54 hospital and health system CISOs and CPOs to know | 2024

Cybersecurity is top of mind for most healthcare organizations, thanks to a growing number of data breaches and cyber threats. 

Hospitals and health systems nationwide look to their CISOs and CPOs to build robust cybersecurity strategies, implement novel technologies, recruit top-tier IT teams, and safeguard private data. As the cybersecurity landscape continues to evolve, these leaders deftly adapt to ensure the protection of sensitive information.

Note: Becker's Healthcare developed this list based on nominations and editorial research. This list is not exhaustive, nor is it an endorsement of included leaders, organizations or associated healthcare providers. Leaders cannot pay for inclusion on this list. Leaders are presented in alphabetical order. We extend a special thank you to Rhoda Weiss for her contributions to this list.

Contact Anna Falvey at afalvey@beckershealthcare.com with questions or comments.


Mauricio Angée, DBA. CISO for University of Miami Health. Dr. Angée, the chief information security officer for the University of Miami, is instrumental in protecting the academic medical institution's sensitive data, including health information and research data. He has developed and implemented a comprehensive information security strategy to ensure compliance with regulations such as HIPAA, strengthen the university’s cybersecurity posture and manage security technologies. Dr. Angée leads incident response efforts and fosters a culture of security across the institution, including UHealth, safeguarding intellectual property and research data. With over 30 years of experience in various sectors, including healthcare and financial services, Dr. Angée is recognized for his technical expertise, strategic vision, and leadership in cybersecurity. 

Jennings Aske. Senior Vice President and CISO of NewYork-Presbyterian (New York City). Mr. Aske joined NewYork-Presbyterian in 2015 and now leads the health system's information security efforts, business continuity programs and the medical staff office. Prior to joining the system, he was vice president of information security and CISO for Nuance Communications, a computer software technology corporation based in Burlington, Mass. He has also held CISO roles at UMass Memorial Medical Center in Worcester, the Boston-based Commonwealth of Massachusetts' Executive Office of Health and Human Services, and Partners HealthCare in Boston.

Connie Barrera. Corporate Director and CISO of Jackson Health System (Miami). Ms. Barrera joined Jackson Health in February 2014 as director of information assurance and CISO and was promoted to corporate director and CISO in May 2017. Her responsibilities include developing policy and standards related to privacy as well as ensuring the integrity and availability of IT services. She has previous experience at the University of Miami, where she served in management and executive roles for seven years.

Miroslav Belote. CISO of Valley Health System (Ridgewood, N.J.). Mr. Belote became director and CISO of Valley Health System in March 2019 after spending 22 years of his career at JFK Health System in Edison, N.J., most recently serving as the director of information systems infrastructure. He has experience in infrastructure design, information security, telecommunications and data center operations. Mr. Belote has also built high-performing teams and been responsible for major IT initiatives. Prior to joining JFK, he spent 10 years with Dreyfus Service Corp.

Patrice Bordron. Vice President of Cyber Security Risk Management and CISO for Community Health Systems (Franklin, Tenn.). Mr. Bordron joined Community Health Systems in 2021, bringing more than a decade of experience in IT security, data privacy, compliance and continuity management. In addition to overseeing all aspects of the company’s information security risk management program, he is also serving as interim vice president of information technology. He has designed and deployed critical cybersecurity controls for a multi-year enterprise resource planning system consolidation and migration program, resulting in well-rationalized roles and entitlements, security, and enforcement of segregation of duties. He has enabled secure generative AI capabilities in collaboration with the clinical operations team and Google Cloud to enhance care delivery. He also recently participated as a provider representative in a White House invitation-only discussion on cybersecurity challenges and opportunities facing the healthcare industry. 

James Bowie. Vice President of Cybersecurity and CISO for Tampa (Fla.) General Hospital. Mr. Bowie, vice president of cybersecurity and chief information security officer at Tampa General Hospital, leads key divisions including cyber operations, governance risk and compliance, identity protection and access management. He is responsible for safeguarding the hospital's digital assets across on-campus and cloud environments, overseeing more than 18,000 users and 70,000 endpoints. Mr. Bowie has successfully restructured and modernized Tampa General’s cybersecurity program, implementing a robust digital defense system and crisis containment plan to protect patient information and critical infrastructure. His leadership extends to chairing the cybersecurity council, where he manages the development and enforcement of security policies and procedures. Regularly collaborating with other members of senior leadership, Mr. Bowie’s strategic vision ensures Tampa General remains resilient against evolving cyber threats.

Brad Carvellas. Vice President of Cybersecurity and CISO of The Guthrie Clinic (Sayre, Pa.). As CISO, Mr. Carvellas leads the information security and risk management program at The Guthrie Clinic. He has successfully implemented various programs and controls, including a quantified cyber risk management program, an advanced cybersecurity operations center, and improved incident response capabilities. Additionally, Mr. Carvellas effectively built a third-party cyber risk management program to support digital health and cloud initiatives. Previously, he was director of information security and risk management at Highmark Health.

James Case. Vice President and CISO for Baptist Health (Jacksonville, Fla.). Mr. Case serves as vice president and chief information security officer for Baptist Health, overseeing the organization's information security operations, including incident response, vulnerability management and risk assessments. With nearly 30 years of IT experience, primarily in healthcare, he leads efforts to protect sensitive electronic information and ensure that Baptist Health's digital ecosystem remains secure and compliant. Since taking on his current role in December 2021, he has implemented a comprehensive cybersecurity program aligned with the health system's business and clinical objectives. He is also actively involved in IT strategy planning and has led initiatives like a full-scale cyberattack rehearsal to prepare the organization for potential threats. He currently serves on the board of directors for the Association for Executives in Healthcare Information Security and the Jacksonville/Northeast Florida chapter of the Information Systems Security Association.

Brian Cayer. CISO of Keck Medicine of USC (Los Angeles). Mr. Cayer took on the role of CISO for Keck Medicine of USC in July 2023. He brings expertise in cybersecurity strategy, security architecture, vulnerability management, security operations and governance to his role. Prior to assuming his current position, he served as CISO for Burlington, Mass.-based Tufts Medicine, where he helped to transform their cybersecurity program through the creation of a centralized model. During his time at Tufts Medicine, he helped lead the system's migration to Epic, making it the first healthcare system to host Epic on Amazon Web Services.

Dave Christiano. Chief Technology Officer and CISO of Middlesex Health (Middletown, Conn.). Stepping into the CISO role in 2014, Mr. Christiano has been a digital healthcare leader for over a decade. He became director of IT infrastructure and St. Raphael integration CIO for Yale New Haven (Conn.) Health System in 2004 and served in that position for nine years before becoming the director of IT for Norwalk (Conn.) Hospital. He also has experience as the chairman of the technology leadership group at the Connecticut Hospital Association.

Monte Coulter. CISO at OU Health (Oklahoma City). Mr. Coulter has enhanced cybersecurity through improved processes and streamlined operations using security and National Institute of Standards and Technology framework best practices. He leads a high-performing cybersecurity team that helps to optimize operations, resulting in cost savings and improved cyber resilience. Mr. Coulter has over 25 years of experience in information technology and more than 17 years in information security. He held senior roles at Caris Life Sciences, where he established the information security program, and at GAF Materials, where he built a multinational security program focusing on privacy regulation and securing critical manufacturing systems. He currently sits on the Gartner security and risk advisory board and has previously served on the Rutgers University cybersecurity advisory board and Forcepoint technical advisory board.

Andrew Coyne. CISO of Mayo Clinic (Rochester, Minn.). Leading the Mayo Clinic's Office of Information Security since 2016, Mr. Coyne has led initiatives to build up the system's IT capacity. He notably built cybersecurity operations centers, implemented a cybersecurity incident response process and created a medical device cybersecurity program that has since been widely adopted by other health systems. He has previous experience as the director of PwC's Health Industries Cybersecurity practice.

Lee Cullivan. CISO of Boston Medical Center. First joining Boston Medical Center in 2008, Mr. Cullivan left the system briefly to serve as director of IT at Pierce Atwood, a law firm in Portland, Maine. He returned to Boston Medical Center in August 2017 to assume the CISO role, responsible for the 514-bed hospital's information security. He is experienced in guarding the hospital and its patient data against malware, ransomware, phishing attacks and other threats.

Lou Dignam. Vice President of Cybersecurity at Virtua Health (Marlton, N.J.). Mr. Dignam, serving as vice president of cybersecurity for Virtua Health, oversees the security strategy for the large nonprofit academic health system, including its five hospitals and over 400 care locations. With 39 years of IT experience, 22 of which are in cybersecurity, Mr. Dignam has played a critical role in advancing Virtua's security objectives, earning the organization a level 10 "Most Wired" designation from the College of Healthcare Information Management Executives in 2023. He is responsible for developing a comprehensive security strategy, managing risk and compliance, and leading a high-performing cybersecurity team. A respected leader in the field, Mr. Dignam actively participates in national security advisory committees and has contributed to numerous security initiatives that enhance Virtua’s capabilities, including security awareness training, vulnerability management, incident response, role-based access, and threat-hunting. 

Michael Erickson. CISO of Baptist Health (Louisville, Ky.). Mr. Erickson joined Baptist Health in 1995 and has served as its chief information security officer since November 2016. He works with the clinical, IT and compliance departments to oversee all parts of the system's information security risk management initiatives. His other IT roles at Baptist Health have included system director of IT infrastructure, HIPAA security officer and executive director of IT infrastructure and security.

Wayne Floyd. CISO of Saint Francis Healthcare System (Cape Girardeau, Mo.). Saint Francis Healthcare System tapped Mr. Floyd to serve as cybersecurity officer for IT in October 2017. He has more than 20 years of IT experience and is responsible for IT security policy, standards and safeguards at Saint Francis, a Catholic-based system that includes a 306-bed nonprofit tertiary care hospital.

Bruce Forman. CISO of UMass Memorial Health Care (Worcester, Mass.). Mr. Forman serves at UMass Memorial Health, a three-hospital system with 13,000 total employees and 1,125 hospital beds. Before joining UMass, he was director of information security for Genesis HealthCare in Lake Forest, Calif.

Chase Franzen. Vice President of IT Risk Management and CISO for Sharp HealthCare (San Diego). In his role at Sharp HealthCare, Mr. Franzen manages IT security architecture, engineering, operations and various aspects of cybersecurity, including training and compliance. Recently, he launched the cybersecurity ambassadors program, promoting a culture where cybersecurity is a shared responsibility across all levels of the organization. He also spearheaded the integration of identity governance and administration with Epic. Additionally, he is developing a cybersecurity apprenticeship program to train aspiring professionals through mentorship. Before joining Sharp, Mr. Franzen held senior technology roles in banking and finance, including vice president positions at Wells Fargo, and has experience founding businesses in various sectors.

Greg Garneau. CISO of Hospital Sisters Health System (Springfield, Ill.). Mr. Garneau is a seasoned information security leader who is currently CISO of Hospital Sisters Health System. He brings over 25 years of IT and information security experience to the role, which he assumed in January 2024. Prior, he served as CISO of Marshfield (Wis.) Clinic Health System for over seven years. There, he managed security for the $3 billion integrated system, which is one of the largest rural health systems in the nation. 

Todd Greene. Senior Vice President and CISO for Advocate Health (Charlotte, N.C.). Mr. Greene is the senior vice president and chief information security officer at Advocate Health, the nation's third-largest nonprofit integrated health system. He leads a team of approximately 105 cybersecurity professionals who are tasked with safeguarding the organization’s extensive operations, including its 67 hospitals and 1,000-plus care sites. Under Mr. Greene’s leadership, Advocate Health has implemented rigorous cybersecurity measures, including advanced phishing simulations and cloud-based data protection strategies, particularly during the organization’s transition to the Epic EHR system. Mr. Greene's proactive approach to cybersecurity supports the organization’s growth by emphasizing education, regulatory compliance and continuous improvement.

Karen Habercoss. Chief Privacy Officer for University of Chicago Medicine. As chief privacy officer for UChicago Medicine, Ms. Habercoss has played a pivotal role in protecting sensitive patient information and ensuring compliance with privacy laws such as HIPAA. She develops and implements privacy policies and procedures, conducts regular risk assessments, and enforces measures like data encryption and access controls to address potential vulnerabilities. Ms. Habercoss is also responsible for staff training on privacy and data security, managing responses to privacy breaches, and overseeing third-party vendor compliance. Her efforts have resulted in the creation of AI privacy policies, enhanced vendor management, and the launch of privacy awareness campaigns. Additionally, she collaborates with departments such as IT, legal and compliance to integrate privacy considerations across the hospital system.

Jacob Hammersmith. CISO for Billings (Mont.) Clinic-Logan Health. Mr. Hammersmith serves as the chief information security officer for the Billings Clinic-Logan Health unified health system, where he plays a crucial role in protecting patient data and ensuring adherence to regulations like HIPAA. With over 20 years of experience in IT and cybersecurity, Mr. Hammersmith has developed and implemented a robust information security strategy that aligns with both organizational goals and industry standards. His leadership has significantly improved the security posture of the health system and reversed rising cyber insurance premiums through effective risk management. Known for his collaborative approach and strong leadership, Hammersmith has successfully driven digital transformation and enhanced operational efficiencies. 

Dave Heaney. CISO for Mass General Brigham (Boston). Mr. Heaney, Mass General Brigham's CISO, brings prior experience in risk management in online hosting environments at scale. He has served as a security consultant and has run cyber teams of various sizes. Through his work, he has crafted and helped implement security policies, driven awareness and training programs, performed and led penetration tests, rolled out attack monitoring infrastructure, and much more. He has also developed and implemented a large-scale IT security strategy and roadmap. 

Andy Heins. Vice President and Chief Security and Privacy Officer for Lifepoint Health (Brentwood, Tenn.). Mr. Heins serves as vice president and chief security and privacy officer for Lifepoint Health, overseeing a broad range of responsibilities including cybersecurity, information protection, identity management, cloud security, IT risk management and enterprise customer support. He manages security and privacy across Lifepoint Health’s extensive network, which includes 60 community hospitals, 41 rehabilitation hospitals, 23 behavioral health hospitals and over 300 additional care sites. Known for his visionary approach, he has successfully integrated cybersecurity with digital transformation initiatives, ensuring that innovation is matched with robust security measures. His prior experience includes roles in information security compliance at Franklin, Tenn.-based Community Health Systems and roles in information security and internal audit at Nashville, Tenn.-based HCA Healthcare.

Dan Henke. Vice President, Information Security Officer at Mercy Technology Services (St. Louis). Mr. Henke has over 20 years of experience in information security. He joined Mercy Hospital and Healthcare in 2013 as the vice president and information security officer responsible for disaster recovery and business continuity of clinical systems. He also is the system's chief HIPAA security compliance officer and has a reputation for building strong technical teams.

Preston Jennings. CISO of Trinity Health (Livonia, Mich.). Since 2016, Mr. Jennings has served as CISO for Trinity Health, a $23 billion healthcare organization with 115,000 colleagues across 25 states. In his role, he leads over 65 security professionals in ongoing implementation and operationalization of information security for the organization. Over the past fiscal year, he and his team have launched over 50 projects, including the transition to enhanced multi-factor authentication for over 100,000 team members, the extension of privileged access management to new platforms and the introduction of data leakage prevention. This has helped to identify and address threat actors in early stages. 

Esmond Kane. CISO of Steward Health Care (Dallas). Mr. Kane brings 25-plus years of experience leading IT and security programs across multiple industries to Steward Health Care. In his role as CISO, he is responsible for assisting clinicians and leaders to deliver high quality care in alignment with industry frameworks, regulations and best practices. Mr. Kane has led intern programs sourcing from local universities, including Cyberwarrior, YearUp, StemMatchMA, BFIT, and more. In June 2021, Mr. Kane was named Cisco's inaugural CISO of the month.

Darrell Keeling, PhD. CISO at Parkview Health (Fort Wayne, Ind.). Dr. Keeling is in charge of developing and implementing an information security strategy at Parkview Health, conducting risk assessments, designing safeguards and protecting against threats. He has established the system's security culture, delivered training programs and collaborated with various departments to align security objectives. He also ensures compliance with data protection and works with the system's legal and compliance teams to stay current on new threats and regulations. He has 25 years of experience leading information technology and security in various industries, including retail, manufacturing, hospitality, banking, finance and healthcare. Dr. Keeling has also been an adjunct professor at six universities, educating on cybersecurity, programming, robot process automation and informatics. 

Jack Kufahl. CISO for Michigan Medicine (Ann Arbor). Mr. Kufahl has over 20 years of experience in information technology, primarily in leadership roles. As chief information security officer for Michigan Medicine, Mr. Kufahl directs all information assurance activities across the enterprise, simultaneously working to build strong teams and support novel talent pipelines. He is also an incorporating officer and current board member of the Michigan Healthcare Cybersecurity Council, a public-private partnership that seeks to protect the critical healthcare infrastructure and institutions of Michigan by providing relevant knowledge and information security services. 

Kris Kusche. Senior Vice President and System CISO of Albany (N.Y.) Med Health System. Mr. Kusche oversees information security and cybersecurity at Albany Med Health System. He has experience with clinical systems, data architecture and leading infrastructure teams. He first joined Albany Medical Center in 1993 as director of clinical engineering and has held roles of progressive responsibility since. In his current role, which he took on in 2021 in an official capacity, he is tasked with overseeing all technology security policy, operations, investigation, enforcement and assurance.  

Tony Lakin. Vice President and CISO at UT Southwestern Medical Center (Dallas). Mr. Lakin joined UT Southwestern Medical Center in March 2023 as vice president and CISO. He brings 26 years of management and leadership experience to his role, over 13 of which have been spent in information assurance and cyber operations management. Prior to assuming his current role, he served as CISO for Moffitt Cancer Center in Tampa, Fla. 

Derrick Lowe. CISO at Orlando (Fla.) Health. Mr. Lowe sets the vision and strategy for Orlando Health's cybersecurity, IT risk, and business resiliency programs. He oversees daily cybersecurity needs for the entire organization, which encompasses 15 hospitals, over 200 ambulatory sites, more than 27,000 team members, 4,750 physicians and $9.2 billion in assets. As the system experiences rapid growth through mergers and acquisitions, Mr. Lowe has ensured the seamless IT and clinical engineering integration of each unique entity. He first joined Orlando Health in 2019 as corporate director for IT security and resiliency. 

Ron Mehring. Vice President of Technology and Security and CISO for Texas Health Resources (Arlington). Mr. Mehring, as vice president of technology and security and chief information security officer at Texas Health Resources, spearheads efforts to create innovative and sustainable information security and technology programs. With over 15 years of C-level experience, Mr. Mehring has led the transformation of Texas Health’s information security into a nationally recognized, risk-centered and data-driven program. He secured executive approval for a major IT investment to restructure and consolidate data centers, aligning with the company's long-term growth strategy. He also developed a robust security leadership team, achieving high employee engagement and retention, and launched a comprehensive communication and training program for over 29,000 employees, achieving near-perfect completion rates. His initiatives have significantly reduced enterprise risks and improved IT service delivery, positioning Texas Health for optimal operational performance.

Matthew Modica. Vice President and CISO of BJC HealthCare (St. Louis). Mr. Modica is a servant leader who holds 25 years of experience in the information security and technology fields at multiple Fortune 1000 companies across the financial services, healthcare and data services industries. He is a certified information security manager and has served on multiple nonprofit and customer advisory boards, such as the St. Louis CISO Board, Securonix Advisory Board and Autism Speaks Heartland Board. He is also a governing body member of the Evanta STL CXO Summit. He is an adjunct professor for cybersecurity courses in the McKelvey School of Engineering and serves on the cybersecurity advisory committee at Washington University in St. Louis.

Jacki Monson. Senior Vice President, Chief Integration Officer, CISO and Chief Privacy Officer of Sutter Health (Sacramento, Calif.). For the past 12 years, Ms. Monson has been responsible for all aspects of privacy and information security at Sutter Health. She first joined the organization in 2013 and currently serves as senior vice president, chief integration officer, CISO and chief privacy officer. Ms. Monson is a member of the HHS's Health Care Industry Cybersecurity Task Force, and previously held the chief privacy officer role at Rochester, Minn.-based Mayo Clinic.

Mitchell Parker. CISO at IU Health (Indianapolis). Mr. Parker has expertise in security governance, regulatory compliance and risk management. In his role as CISO at IU Health, Mr. Parker is responsible for the information security of the health system's patients and employees. He is an avid speaker on several health IT topics, with a recent focus on blockchain in healthcare.

Michael Prakhye. CISO and Director of Information Security for Adventist HealthCare (Gaithersburg, Md.). Mr. Prakhye has led the security program at Adventist HealthCare since joining the organization in 2016. Since then, he has applied his technical expertise and numerous cybersecurity certifications to build a comprehensive security strategy. He has established a robust security posture that includes prevention, detection and response mechanisms while promoting a strong culture of security awareness. Mr. Prakhye is recognized for his effective communication of cybersecurity issues to the board of directors in clear, business-focused terms. Additionally, he has served as an adjunct professor at the University of Maryland and is an active member of the College of Healthcare Information Management Executives. His leadership and dedication have been instrumental in enhancing patient safety and organizational security.

Andy Price. Vice President of Information Technology, CIO and CISO of St. Claire HealthCare (Morehead, Ky.). Mr. Price is vice president of information technology, CIO, and CISO at St. Claire Healthcare, where he oversees the organization's cybersecurity and privacy programs. He brings strong technical expertise and numerous cybersecurity certifications to both his role at St. Claire and his volunteer work with various cybersecurity groups. Prior to becoming CIO and CISO, Mr. Price served as administrative director of information technology at the health system.

Steven Ramirez. Chief Information Security and Technology Officer for Renown Health (Reno, Nev.). Mr. Ramirez manages cybersecurity and technology operations at Renown Health, overseeing critical areas including security operations, identity and access management, third-party risk management, governance, risk and compliance, security architecture, threat intelligence and network security. He also handles technology operations, covering firewalls, servers, data centers, service desks, and network and desktop management. Mr. Ramirez’s innovative and pragmatic approach has significantly enhanced Renown Health’s cybersecurity posture. Known for pioneering methodologies such as pixel management and autonomous security response, he is also active in the cybersecurity community through speaking engagements and mentoring. Prior to assuming his current position, he has served as chief information security officer at Louisville, Ky.-based UofL Health and has held positions at IBM, McKesson and CHI, which is now CommonSpirit Health.

Jamie Reid. CISO for Advantum Health (Louisville, Ky.). As chief information security officer at Advantum, Mr. Reid oversees the company's technology infrastructure and security, including IT, digital product development, cybersecurity and information systems management. With extensive experience on Advantum's leadership team, he plays a crucial role in safeguarding client and patient data while enhancing the organization's platforms and systems. His decades-long expertise in team management, business process improvement and disaster recovery complement his deep knowledge of IT security and operations. Since assuming this role in January 2024, Mr. Reid has already begun driving significant improvements and setting a new vision for Advantum's technology strategy.

Joshua Roth. CISO of Children's Hospital of Orange County (Orange, Calif.). Mr. Roth is responsible for overseeing the quality and security of business partner, employee and patient information at Children's Hospital of Orange County. He brings over 17 years of experience in cybersecurity to his role, many of which has been spent in the healthcare industry. He has expertise in ensuring that security strategies align with industry standards and regulatory requirements.

Sanjeev Sah. Vice President and CISO for Novant Health (Winston-Salem, N.C.). Mr. Sah joined Novant Health as vice president and chief information security officer in June 2024. He is tasked with strengthening information security, protecting sensitive data and ensuring regulatory compliance. Mr. Sah leads innovative and mission-driven teams that integrate the quadruple aim of enhancing patient experience, improving population health, reducing costs, and improving healthcare providers' work life into technology and cybersecurity strategies. He has spearheaded the "Hospital of the Future" initiative, which integrates advanced technologies and cybersecurity measures to advance these goals. The initiative's contributions include implementing solutions designed to optimize workflows and improve patient and provider experiences, deploying AI for predictive analytics and efficient resource management, and adopting sustainable energy solutions to reduce the hospital's carbon footprint and operational costs, among other innovations. 

William Scandrett. Vice President and CISO of Allina Health (Minneapolis). Mr. Scandrett joined Allina Health as CISO in 2016. He handles all aspects of the system's cybersecurity functions, such as threat and vulnerability management, identity and access management, and governance, risk and compliance. He also leads medical device security and the organization's IoT program. He has a stellar reputation for proactivity and for addressing security risks before they happen. He brings prior experience leading information security in retail, finance and healthcare. 

Michael Shrader. Senior Director of Information Security for WellSpan Health (York, Pa.). Mr. Shrader leads WellSpan Health’s information security program, ensuring the protection of the health system's information assets, technology and infrastructure. His responsibilities include identifying and managing IT and cybersecurity risks while aligning security measures with business objectives. Under Mr. Shrader's leadership, the information security team has expanded, with a focus on professional development and improving WellSpan’s overall security posture. He chairs key committees, such as the information security steering committee and a ransomware-focused workgroup, to drive operational advancement and innovation. He first joined WellSpan in 2014 as a senior information services security analyst and has taken on roles of progressive responsibility since. 

Pavel Slavin. CISO for Endeavor Health (Evanston, Ill.). Mr. Slavin, the chief information security officer at Endeavor Health, leads the organization's cybersecurity efforts, including security operations, risk management and threat intelligence. He is responsible for developing a long-term cybersecurity strategy that aligns with the organization's goals, focusing on control, risk and threat-based approaches. Mr. Slavin collaborates closely with the CIO, other C-suite executives, and senior security professionals to prepare for and manage potential cyber threats, ensuring regulatory compliance and ongoing risk management. He also oversees the professional development of his team and works with vendors and supply chain partners on security issues, implementing the organization's incident response plan. He is known for his ability to build high-performance teams, streamline cybersecurity operations for Fortune 500 companies, and maintain compliance in heavily regulated industries. He holds a patent for Trusted Operating Systems and has a strong track record of transforming cybersecurity programs to align with business objectives.

Monique St. John. CISO and Associate Chief Information Officer at Children’s Hospital of Philadelphia. Ms. St. John and her team focus on critical areas in healthcare cybersecurity, including third-party risk management enhancements, security awareness education, the implementation AI data analyzation tools, and the utilization of automation that reduces response time and improves efficiency. She has led Children’s Hospital of Philadelphia through substantial growth over the past several years, and developed a comprehensive information security strategy that evaluates risks from multiple perspectives, maintains a human-centric approach, balances security with innovation and uses data to measure services. The program leads roadshows and facilitates several cross-functional, multilevel exercises throughout the year, helping organizational stakeholders plan for a major cyber incident. Additionally, knowing that cybersecurity risk equals patient safety risk, the program uses patient safety principles and aligns them to information security, which has contributed to an increased focus on security culture throughout the enterprise. 

Stephen Stallard. Assistant Vice President and Chief Privacy Officer for Orlando (Fla.) Health. As the chief privacy officer for Orlando Health, Mr. Stallard oversees the organization's compliance with privacy and information security laws, including HIPAA, while also leading the compliance and ethics program. With over 30 years of healthcare experience and a deep understanding of revenue management, IT and information security, Mr. Stallard has played a pivotal role in developing and expanding Orlando Health's internal compliance programs. His leadership is marked by a collaborative approach, bridging the gap between operations, technology and compliance to ensure the protection of sensitive information across the organization. Beyond his role at Orlando Health, he is a founding board member of the Florida Compliance and Privacy Consortium. 

Glynn Stanton. CISO and Chief Technology Officer for Yale New Haven (Conn.) Health. Mr. Stanton serves as the chief information security officer and chief technology officer for Yale New Haven Health, overseeing information security across three states, seven hospital campuses, and over 240 outpatient locations. With 12 years at the system, he has significantly expanded the information security office, growing the team from three to over 40 by consolidating functions such as identity and access management and disaster recovery. Mr. Stanton’s dual role includes managing cybersecurity, IT audit, patient privacy, disaster recovery, and IT incident management, while also leading infrastructure, end-user computing and the IT service desk. He has implemented critical security controls that balance functionality and security, such as "tap and go" technologies. Mr. Stanton is also a key advocate for increased medical device security and has played a crucial role in lobbying efforts to extend security licenses for rural hospitals. His leadership is characterized by a focus on cultural change, balancing clinical access with data integrity, and responding swiftly to evolving threats.

Hussein Syed. CISO of RWJ Barnabas Health (West Orange, N.J.). Mr. Syed serves as CISO of RWJ Barnabas Health, where he drives cybersecurity strategy to secure technology and data assets for the academic healthcare system. He is playing a key role in the implementation of the system's historic overhaul of its EHR platform. During his time as CISO, he has grown the department into several divisions focused on risk, architecture, operations, vulnerability management, and identity and access management.

Teresa Tonthat. Vice President and Associate CIO, CISO and Chief Technology Officer at Texas Children's Hospital (Houston). Ms. Tonthat oversees technology, digital solutions, health technology management, data and cybersecurity at Texas Children's Hospital, the largest pediatric hospital system in the U.S. Since joining the organization in 2018, she has led a team of over 500 professionals in safeguarding a vast technology infrastructure and managing critical data for more than 20,000 staff and 4 million patients. Her leadership has notably enhanced the hospital's cybersecurity posture through comprehensive awareness campaigns and a focus on people, processes and technology. Prioritizing organizational resilience, Ms. Tonthat ensures the hospital can deliver care effectively, regardless of digital connectivity. Her strategic approach has also facilitated the digital transformation of the new Texas Children's Hospital in North Austin, with successful innovations set to be implemented at the Houston campus.

Jeffrey M. Vinson, Sr. Senior Vice President and Chief Cyber and Information Security Officer of Harris Health System (Bellaire, Texas). Mr. Vinson was promoted to senior vice president and chief cyber and information security officer at Harris Health System in 2020 after having been with the organization since 2013. In his current role, he is responsible for developing and executing a strategic cyber vision in alignment with organizational goals to ensure patient safety. In 2022 and 2023, Mr. Vinson was recognized as a Top 50 Information Security Professional by Oncon Icon.

Aaron Wishon. Vice President and CISO of Cook Children's (Fort Worth, Texas). Mr. Wishon oversees information security for Cook Children's, which includes a medical center and physician network that has more than 60 primary, specialty and urgent care locations in Texas. There are 303 specialty care doctors in the network. In September 2019, the College of Healthcare Information Management Executives recognized Cook Children's as one of the nation's Most Wired hospitals.

Randy Yates. Vice President and Chief Information Security Officer at Memorial Hermann Healthcare System (Houston, Texas). Mr. Yates is responsible for the development and execution of Memorial Hermann's security strategic plan for its employees, providers and business partner users. He oversees the system's data security program, ensures implementation of technical solutions for data security, access management, security risk assessment, cyberattack response, business resiliency and executive governance of the security program. He coordinates internal and external audit inquiries, manages digital compliance efforts and manages information security policies. He helped transform Memorial's information security team into a full-service InfoSec and cybersecurity program. In 2021, his team organized an exercise for a common ransomware attack. He also established an internship program in the Memorial cybersecurity department to bring interns into full-time roles on the team. 

Dee Young. CISO of UNC Health (Chapel Hill, NC). Ms. Young is CISO for UNC Health, where she ensures the overall cyber resiliency of the system and leads teams responsible for cybersecurity, information and medical device security compliance, emerging technology security and cyber risk management efforts. Her innovative spirit has led UNC Health in the implementation of cutting-edge tools and processes such as generative AI for care teams, virtual nursing initiatives and the Advance Care at Home program. She has over 20 years of security and technology experience, ranging from healthcare to academia. 

Vugar Zeynalov. CISO of Cleveland Clinic. Since 2017, Mr. Zeynalov has served as CISO for Cleveland Clinic, where he is responsible for all cybersecurity endeavors. Mr. Zeynalov leads his team in controlling IT assets including clinical, research, and educational areas of the enterprise. Prior to joining Cleveland Clinic, Mr. Zeynalov operated as executive director of information security of Blue Cross Blue Shield of Illinois, Montana, New Mexico, Oklahoma and Texas as well as head of information security at pharmaceutical and medical device company Hospira.

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Articles We Think You'll Like

 

Featured Whitepapers

Featured Webinars