Live, interactive cybersecurity training available through SANS Live Online. View upcoming events.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

SANS Webinar: Cleveland Clinic Best Practices On Securing Unmanaged and IoT Devices

  • Tuesday, May 12, 2020 at 1:00 PM EDT (2020-05-12 17:00:00 UTC)
  • Kevin Tambascio, Jason Sinchak, Russell Rice


  • Ordr

You can now attend the webcast using your mobile device!



Digital Transformation in Healthcare is improving our ability to deliver care to our patients.

The average hospital room has 10-15 connected medical devices delivering care to a patient. The Hospitals industrial control systems (ICS) ensure that electricity, water, and air quality meet the needs of our patients and caregivers. Other IoT devices, such as Smart TVs, security cameras, parking systems, and badge readers, further bring comfort and safety to our patients during their stay.

As the number of connected, unmanaged devices explode, threat actors targeting medical devices and industrial control systems have the potential to undermine the implicit trust that patients and caregivers have in the ability for these devices to operate safely.†Healthcare delivery organizations need visibility in order to identify and manage the cybersecurity risks throughout the lifecycle of that device. The COVID-19 surge of devices being rapidly procured and deployed elevates the importance of automating this process.†The whole hospital philosophy of securing this universe of devices needs to be considered because the health, security and usage of non-medical devices can also impact patient care.

In this webinar, hear from speakers Kevin Tambascio, Cybersecurity Manager for Medical Devices/Operational Technology at Cleveland Clinic, Jason Sinchak, Principal, Level Nine Group and Russell Rice, VP Product Strategy, Ordr. Jason and Russell will provide an overview of connected device risks, COVID-19 impacts, and the challenge of securing unmanaged and IoT devices. Kevin will then dive into the best practices and framework at Cleveland Clinic for securing devices throughout their entire operational lifecycle.†

Register for this webinar to learn:

  • †††Challenges of securing unmanaged and IoT devices
  • †††Changes as a result of COVID-19
  • †††Shared responsibility model between vendors and healthcare organizations
  • †††Cleveland Clinic lifecycle approach and best practices†

Speaker Bios

Kevin Tambascio

Kevin Tambascio is Manager, Cybersecurity Medical Devices/Operational Technology at Cleveland Clinic. He leads the organizationís efforts to put patients first by managing cybersecurity risks in devices employed in all Cleveland Clinic heath care delivery facilities.

Previous to joining Cleveland Clinic, Kevin had eight years of experience in key cybersecurity roles at Rockwell Automation, an industrial controls systems vendor, and Keyfactor, a Public Key Infrastructure (PKI) firm. Prior to joining the cybersecurity industry, Kevin spent over ten years as a software engineer and architect at Rockwell Automation where he built products used today in critical infrastructure and manufacturing around the world.

He earned a bachelor of science degree in computer engineering from Case Western Reserve University in 2000.

Jason Sinchak

Jason leads the Cybersecurity Testing and Threat Management practice for Level Nine. Founded in 2007, Level Nine is an exclusive cybersecurity firm with a reputation for elite cybersecurity resources, discrete engagements, and a focus on healthcare security.

Level Nineís Cybersecurity Testing practice, specializing in product security,†has executed hundreds of penetration assessments for several leading medical device manufacturers. Jason has cultivated a team with specialized knowledge in adapting traditional penetration testing for medical devices and complex embedded systems. The team possesses over 50 years of combined experience and has disclosed numerous zero-day vulnerabilities in prominent solutions. Level Nine helps organizations to address a range of medical device cybersecurity concerns, including vulnerability management, secure development, and regulatory approvals. Working with both manufacturers and providers, Jason has been able to share insight and facilitate knowledge sharing that has improved industry standards and forged long-term partnerships between engineers and caregivers.

Russell Rice

Russell Rice brings over 20 years of experience in the network security industry and is currently VP Product Strategy at Ordr. Russell has held senior leadership roles in product management, technical marketing, and engineering in startups and established companies spanning Cisco, Skyport Systems, Global Internet, and Dow Jones. At Cisco, Russell was the executive business leader for network access control (NAC, including the Identity Service Engine / ISE). Russell is an accomplished speaker and his teams were responsible for the Cisco SAFE network security guidelines. He graduated from UC Berkeley with a bachelorís degree in computer science.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.