Healthcare's AI agents can now authenticate to EHRs, process claims and make decisions about patient care with more privileges than most employees and fewer controls than any of them. This session, based on the Secure AI Framework (SAIF), delves into agentic AI governance in healthcare, grounded in frontline incident data from Mandiant, emerging HIPAA requirements, and real-world breach analysis, you’ll leave with three actions your team can execute this quarter to get secure.

In healthcare, cybersecurity isn’t just an IT problem—it’s a care delivery risk. This panel brings together security leaders and clinical stakeholders to explore how cyber events translate into patient harm: delayed procedures, diverted ambulances, inaccessible imaging, medication administration disruptions, and downtime-driven errors. Panelists will discuss how to integrate cyber risk into existing patient safety and quality frameworks, align priorities across clinical/biomed/IT, and build governance that treats resilience as a clinical mission—without drowning staff in security friction.

Connected medical devices expand attack surfaces through aging operating systems, hard-to-patch endpoints, vendor remote access, and unpredictable network behavior. This panel focuses on pragmatic IoMT security: building accurate device inventories, understanding device risk, applying compensating controls (segmentation, allowlisting, monitoring), and managing vendor relationships without interrupting care. Panelists will share what works in the real world—especially in environments where patching is slow, devices are life-critical, and clinical uptime is non-negotiable.

In healthcare, CISOs must demonstrate resilience beyond compliance. Iain Paterson explains how WELL Health moved from point-in-time pentesting to continuous validation aligned to real-world threats. He will share the gaps this approach closed, how it improved risk visibility, and the lessons learned during implementation. Designed for security leaders modernizing offensive security without disrupting care delivery.

Healthcare ransomware response is uniquely complex: downtime can endanger patients, data theft triggers regulatory exposure, and recovery must restore clinical systems in a safe order. This panel dives into readiness strategies that work during real disruptions—incident command structures, clinical downtime procedures, network containment, identity recovery, and restoration sequencing that prioritizes care delivery. Panelists will discuss how to test plans realistically, reduce recovery time, and make tough decisions fast while balancing patient safety, operations, communications, and compliance.

Healthcare now runs on digital trust. When systems fail, care is disrupted, outcomes change, and cybersecurity incidents become clinical events. In 2026, patient safety is directly tied to cyber resilience.

This keynote examines how ransomware, legacy infrastructure, supply chain exposure, and insecure connected devices translate into bedside impact. Drawing on recent healthcare disruptions and evolving regulatory mandates, it reframes cybersecurity as a core component of quality management and product safety.

As hospitals scale toward millions of connected and AI-enabled devices, the risk surface expands. Agentic AI will only be as trustworthy as the infrastructure it inherits. The path forward requires secure-by-design development, visibility into device ecosystems, blast-radius containment, workforce resilience, and tight integration between clinical and cyber leadership.

Trusted autonomy is not about adding intelligence. It is about governing it safely, so innovation strengthens care rather than putting it at risk.