Securing Healthcare Summit

From data loss to care-delivery disruption 

7th July 2026 • Online

Cyber attacks in healthcare are no longer just 'data breaches'. They cause shut-downs and patient harm. What needs to be done?

 

Keeping healthcare safe 

The Conduent data breach, discovered on January 13, 2025, has escalated into one of the largest third-party data incidents In U.S. history, with 25 million affected Individuals. Attackers had unauthorized access to Conduent's systems from October 21, 2024, to January 13, 2025. The ransomware group SafePay (sometimes referred to as Safeway) claimed responsibility, alleging they exfiltrated 8.5 terabytes of data. The breach was traced back to compromised VPN credentials, which allowed hackers to encrypt internal systems. 

Then there is Stryker, one of the world's largest medical technology companies with approximately 56,000 employees, $25.1 billion in revenue for 2025, and products that impact more than 150 mill ion patients annually. Attackers used Microsoft lntune and a compromised ad min account to remotely wipe 200,000 devices. The real-world impact was Immediate, Maryland's emergency medical services reported that Stryker's Ufenet ECG transmission system, which paramedics use to send cardiac data to hospitals ahead of patient arrival,, went offline.

These are just two of a series of really significant healthcare hacks that have occurred or been announced in just the first three months of 2026. Hackers are targeting primary care providers, third-party/ back-office suppliers (like Conduent), managed care providers/claims management companies like Sedgwick - essentially the entire healthcare supply chain. Careaoud, Waterloo Regional Health Centre lntracare, the list goes on. 

So, what are the lessons from tt,e.se attacks and what should healthcare security leaders be focusing on right now? These are just some of the key takeaways: 

  • Stop living off the land: organisations need much better systems for detecting bad actors once they have gained access and more? sophisticated ways to find unusual activity. Also, detection is not enough: detection must trigger policy-mandated actions.
  • Enforce phishing-resistant MFA: Many admin accounts still lack proper Multi-factor Authentication (MFA), providing an easy entry point.
  • MOM/UEM platforms are hacker's biggest prize: unified Endpoint Management {UEM) platforms like lntune have near-total control over endpoints. If compromised, they can be used to wipe machines, distribute fake data, or push malicious configurations at scale.
  • Bulk action controls: implement controls that prevent or flag bulk actions (like wiping 200,000 devices).
  • Dual authorisation: require multi-admin approval for high-risk actions such as device wipes, retirements, or deletions.
  • Third-party risk is just risk: your vendor risk is your risk. 98% of organizations globally have relationships with at least one breached third party. This breach confirms that attackers are actively targeting contractors to reach high-value targets. Organizations must view their security posture as inseparable from that of their vendors.
  • Isolation Is not fool-proof: the incident showed that "isolated" network segments c.an still be compromised, meaning segmentation controls should be regularly tested and verified rather than assumed secure.
  • Data retention policies need review: some breaches included data dating back to 2017-2019, emphasizing that holding outdated, sensitive data for too long increases risk.
  • Contextualize "'low-risk"' findings: minor security findings can, when paired with factors like phishing or, as seen here, unauthorized access to a specific module, tum into critical breaches.
  • Encryption at rest and in transit is Insufficient: attackers are targeting data while it is in a "clear" state-being actively processed­ meaning organizations must protect data during use.
  • Implement Zero Trust: the incident reinforces the need for a "Zero Trust" approach, where no entity inside or outside the network is trusted and continuous verification is required.
  • Prioritize resilience over trust: In a 2026 landscape where breaches are common, firms must shift from hoping for stability to designing for failure.
  • Compliance Is not enough: the healthcare sector is a prime target for breaches because it handles high-value data. Organizations must move beyond mere compliance to proactive security strategies.

It's a long list, and it doesn't even Include IT/OT., At-enabled offence/defence,, or the need to reduce security complexity and the need to create real visibility across the whole security technology stack to be able to detect and stop modem attacks that use legitimate credentials and standard network tools.

That's why we a.re running the e-Crime & Cybersecurity Healthcare Summit, To give you a chance to hear your peers Jn the Industry talk about what they are doing now to improve their security posture, and what worries them most about the current threatscape.

Join us with your perspectives and help us make the healthcare sector a safer place for employees and patients.

The e-Crime & Cybersecurity Healthcare Summit will take place online and will look at how cybersecurity teams are tackling the latest challenges .
Join our real-life case studies and in-depth technical sessions and help make manufacturing secure.

 

 

The themes of this summit are:

Achieving visibility across ecosystems 
From exposed initial access points such as warehouse management systems to complex machine control software, simply understanding your device and application landscape is a huge challenge. Can you help with asset tracking and endpoint visibility? And what about anomaly detection after that? 

Data integrity a critical priority 
In Al-powered retail, corrupted data equals corrupted decisions. Pricing engines, demand forecasts and recommendation systems are only as trustworthy as their inputs. CISOs must prioritise data lineage tracking, tamper detection, pipeline validation and cryptographic integrity controls across analytics and Al workflows.

Defending against the latest ransomware variants 
Ransomware is effective precisely because it can exploit whatever weaknesses exist in your security architecture and processes. The threat and the actors are constantly evolving and that evolution is forcing the hands of government and causing havoc in the insurance market. What can CISOs do to better defend against ransomware? 

Securing Agentic Al 
Agentic systems don't just generate content - they act. CISOs must address model manipulation, prompt injection, data poisoning, tool-chain abuse and privilege escalation within Al agents executing transactions. Governance must extend beyond ML pipelines into runtime controls, behavioural monitoring and kill-switch design.

Why zero trust, isolation and segmentation are key 
Retail ecosystems now include logistics APls, fintech integrations, marketplace sellers, social-commerce platforms and Saas pricing engines. Each connection expands attack surface. Continuous third-party risk scoring, API security testing, software bill of materials (SBOM) validation and zero-trust segmentation become foundational, not optional. 

From Analysts to Al Supervisors 
Retail security teams cannot scale headcount at the pace of digital transformation. The future SOC blends automation engineers, detection scientists and Al risk specialists. Peer collaboration, shared intelligence and trusted industry forums become force multipliers in defending fast-moving retail environments. 

Making the best use of threat intelligence 
In a preemptive security model, timing is everything - success depends on detecting and neutralizing threats before they become active incidents. To do this, security operations can't just rely on internal telemetry (e.g., endpoint or network logs). They need external, real-time context about emerging threats - where do they get it? 

Security Posture Management 
Traditional vulnerability scanners don't handle cloud native architectures well. Today's cloud environments spin up thousands 
of ephemeral assets without a traditional OS, without an IP address for long. So how do you adapt to that dynamic, APl-driven reality? How can traditional tools connect the dots - not just generate tickets? 

Improving continuous attack surface discovery 
You need to know what attackers can see and what they can actually attack -and you need it on a continuous basis, not in some static inventory. Ideally you also need assets ranked by risk priority and put into the current threat and vulnerability context. Is this feasible and is it cost effective? 

The power of automation 
There's too much manual intervention in security. SOAR pulls data from SIEMs, EDRs, firewalls, cloud APls, ticketing systems threat intelligence feeds, and even email servers and coordinates actions across tools via APls and prebuilt integrations and intelligent playbooks. Well, that's the theory. How does it work in the real world? 

Adversary simulation and behavioural analysis 
Automated adversary simulation identifies telemetry blind spots. They provide prioritized remediation guidance and control effectiveness metrics. They track progress trends and validate security ROls as well as providing board and audit reporting. 
How well do they work in practice? 

Dealing with regulations 
CISOs now must build a single coherent security program that simultaneously satisfies divergent regulatory demands; they must interpret vague legal standards into technical architectures, and they risk non-compliance if auditors, regulators, or courts interpret differently later; they face unrealistic expectations around incident reporting; and they face personal liability. Can RegTech help? 

View details of the previous event

Who attends

Job titles

Senior Information Security Manager EMEA, WEC
Senior Manager Information Security & Governance
Head of Information & Cyber Security
IT Technology Assistant
Senior InfoSec Analyst
Head of IT Strategy & Architecture
CTO
Digital Health Security Lead
Head of Information Security
Deputy Head of Information Governance and Security / Primary Care DPO
Head of Privacy/Data Protection Officer
Information Security Lead
Cyber Security Assurance Lead
Manager Information Security
Information Security Manager
Information Governance & IT Security Officer
Global Head of Information Security
Head of Information Security
Digital Service Manager (Cyber Security)
Security Analyst
DHCT Project Manager
Cyber Security Manager
CISO
Group Head of Information Security & Business Continuity
Cyber Risk Assistant
Senior Risk Engineer
Cyber Security Manager
IT Security Manager
Group Information Governance Lead
EMEA ECS Manager
Head of Information Governance
Information Governance Officer
Information Security (GRC) Analyst
Cyber Security Analyst
Information Security Analyst
Security Manager
Business Security Technical Consultant
Principal Lead - Digital Operations
IT Security Architect | Head of IT Security
Cyber Security Manager
IT Advisor
Virtual CISO
Chief Information Officer
Medical Device Cyber Security
Senior Information Governance and Security Manager
Cyber and Information Security Analyst
Infrastructure Engineer (Security)
Project Support Officer
IT Infrastructure Engineer
IG Manager and DPO
Senior Manager - IT Risk and Compliance
Information Governance Advisor
IG & IT Security Manager
IT Security and Governance
Board Lead for Cyber
Head of Information Security
Cyber Security Engineer
Information Security and Governance Officer
Information Governance Administrator
Information Security Manager
Information Governance and Information Security Manager
Infrastructure Associate and DPO
Head of Information Security
Cyber Threat and Vulnerability Management Lead
Head of Group IT Security
Data Protection Officer
Cyber Security Analyst
Assistant Director of Cyber & Information Security
Head of Security and Infrastructure
Information Security Compliance Lead
IT Risk & Compliance Manager
Cloud Security
System Engineer
Information Security Manager
Compliance Manager
Information Security Senior Specialist
Senior Solutions Architect
Cyber Security Analyst
European Data Protection Manager
Cyber Security Architect
Senior IT Specialist - Cyber Resilience
IT Security Manager
Senior Fraud Prevention Officer
Compliance Officer

Companies

AbbVie
Mubadala Health
The London Clinic
University of Bristol
Nuffield Health
The London Clinic
Sk:n
Roche Diagnostics
Cognassist
NHS Fife
University Hospitals of Leicester NHS Trust
NHS Counter Fraud Authority (NHSCFA)
Ramsay Health Care UK
Optum
Healios
NHS Highland
Mawdsleys
Nuffield Health
NHS Lanarkshire
EMIS Group plc
University College London Hospitals NHS Foundation Trust
South London and Maudsley NHS Foundation Trust
British Medical Association (BMA)
Lifeways
NHS Somerset
Chubb
NHS Fife
Newmedica
Nuffield Health
Abbott
NHS Forth Valley
Sciensus
Ultromics
Gloucestershire Hospitals NHS Foundation Trust
Laya Healthcare
Esadore International
AXA PPP Healthcare
NHS Education for Scotland
West Midlands Ambulance Service NHS Trust
NHS Borders
Royal Brompton & Harefield NHS Foundation Trust
Mental Health Innovations
The London Clinic
University College London Hospitals NHS Foundation Trust
Sciensus
NHS Forthvalley
NHS Lanarkshire
NHS National Services Scotland (NHS NSS)
NHS Lanarkshire
North East Ambulance Service
Alliance Healthcare
Sciensus
NHS Highland
Connected Health Group Limited
NHS England
Medica Group Plc
Black Country Healthcare NHS Foundation Trust
CMR Surgical
Healios
Cygnet Health Care
Gateshead Health NHS Foundation Trust
Medicom Healthcare
Ultromics
Healthscope
Priory Group
UK Covid-19 Inquiry
Scrivens Opticians & Hearing Care
Great Ormond Street Hospital for Children NHS Foundation Trust
Zava
Ramsay Health Care UK
Priory Group
3M
Alliance Healthcare
NHS Education for Scotland
Order Line Limited
NHS Education for Scotland
The Francis Crick Institute
Sussex Community NHS Foundation Trust
Cook Medical Europe
Bupa Global
Digital Health and Care Wales
A.S. Watson Group
NHS Counter Fraud Authority (NHSCFA)
Sciensus

Employee size

10,000+
100-499
10,000+
5000-9999
100-499
10,000+
10,000+
5000-9999
1000-1999
100-499
5000-9999
100-499
500-999
3000-4999
500-999
1000-1999
100-499
10,000+
100-499
3000-4999
10,000+
1000-1999
2000-2999
100-499
2000-2999
100-499
3000-4999
10,000+
1000-1999
3000-4999
100-499
5000-9999
100-499
100-499
500-999
100-499
5000-9999
3000-4999
100-499
100-499
5000-9999
10,000+
1-99
500-999
2000-2999
100-499
1000-1999
10,000+
10,000+
10,000+
500-999
1-99
500-999
1000-1999
3000-4999
10,000+
2000-2999
500-999
10,000+
100-499
1000-1999