Education event

Cybersecurity: Emerging Threats to Hospitals
Understanding the risks and what you can do to avoid an attack

Register now
June 9, 2016
1:30 – 3:30 p.m., Pacific Time


Cyberattacks are on the rise and hospitals are being targeted. Worldwide, the number of cyberattacks increased 40 percent and, in 2015, criminal attacks became the number one root cause of data breaches in health care.

What can you do to protect your hospital against an attack? What would you do if suddenly your computer systems shut down and patient records were encrypted?

Hear how one California hospital responded to and recovered from a ransomware attack, including the return to paper records. Find out what law enforcement and regulatory agencies were involved in the event and how drilling for a disaster helped the hospital’s response and recovery.

Learn what the FBI and other government agencies are doing to protect the nation — and hospitals in particular — from cyberattacks. Identify critical strategies you can implement now to protect your hospital from cyberattacks, as well as steps to take if you become a victim.

Gather key hospital staff and participate in this informative webinar.

Recommended for:

Chief executive officers, chief operating officers, chief financial officers, chief information officers, chief medical officers, in-house legal counsel, risk managers, compliance officers, emergency preparedness coordinators


Hit by Ransomware: The Hollywood Presbyterian Experience

  • How the event unfolded
  • Impact on the system, patient care and hospital operations — a return to the ‘70s and paper records
  • Regulatory reviews by CDPH, CMS and the California Board of Pharmacy
  • Recovery
  • Lessons learned — the good, the bad and the ugly

Cybersecurity: An Emerging Threat

  • Cybersecurity as a national and FBI priority
  • Why is this happening? Who are the hackers and what are they after?
  • Ransomware – your money or your data

How to Mitigate Risks for Your Hospital

  • What to do to prevent an attack; essentials precautions
  • Vulnerabilities – how do they get into your system?
  • Pre-breach advice

What to Do if You Suspect an Attack

  • Who do you call? The role of the FBI, DOJ, DHS, local law enforcement and other agencies/partnerships
  • What to expect when the FBI arrives
  • Incident handling
  • Post-breach activities

The Link to Emergency Preparedness and Concluding Comments

  • Drilling, and working with staff and key partners
  • Activating the Hospital Incident Command System
  • Business continuity


Steve Giles is the chief information officer for Hollywood Presbyterian Medical Center where he focuses on enhancing the hospital’s information systems to improve patient care delivery and overall business operations. He has more than 30 years of health care information technology experience and has served in a number of executive positions throughout his extensive career. Mr. Giles is a member of several professional associations, including ACHE, HIMSS and HFMA, and often serves as a guest lecturer at the University of Southern California’s Graduate School of Public Health.

Tom Osborne is assistant special agent in charge for the Federal Bureau of Investigation’s (FBI) National Security Branch. In this role, he oversees international and domestic terrorism programs, as well as counterintelligence and cyber programs. A 20-year veteran, Mr. Osborne previously worked with the FBI’s Computer Crimes Squad and the Sacramento Division’s Cyber Crimes Program, and served as Unit Chief of the Counterterrorism Internet Target Unit, where he led a team that managed investigations targeting terrorists’ use of the Internet.

Deron McElroy is the Department of Homeland Security’s (DHS) Cyber Security Advisor for California, Nevada, Arizona, Hawaii and the Pacific Territories, where he is focused on building partnerships to enhance our nation’s cyber resilience. Mr. McElroy helps organizations navigate and access the Critical Infrastructure Cyber Community (C³) Voluntary Program and NIST Cybersecurity Framework. He previously served as Senior Strategist for the DHS Office of Cybersecurity and Communications, leading the creation and development of the nation’s cyber incident response policy, playing a key role in the stand-up of the National Cybersecurity and Communications Integration Center, and participating in information sharing policy development.

CHA Staff
Cheri Hummel, Vice President, Emergency Management & Facilities
Lois Richardson, Esq., Vice President, Privacy & Legal Publications/Education


CEs are complimentary and available for the registrant only. Full participation in the webinar is a prerequisite for receiving professional continuing education (CE) credit. The registrant must complete a post-event evaluation, attest to participation and, when required, provide a professional license number.

Compliance — This program has been approved for 2.4 Compliance Certification Board (CCB) Continuing Education Units. Granting of prior approval in no way constitutes endorsement by CCB of the program content or the program sponsor. (Note: CE recipients are solely responsible for retaining a copy for their records and for reporting credits to CCB)

Health Care Executives — CHA is authorized to award 2.0 hours of pre-approved ACHE Qualified Education  credit (non—ACHE) for this program toward the advancement, or recertification in the American College of Healthcare Executives. Participants in this program wishing to have the continuing education hours applied toward ACHE qualified education credit should indicate their attendance when submitting application to the American College of Healthcare Executives for advancement or recertification.

Health Information — This program has been approved for a total of 2 contact hours of continuing education credit toward fulfillment of the requirements of ASHRM designations of Fellow (FASHRM) and Distinguished Fellow (DFASHRM) and towards Certified Professional in Healthcare Risk Mangement (CPHRM) renewal.


Members $185
Nonmembers $250
Multiple staff can participate from one location for one tuition fee.

Members are CHA member hospitals, CHA associate members and government agencies. Nonmembers are limited to non-hospital health care providers, clinics, post-acute facilities, and consultants, insurance companies, law firms and other entities that serve hospitals. Education programs and publications are a membership benefit and are not available to eligible nonmember California hospitals.

Cancellation Policy/Late Payment: A $50 non-refundable processing fee will be retained for each cancellation. Cancellations must be made in writing seven or more business days prior to the scheduled session and emailed to No refunds will be made after these dates. Substitutions are encouraged. Please note that payment is due on or before the program. Payments not received by the program date may be subject to a 10% late fee. In the unlikely event the program is cancelled, CHA will fully refund paid participants within 30 days.

Special Accommodations or Questions: If you require special accommodations pursuant to the Americans with Disabilities Act, or have other questions, please call (916) 552-7637.


CHA is maintaining a web page to help members remain up-to-date on the latest in cybersecurity news and developments. A number of helpful resources, including the newly-developed Health Care Cybersecurity at a Glance document, are available to assist hospitals with managing an effective cybersecurity program. To learn more, visit