80 Armistice Dr, Toronto, ON
Full-Day Executive Summit
Healthcare Cyber Leaders
Full-Day Summit
Past Sponsors
Healthcare Org Partners
Speakers
The Healthcare Security & Risk Summit (HSRS) 2026 is a curated, executive-level forum co-hosted by Sunnybrook Health Sciences Centre, one of Canada’s most distinguished academic health institutions, a fully affiliated teaching hospital of the University of Toronto and home to the country’s largest trauma centre, and NKST, a trusted cybersecurity research and collaboration organization.
HSRS is a focused, high-signal environment where strategic security conversations translate into real partnerships and measurable outcomes. Attendees are the leaders accountable for the resilience of EHR systems, medical IoT environments, clinical infrastructure, AI-enabled diagnostics, and patient data platforms.
Together, Sunnybrook and NKST bridge frontline healthcare operations with cybersecurity strategy, ensuring that the systems supporting patient care remain resilient, secure, and uninterrupted in the face of evolving threats.
Healthcare has entered an era where cyber incidents are not hypothetical, they are inevitable. HSRS 2026 focuses on building operational resilience across the entire healthcare ecosystem.
A full day of high-impact programming, structured for senior leaders and practitioners who need real answers, not generic sessions.
Step into the war room of a fictional hospital ransomware scenario. What begins as a routine day quickly escalates into a full-scale cyber incident impacting identity systems, operational technology, and healthcare that communities depend on.
Participants will be guided through unfolding events, forced to make decisions in real time, and challenged to respond as the situation evolves. The objective is not to “win,” but to uncover blind spots that exist in even the most mature security programs.
This is a simulation. No systems are accessed. No real-world environments are touched. The learning, however, is very real.
Sponsors: Arancia & Semperis
Facilitators:
Dan Ohlemeier, Principal Solutions Architect, Semperis
Josh Leclerc, Director of Cyber Strategy, Architecture & Solutions, Arancia
Breakfast and registration.
Master of Ceremonies:
Penny Longman, CEO, NKST
Ter Govang, Integrated Security Lead, Eastern Canada, PBX Engineering Ltd.
Speaker:
Rob Lee, Vice President Digital Health and Chief Information Officer, Sunnybrook
Speaker:
Natalia Kusendova-Bashta, Minister of Long-Term Care, Ontario
Healthcare organizations face an escalating cybersecurity crisis where Operational Technologies are prime targets. In a Healthcare Delivery Organization, OT devices manage the physical environment. Attacks on these systems often evade standard IT defenses, disrupting operations and directly impacting patient care.
Join us for a practical breakdown of the challenges HDOs face in securing OT. We will move beyond the theoretical to provide a concrete roadmap of five actionable steps to reduce risk and improve resilience.
Sponsor: Claroty
Speaker:
Randy Guerette, Solution Engineer, Claroty
Sponsor: Heidi Health
Adversarial use of large-scale AI models is materially changing the threat landscape facing healthcare organizations by accelerating reconnaissance, enabling targeted social engineering at scale, and lowering the barrier for sophisticated intrusion campaigns against clinical infrastructure.
This session brings together CISOs from healthcare organizations to examine the implications of AI-augmented threat actors and discuss adjustments required to address an asymmetric and rapidly evolving threat class.
Moderator: Josh Leclerc, Arancia
Panelists:
Amer Khan, Chief Information Security Officer, Salvation Army
Lia Sana, Director, Information Security, Fraser Health Authority
Patrick Harkins, Chief Technology and Security Officer, Mackenzie Health
This session examines how Ontario healthcare organizations are building on Zero Trust foundations to architect systems that remain resilient under active attack, maintain continuity of critical patient care services through disruption, and recover with the speed and integrity that clinical environments demand.
Sponsors: CrowdStrike & Netskope
Moderator: Carlos Akhilele, Sales Engineering Manager, CrowdStrike
Panelists:
Kajeevan Rajanayagam, Cyber Security Director, University Health Network
David Cooper, Solutions Engineer, Netskope
Ali Desheshi, BC Public Sector
Sponsor: Darktrace
Artificial intelligence hasn't rewritten the attacker's playbook; it has accelerated it. The kill chain remains familiar, but every phase is now faster, cheaper, and more accessible to less-experienced operators. This session walks through a complete red team engagement and examines exactly where AI changes the economics of the attack.
We'll cover identity-based attacks and how AI streamlines the supporting infrastructure; external reconnaissance, where AI's real value is orchestration and triage at scale rather than novel discovery; and social engineering, where fluent, tailored pretexts have quietly retired old detection heuristics. Moving internal, we'll look at AI as an OPSEC and tradecraft advisor that augments operator judgment during privilege escalation, lateral movement, and persistence.
Crucially, the session closes on the other side of the coin: the privacy and data-governance risks of feeding sensitive engagement data into AI systems, and practical mitigations, including redaction, human-in-the-loop controls, and local models. Attendees will leave understanding not just how adversaries are weaponizing AI, but how the same capabilities strengthen defense.
Sponsor: Arancia
Speaker:
Diego Marques, Director of Offensive Security, Arancia
Sponsor: Fortinet
Speaker:
Rafi Wanounou, Vice President and CTO, Fortinet
Ontario's Strengthening Cyber Security and Building Trust in the Public Sector Act, Bill 194, establishes binding obligations for designated public sector entities, including healthcare organizations, with significant implications for how third-party vendor relationships are governed, contracted, and monitored.
This session brings together legal practitioners to examine the compliance frameworks, liability exposure, and disclosure obligations that counsel and healthcare leaders must navigate as regulatory enforcement begins to take shape.
Moderator: Sharon Bauer, Founder, Bamboo Data Consulting
Panelists:
Brent Arnold, Partner, Breach Coach, INQ Law
Victoria Ghandour, Director, Cybersecurity, Privacy and Health Information Management, William Osler Health System
Afternoon networking break.
Moderator: Raheel Qureshi, Chief Strategy Officer & COO, NKST
A focused discussion on fostering collaboration and knowledge sharing within the long-term care sector, similar to how LDGs operate for primary care institutions.
Moderator: Penny Longman, CEO, NKST
Panelists:
Mark Watmough, Executive Director, IT & Cyber Security, CarePartners
Supriya Gade, Vice President, Quality and Safety, SPRINT Senior Care
Closing remarks.
Decision-Makers
HSRS 2026 convenes the cross-functional leaders and practitioners driving security, risk, and innovation across Canada’s healthcare landscape.
Nestled just minutes from Toronto’s downtown core, the historic Vaughan Estate of Sunnybrook, built in 1931, stands as a stunning architectural landmark that seamlessly blends old-world elegance with a sophisticated event setting.
As an institution that has shaped healthcare in Canada for decades, Sunnybrook’s Vaughan Estate provides a fitting backdrop for Canada’s premier healthcare security summit: a place where history meets urgency, and where the conversations held within its walls carry genuine consequence for patient care.
Address: 80 Armistice Dr, Toronto, ON M4N 3M5
Google Map Directions Here
So must we.
