SANS Online Training Special: Get an iPad Mini, Chromebook Flip, or $250 Off until 10/30! 


To attend this webcast, login to your SANS Account or create your Account.

SANS 2nd Survey on the State of Information Security in Health Care Institutions: Part 1

Part 1: Survey Results and Mobile Health Concerns and Controls

  • Tuesday, December 9th, 2014 at 1:00 PM EST (18:00:00 UTC)
  • Barbara Filkins, Paul Crutchfield, Elias Manousos, Rajiv Raghunarayan, JD Sherry
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.


  • Cigital, Inc.
  • CloudPassage
  • FireEye
  • Qualys
  • RiskIQ
  • Tenable
  • Trend Micro Inc.

You can now attend the webcast using your mobile device!


In October 2013, the inaugural health care survey uncovered that IT security personnel believe their security programs are primarily driven by compliance and that compliance isn't working. Compared to other industries, health care was far behind the security curve at that time. With another year of experience and vulnerability, have health care IT security staff made the needed improvements in their programs?

This webcast is presented in two parts. Be sure to register and attend both parts of this webcast to be eligible for a $50 American Express gift card awarded LIVE during the Part 2 webcast on Thursday, December 11 at 1:00 PM Eastern, which will focus on cloud computing concerns and controls!

Part 1 of the webcast provides an overview of whether the SANS community believes that the industry has advanced in making needed improvements and, if so, how they have been made. Then we take a deeper dive into mHealth. Mobile has grown up. It's not just about access to sensitive data stored on a system in a data center. Consumer apps on smartphones, wearables, tablets as physician care extenders, and the Internet of Things are all driving the health care industry to address new concerns and seek new controls around identity management, data governance, and the old-fashioned tenants of security: confidentiality, availability, and integrity.

Join us as our speaker, Barbara Filkins, SANS Analyst and health care expert, compares and contrasts the impact of mobile health on the more traditional concerns around healthcare security.

View the associated whitepaper.

Click here for Part II: Cloud computing controls

Speaker Bios

Barbara Filkins

Barb Filkins, a senior SANS analyst who holds the CISSP and SANS GSEC (Gold) and GCH (Gold) certifications, has done extensive work in system procurement, vendor selection and vendor negotiations as a systems engineering and infrastructure design consultant. Most recently she's been involved with HIPAA security issues in the health and human services industry with clients ranging from federal agencies (DoD and VA), municipalities and commercial businesses, focusing on issues related to automation - privacy, identity theft and exposure to fraud, as well as the legal aspects of enforcing information security. Barbara sees security as an interaction of policy, process, platforms, pipes AND people.

Paul Crutchfield

Paul Crutchfield, director of sales engineering, is an infosec professional with over 20 years of experience. At Tenable, he oversees all presales engineering efforts for public and private-sector enterprises. Before joining Tenable, Paul held sales engineering roles with established and early stage security companies, including Symantec, Network ICE, Zone Labs, Sygate Technologies and Skybox Security. His infosec career began in the United States Air Force, where he served in the first operational information warfare combat unit in United States military history. Paul has a BS in computer systems with an internetworking specialty from City University of Seattle and holds the ISC2 CISSP certification.

Elias Manousos

Elias Manousos is CEO of RiskIQ, the software security company that helps detect web and mobile threats that exploit customers and damage enterprise brands. With over 15 years of delivering enterprise security solutions, Elias has helped health care security professionals overcome the new challenges of the mobile app ecosystems that can be used to defraud the public, extract personal identifiable information and monetize false representations of leading brands. Prior to co-founding RiskIQ, Elias was vice president of research and development at Securant Technologies (acquired by RSA) and was instrumental in pioneering the now commonplace technologies providing increased browser security.

Rajiv Raghunarayan

Rajiv is currently director of product marketing at FireEye. In this role, his responsibilities include driving education and enablement on advanced threats and the broader FireEye platform with customers, partners, analysts and the field. He is also responsible for Go-To-Market activities for key FireEye products. Prior to joining FireEye, Rajiv was part of Cisco, Informix, and other organizations in various roles in engineering and product management, and led engagements in Security, WAN Optimization, Application Visibility & Control, and Network Management. Rajiv holds master's degree in science from BITS Pilani, India, and an MBA from the University of California, Berkeley.

JD Sherry

JD Sherry, well-versed in enterprise, data center and cloud architectures, has successfully implemented large-scale public, private and hybrid clouds leveraging the latest in virtualization and security technologies. Over the past decade, he has established himself as a trusted senior advisor and cloud security specialist for the protection of Payment Card Industry (PCI), Health Information Privacy Act (HIPAA), and Personally Identifiable Information (PII) data. JD also has an extensive background in developing and bringing to market mobility platforms and applications, which includes a patent on authentication: System and Method for Authentication Using a Graphical Password. JD speaks globally about the challenges of securing information in today's Internet of Everything.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.