To be notified of upcoming events in your area, click here to sign up for our mailing list.

Loading Events
This event has passed.

We invite you to attend our free Privacy and Security Incident Response Workshop on Wednesday, November 14th in Philadelphia. During this interactive, three-hour educational workshop, industry experts David Holtzman will draw on his firsthand experience to describe the important role privacy and compliance play in responding to an incident, while John Nye will weigh in from a security perspective.

Together, they will provide case study examples demonstrating the importance of the various stakeholders in an organization working together when responding to an incident. Attendees will leave better prepared to develop a comprehensive response for the day when the unthinkable happens to their organization. Attendees will also take away best practices for a proactive incident response plan.

A networking session will also take place prior to the workshop from 10:00 am – 10:30 am. This will allow for attendees to meet with one another and our industry expert speakers.

Topics covered include:

The current threat landscape and latest trends in healthcare

Real-world examples and case study

The business case for a strong incident response process

Best practices for creating an incident response playbook

Steps to assess if an incident requires HIPAA breach notification

Interactive roundtable response exercise

Register For This Event

Why You Should Attend

  • Networking opportunity with speakers and attendees
  • Ponemon Institute’s research found that the average total cost of a data breach went from $3.62 to $3.86 million, an increase of 6.4 percent from 2017.
  • Healthcare is being targeted by malware and ransomware, and understanding the threat is the first step to be able to respond to an incident.
  • Understanding the impact of an incident on the entire organization is critical to assuring the appropriate response plan is in place.
  • Security measures have to be proactive rather than reactive.
  • 78% of providers experienced a healthcare ransomware or malware attack in 2017.
  • Cyber incident response cannot be adequately addressed by IT alone in today’s regulatory environment.
  • The largest healthcare data breaches from 2017 that were reported to OCR were mainly caused by hacking or IT incidents, including ransomware attacks.
  • 98% of healthcare providers have not implemented the email authentication standard that reduces phishing emails.


  • What Could Go Wrong?
  • War Stories
  • Why Have an Incident Response Plan
  • Purpose of an Incident Response Plan
  • Who Needs to be Involved?
  • Lunch (provided)
  • Planning & Creating an Incident Response Playbook
  • Documentation & Breach Assessment
  • Making the Business Case for the Incident Response Plan

Who Should Attend

  • Privacy Officers & Analysts
  • Security Officers & Analysts
  • Chief Compliance Officers & Analysts
  • CIOs, CISOs, ISOs
  • IT Directors
  • HIM Directors
  • Legal Professionals
  • C-Suite Stakeholders

Speaker Bio

David HoltzmanVice President, Compliance Strategies
Considered a subject matter expert in health information privacy policy and compliance issues involving the HIPAA Privacy, Security and Breach Notification Rules, David was a senior advisor at OCR before joining the team at CynergisTek. He also previously served as the privacy & security officer for Kaiser Permanente’s Mid-Atlantic Region.

Read David’s Full Bio

John NyeSenior Director, Cybersecurity Research and Communication
John Nye has spent the majority of the last decade working in Information Security, half that time working exclusively as a professional penetration tester. Besides testing and improving security, John has a passion for educating and informing the public. He accomplishes this by presenting hacking demos regularly at industry conferences and groups as well as writing blog posts for CynergisTek and industry publications.

Nye’s specialties include Wireless, web, and system penetration testing, user education and public speaking, information assurance, security auditing, policy compliance and writing, and security research and analysis. Some of his industry certifications include CISSP, Licensed Penetration Tester (LPT) and Certified Ethical Hacker (CEH).

Read John’s Blog Posts

What Past Attendees are Saying

I appreciate an organization that is willing to share information for free. Those that have little to give keep what little they have close. However when you are willing to share for free, there is more to be had and they are truly at the top of their field.

P. Smith, BridgePoint Hospital Capitol Hill

“Thank you so much for the chance to attend this event. It was a great program, well presented and the appropriate length of time. I look forward to participating again in the future.”

C. Mirza, Supervisor, Clinical Research

Read more about the positive feedback we received from our workshops in 2017.

Read more about the positive feedback we received from our workshops in 2018.