Your computer or mobile device


1 credit
Please send CLE questions to


Ben Goodman, CEO, 4A Security & Compliance, Moderator

Barbara Holland, Regional Manager, HHS Office for Civil Rights

Anahi Santiago, CISO, Christiana Care

This program is also available as part
of your West LegalEdcenter subscription.

1.7 Billion People Downloaded Health Care Apps in 2018. What new risks does this create?

Long gone are the days when health care cyber threats were contained within healthcare providers’ premises, data centers or even in their cloud environments. Modern medical care models have come to rely on mobile medical devices that leave the care facility with the patient in the form of mobile, wearable and implanted medical devices. The dramatic plot lines from movies and TV shows depicting hacking of pacemakers and insulin pumps have become a real threat that medical device manufacturers and security professionals alike cannot afford to ignore. Medical device recalls due to the discovery of cybersecurity vulnerabilities are increasing, and at the same time, risk assessment practices healthcare CISOs are applying to medical devices are becoming more robust.

In addition to threats to patient health and safety, many mobile medical devices and health apps also create, access, store and transmit protected health information, thereby increasing the old risk of data theft exponentially. The scale of this growth is evidenced in an October 2018 FDA publication that noted more than 50% of the 3.4B smartphone and tablet users worldwide are estimated to download mobile health applications in 2018.[1] This increased risk has not gone unnoticed by regulators.

There was some question regarding the direction of HHS Office for Civil Rights’ (OCR) enforcement activity, following the change in administrations, but HIPAA civil monetary settlements have recently reached new highs and HHS OCR continues to play an active role in enforcement of the HIPAA Security Rule.

What you will learn:

1.     How developments in medical care such as mobile, wearable and implantable medical devices have changed the cyber threat landscape.

2.     What are the new, realistic risks to patients and how is the role of the CISO changing to address them?

3.     What does “Protecting the Human” mean in practical terms for cyber security in the healthcare environment?

4.     What are regulators doing to address these changes in the threat landscape?

5.     Civil monetary settlements have grown larger than ever. What are the current trends in HHS OCR enforcement of the HIPAA Security Rule?


Our Speakers

Anahi Santiago, CISO of Christiana Care Health System, one of the largest health care providers in the mid-Atlantic will discuss how her organization addresses the risks associated with “Protecting the Human.”

Barbara Holland, Regional Manager of HHS OCR will discuss OCR’s approach to enforcement as it pertains to mobile device security and health applications, as well as their collaborative approach with other federal agencies. She will also provide an update on HHS OCR’s current approach to HIPAA Security Rule enforcement.

Ben Goodman, CEO of 4A Security & Compliance will moderate the discussion and share insights from his work helping healthcare providers, mobile medical device and health IT developers mitigate cyber risk and stay compliant.