Don't Miss Out on the Best Specials of the Year Available Now - Top Training, Top Instruction!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

SANS 2nd Survey on the State of Information Security in Health Care Institutions: Part 1

Part 1: Survey Results and Mobile Health Concerns and Controls

  • Tuesday, December 09, 2014 at 1:00 PM EST (2014-12-09 18:00:00 UTC)
  • Barbara Filkins, Paul Crutchfield, Elias Manousos, Rajiv Raghunarayan, JD Sherry


  • Cigital, Inc.
  • CloudPassage
  • FireEye
  • Qualys
  • RiskIQ
  • Tenable
  • Trend Micro Inc.

You can now attend the webcast using your mobile device!



In October 2013, the inaugural health care survey uncovered that IT security personnel believe their security programs are primarily driven by compliance and that compliance isn't working. Compared to other industries, health care was far behind the security curve at that time. With another year of experience and vulnerability, have health care IT security staff made the needed improvements in their programs?

This webcast is presented in two parts. Be sure to register and attend both parts of this webcast to be eligible for a $50 American Express gift card awarded LIVE during the Part 2 webcast on Thursday, December 11 at 1:00 PM Eastern, which will focus on cloud computing concerns and controls!

Part 1 of the webcast provides an overview of whether the SANS community believes that the industry has advanced in making needed improvements and, if so, how they have been made. Then we take a deeper dive into mHealth. Mobile has grown up. It's not just about access to sensitive data stored on a system in a data center. Consumer apps on smartphones, wearables, tablets as physician care extenders, and the Internet of Things are all driving the health care industry to address new concerns and seek new controls around identity management, data governance, and the old-fashioned tenants of security: confidentiality, availability, and integrity.

Join us as our speaker, Barbara Filkins, SANS Analyst and health care expert, compares and contrasts the impact of mobile health on the more traditional concerns around healthcare security.

View the associated whitepaper.

Click here for Part II: Cloud computing controls

Speaker Bios

Barbara Filkins

Barb Filkins, a senior SANS analyst who holds the CISSP and SANS GSEC (Gold) and GCH (Gold) certifications, has done extensive work in system procurement, vendor selection and vendor negotiations as a systems engineering and infrastructure design consultant. Most recently she's been involved with HIPAA security issues in the health and human services industry with clients ranging from federal agencies (DoD and VA), municipalities and commercial businesses, focusing on issues related to automation - privacy, identity theft and exposure to fraud, as well as the legal aspects of enforcing information security. Barbara sees security as an interaction of policy, process, platforms, pipes AND people.

Paul Crutchfield

Paul Crutchfield, director of sales engineering, is an infosec professional with over 20 years of experience. At Tenable, he oversees all presales engineering efforts for public and private-sector enterprises. Before joining Tenable, Paul held sales engineering roles with established and early stage security companies, including Symantec, Network ICE, Zone Labs, Sygate Technologies and Skybox Security. His infosec career began in the United States Air Force, where he served in the first operational information warfare combat unit in United States military history. Paul has a BS in computer systems with an internetworking specialty from City University of Seattle and holds the ISC2 CISSP certification.

Elias Manousos

Elias Manousos is CEO of RiskIQ, the software security company that helps detect web and mobile threats that exploit customers and damage enterprise brands. With over 15 years of delivering enterprise security solutions, Elias has helped health care security professionals overcome the new challenges of the mobile app ecosystems that can be used to defraud the public, extract personal identifiable information and monetize false representations of leading brands. Prior to co-founding RiskIQ, Elias was vice president of research and development at Securant Technologies (acquired by RSA) and was instrumental in pioneering the now commonplace technologies providing increased browser security.

Rajiv Raghunarayan

Rajiv serves as the Senior Vice President of Products and Marketing at Cyberinc and heads the product management, marketing and strategic alliances functions. Rajiv has more than two decades of experience in technology and marketing leadership positions at companies such as SentinelOne, FireEye and Cisco. His past experience includes areas of network security, email security, endpoint security, network management and WAN optimization. He holds a master's degree in software systems from Birla Institute of Technology, Pilani, and an MBA from UC Berkeley's Haas School of Business.

JD Sherry

JD Sherry, well-versed in enterprise, data center and cloud architectures, has successfully implemented large-scale public, private and hybrid clouds leveraging the latest in virtualization and security technologies. Over the past decade, he has established himself as a trusted senior advisor and cloud security specialist for the protection of Payment Card Industry (PCI), Health Information Privacy Act (HIPAA), and Personally Identifiable Information (PII) data. JD also has an extensive background in developing and bringing to market mobility platforms and applications, which includes a patent on authentication: System and Method for Authentication Using a Graphical Password. JD speaks globally about the challenges of securing information in today's Internet of Everything.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.