HIMSS17 Conference & Exhibition

February 19 – 23, 2017

Orange County Convention Center | Orlando, Florida

Educational Sessions | Exhibition | Hacker Demos | Interactive Phishing GameSchedule a Meeting

Welcome to our HIMSS17 page where we will communicate all things related to the upcoming annual HIMSS conference in Orlando. Check back often, as events leading up to HIMSS will be updated regularly.

Educational Sessions

Case Study: Making the Right Investment in Security

Tuesday, February 21st
2:30 – 3:30pm
Tangerine Ballroom, F4

Don Lindsey
VP and CIO
Tallahassee Memorial Healthcare

Mac McMillan
Co-Founder and CEO
CynergisTek, Inc.

2016 brought multiple high-profile breaches and cyberattacks, including many that disrupted healthcare organizations’ ability to provide basic care. With a plethora of highly-automated, information-reliant technology being used in healthcare organizations nationwide, the industry simply cannot afford not to invest in security measures that protect both their businesses and their patients. Presenters will explain to attendees that mere HIPAA compliance does not constitute a comprehensive privacy and security program and describe how OCR can and should offer guidance for providers in knowing what, where, when and how to invest in security to meet evolving threats and demands. More importantly, presenters will discuss what healthcare organizations should be doing today to ensure they are making the right investments in data security drawing from a real-world case study.

Learning Objectives:

  • Assess the current healthcare security landscape and efficacy of the enforcement environment
  • Describe what efforts are required by OCR to encourage provider due diligence in security
  • Calculate appropriate provider investment in security infrastructure
  • Identify best practices for security investment and cyber defense drawing from a case study

Balancing Patient Privacy with Patient Engagement Efforts

Wednesday, February 22st
11:30am – 12:30pm
Room 331A

Mercy del Ray
Chief Privacy Officer
Baptist Health South Florida

David Holtzman
VP, Compliance Strategies
CynergisTek, Inc.

Healthcare organizations are facing significant challenges aligning their business practices to keep up with shifting federal requirements to provide patients increased control of their medical records and directing healthcare providers and payers to share patient health records. OCR has aggressively pushed the boundaries to the Patient Right of Access, amendment and sharing of their health records. As one OCR leader put it, “whatever the patient wants to do with their information, it’s her right to have it and to have it in the form or format that she wants it.” This session will identify the key drivers of federal policy empowering patient control and access and explain how organizations can leverage these drivers to adopt policies and processes that meet these requirements as well as the expectations of patients. It will also examine information security issues that organizations should consider to ensure they have appropriate safeguards in place.

Learning Objectives:

  • Identify key drivers of federal policy empowering patient control and access to their health records
  • Evaluate current OCR guidance on patient access to health information and sharing with third parties
  • Describe best practices for giving patient choices in accessing and sharing their health information

Exhibition

CynergisTek will be hosting Booths 2093 and 1734 in the exhibition hall, along with Auxilio and RedSpin. Stop by during the event to learn more about our recent acquisition by Auxilio, meet with our team and discuss your organization’s privacy and security concerns. Team members who will be present at HIMSS17 include:

While there, you can also watch a hacking demo by our Sr. Penetration Tester John Nye or play our interactive phishing game (see below for details).

HIMSS 2017 Booth Map

Hacker Demos

Come see John Nye the Hacking Guy (CynergisTek’s Sr. Penetration Tester John Nye) demonstrate the latest tools and techniques that are being used by hackers to gain access to sensitive data. He will also discuss how to keep data safe and the steps that should be taken to improve security and decrease the risks.

Demo 1: Wireless Worries

Today’s technology has been striving for a single purpose for some time: freedom from wires. In that pursuit our devices – whether they be a phone, computer, watch, or even BlueTooth headphones – have become more and more reliant on wireless signals. These wireless signals we rely on vary in their safety and types. The most common is WiFi, which we use daily at work, home, and sometimes out and about. Unfortunately, there is not nearly the amount of security that our general confidence suggests. Wireless networks are a great method for attackers to gain critical information, access to systems, and even the keys to the kingdom if they play their cards right.

In this demo, we will review some of the wireless attacks that could be used against you and your organizations using some of the latest tools available.

Demo 2: Mobile Devices and Portable Hacks

It is very easy to limit the category of mobile devices to our mobile phones. While the tiny computers we carry with us everywhere are mobile devices and have some serious security and safety implications, they are not alone in this category. Laptops, tablets, hybrid devices, smart watches, and maybe even your car are all also mobile devices. Traditionally (a funny term to use when discussing IT), we have relied on perimeter security to keep our devices safe. However, we no longer live in an age of borders.

This demo will demonstrate some of the techniques and devices that attackers can use to compromise mobile devices while they are out of the border and how they can be used to bring back the attacks.

Demo 3: The Problems with Wetware

Wetware, better known as people or users, are not only the sole reason that we have IT, they are the biggest security issue there is. People, even the best and the brightest, make mistakes. These mistakes can cost us, and our organizations, dearly. People fall for scams because they want to help. Phishing and social engineering attacks work so well because of our human nature and desire to be helpful.

In this demo, we will discuss some of the tactics that attackers use to exploit the wetware that your organization relies upon. We will also discuss a few ways to help users be better prepared for scams and attacks and how we can test their response to simulated attacks.

Date Wireless Worries Mobile Devices Wetware
Monday, February 20th 11:30am – 12:00pm 2:30 – 3:00pm 4:30 – 5:00pm
Tuesday, February 21st 2:00 – 2:30pm 4:00 – 4:30pm 11:00 – 11:30am
Wednesday, February 22nd 10:30 – 11:00am
John NyeSr. Penetration Tester
John Nye has spent the majority of the last decade working in Information Security, half that time working exclusively as a professional penetration tester. Besides testing and improving security, John has a passion for educating and informing the public. He accomplishes this by presenting hacking demos regularly at industry conferences and groups as well as writing blog posts for CynergisTek and industry publications.
Nye’s specialties include Wireless, web, and system penetration testing, user education and public speaking, information assurance, security auditing, policy compliance and writing, and security research and analysis. Some of his industry certifications include CISSP, Licensed Penetration Tester (LPT) and Certified Ethical Hacker (CEH).
Read John’s Blog Posts

Interactive Phishing Game

Can you recognize a well-crafted phishing scam? Stop by our booth to test your knowledge with our game “Squish a Phish”.

Schedule a Meeting

If you would like to schedule a meeting with a member of the CynergisTek team, fill out the form below. We will then contact you in order to schedule the exact date and time for your meeting.

[formassembly formid=456668]