Care
Anahi Santiago is one of the nation's foremost cybersecurity experts and is interviewed by dozens of national media outlets each year. She is the Chief Information Security Officer at ChristianaCare in Delaware, one of the country’s largest healthcare providers. With over 20 years in the Information Technology field, Anahi has extensive experience in areas of cybersecurity, privacy, regulatory compliance, program management and infrastructure services. Anahi has overall responsibility for the organization’s information security program and strategic direction. She leads a team of high performing information security professionals in supporting ChristianaCare's strategic initiatives by partnering with the business and managing risks, implementing policies and controls, and generating overall awareness.