61 hospital and health system CISOs to know | 2020

Becker's Hospital Review named 61 hospital and health system chief information security officers to know in 2020.

Hospitals and health systems across the country have appointed CISOs to oversee cybersecurity efforts, assist with data management and drive new technology implementation. While the role can vary from one organization to another, many CISOs featured on this list are experts in healthcare cybersecurity and manage teams who specialize in keeping patient and provider data safe.

This list highlights the outstanding efforts of CISOs across the country, many of whom have extensive IT leadership experience. They have received professional recognition from health IT societies, advised on health IT initiatives and held leadership roles for professional development organizations.

Becker's Hospital Review accepted nominations for this list and conducted internal research to develop the final profiles. Individuals and organizations featured on this list do not pay and cannot pay for inclusion. CISOs are listed in alphabetical order.

For questions or comments on this list, contact Laura Dyrda at ldyrda@beckershealthcare.com.

Troy Ament. CISO of Beaumont Health (Royal Oak, Mich.). Mr. Ament joined Beaumont Health in January 2019 as CISO to oversee the three-hospital health system's information security. He is responsible for the security of around 3,100 physicians within the system. Mr. Ament has previous experience as the senior director and CISO of IT for Sanford Health in Sioux Falls, S.D., as well as the director of IT for Zero Variance.

Vikrant Arora. CISO of Hospital for Special Surgery (New York City). Mr. Arora has overseen Hospital for Special Surgery's technological information efforts since May 2017, when he joined the system. He has experience designing the health system's dynamic security program and developing the security architecture that allows care teams to access information from anywhere and on any device. During his tenure, HSS was awarded HIMSS Stage 7 inpatient certification for advanced EMR adoption.

Jennings Aske. Senior Vice President and CISO of NewYork-Presbyterian (New York City). Mr. Aske joined NewYork-Presbyterian in 2015 and now leads the health system's information security efforts. He has previous experience as vice president and CISO of Nuance Communications and as CISO of Boston-based Partners HealthCare, UMass Memorial Medical Center and the Commonwealth of Massachusetts' Executive Office of HHS.

Thomas August. Vice President and CISO of John Muir Health (Walnut Creek, Calif.). Mr. August joined John Muir in 2015 with more than 20 years of experience in information security. He is primarily engaged in identifying risks, developing a vision for the system's risk management strategy and building financial business cases to support that vision. Mr. August has had a storied career, previously serving as director of information security at Sharp HealthCare in San Diego.

Connie Barrera. Corporate Director and CISO of Jackson Health System (Miami). Ms. Barrera joined Jackson Health in February 2014 as director of information assurance and CISO and was promoted to corporate director and CISO in May 2017. Her responsibilities include developing policy and standards related to privacy as well as ensuring the integrity and availability of IT services. She has previous experience at the University of Miami, where she served in management and executive roles for seven years.

Miroslav Belote. CISO of Valley Health System (Ridgewood, N.J.). Mr. Belote became director and CISO of Valley Health System in March 2019 after spending 22 years of his career at JFK Health System in Edison, N.J., most recently serving as the director of information systems infrastructure. He has experience in infrastructure design, information security, telecommunications and data center operations. Mr. Belote has also built high-performing teams and been responsible for major IT initiatives. Prior to joining JFK, he spent 10 years with Dreyfus Service Corp.

Sriram Bharadwaj. CISO and Director of Information Systems at UC Irvine Health (Orange, Calif.). Mr. Bharadwaj brings more than 25 years of experience in information management systems and health plan leadership to his role as CISO and director of information systems at UC Irvine Health. He has experience in application development and has consulted with integrated delivery networks. Before joining UC Irvine, Mr. Bharadwaj spent time with Deloitte.

Dan Bowden. Vice President and CISO of Sentara Healthcare (Norfolk, Va.). Mr. Bowden joined Sentara Healthcare in September 2016 and has overseen the 12-hospital health system's information security since then. He has previous experience leading cybersecurity and technology programs for multiple industries during his 25-year career, including banking and retail. In addition to his role with Sentara, he works with universities in Virginia to develop a cybersecurity workforce focused on the future.

Scott Breece. Vice President of Security and CISO of Community Health Systems (Franklin, Tenn.). Joining Community Health Systems in 2007 after a tenure at HCA Healthcare, Mr. Breece worked his way up to being named health system CISO in June 2014 and now oversees information security for the system's 99 hospitals in 17 states. Mr. Breece's role also involves risk management and helping to develop the system's strategy for staying ahead of threats and securing patient data.

George Carion. CTO and CISO of Cedars-Sinai (Los Angeles). Mr. Carion is an executive leader at Cedars-Sinai, overseeing the system's technology and information security strategy and infrastructure. He has stewardship over its data centers, system integration and IT approaches that support merger and acquisition activities.

Dave Christiano. Chief Technology Officer and CISO of Middlesex Health (Middletown, Conn.). Stepping into the CISO role in 2014, Mr. Christiano has been a digital healthcare leader for 16 years. He became director of IT infrastructure and St. Raphael integration CIO for Yale New Haven (Conn.) Health System in 2004 and served in that position for nine years before becoming the director of IT for Norwalk (Conn.) Hospital. He also has experience as the chairman of the technology leadership group at the Connecticut Hospital Association.

Andrew Coyne. CISO of Mayo Clinic (Rochester, Minn.). Leading the Mayo Clinic's Office of Information Security since 2016, Mr. Coyne has led initiatives to build up the system's IT capacity. He notably built cybersecurity operations centers, implemented a cybersecurity incident response process and created a medical device cybersecurity program that has since been widely adopted by other health systems. He has previous experience as the director of PwC's Health Industries Cybersecurity practice.

Dan Costantino. CISO of Penn Medicine (Philadelphia). A healthcare information veteran with extensive experience, Mr. Costantino arrived at Penn Medicine after spending time at Henkels & McCoy, where he was CISO and a principal in the firm. He has experience in developing enterprise information security programs and developing strong technical security controls. He is an expert in information security governance and risk-management planning.

Kevin Crain. CISO of University of Maryland Medical System (Baltimore). Joining the University of Maryland Medical System in 2015, Mr. Crain oversees information security efforts for the 13-hospital academic healthcare system and its 25,000 employees. Before moving to Baltimore, Mr. Crain served as the director of security and safety at Lehigh Valley Hospital-Pocono in East Stroudsburg, Pa.

Lee Cullivan. CISO of Boston Medical Center. First joining Boston Medical Center in 2008, Mr. Cullivan left the system briefly to serve as director of IT at Pierce Atwood, a law firm in Portland, Maine. He returned to Boston Medical Center in August 2017 to assume the CISO role, responsible for the 514-bed hospital's information security. He is experienced in guarding the hospital and its patient data against malware, ransomware, phishing attacks and other threats.

Phil Curran. Chief Information Assurance and Privacy Officer of Cooper University Health Care (Camden, N.J.). Mr. Curran gained more than two decades of experience in information security and privacy in the military, government and private sectors before joining Cooper University Health Care. In his current role at Cooper, a health system with more than 7,000 employees, he focuses on managing governance and regulatory compliance, risk assessment and management, threat intelligence and vulnerability assessment, and other privacy and security areas.

Byron Davis. Associate Vice President and CISO of UT Southwestern Medical Center (Dallas). UT Southwestern Medical Center appointed Byron Davis as associate vice president and CISO in December 2019. He oversees the hospital's strategy and programs for information security and cybersecurity operations. He also leads workforce education, risk assessment and forensic investigations. Mr. Davis has previous experience as an operations officer in the CIA and served as global head of intelligence collection at the U.S. Department of Energy before joining UT Southwestern.

Scott Dresen. Senior Vice President of Information Services, Chief Technology Officer and CISO of Spectrum Health (Grand Rapids, Mich.). Mr. Dresen joined Spectrum Health in 2007 and oversees the enterprise technology and information security functions for the 14-hospital system. Before joining Spectrum Health, he was CIO of Troy, Mich.-based Wayne State University Physician Group.

Kelley Ealy. CISO of TriHealth (Cincinnati). Ms. Ealy, TriHealth's first chief information security officer, has served in that capacity since March 2018. During her tenure, the health system received a $3.84 million grant from bi3, the grant-making initiative of TriHealth co-sponsor Bethesda Inc., to fund the development and implementation of a virtual care program.

Michael Erickson. CISO of Baptist Health (Louisville, Ky.). Mr. Erickson joined Baptist Health in 1995 and has served as its chief information security officer since November 2016. His other IT roles at Baptist Health have included system director of IT infrastructure, HIPAA security officer and executive director of IT infrastructure and security.

Cris Ewell, PhD. CISO of UW Medicine (Seattle). Dr. Ewell is chief information security officer of an organization with nearly 30,000 professionals at eight healthcare entities. He also is an affiliate assistant professor in the University of Washington's biomedical informatics and medical education department and helped Seattle Children's Hospital implement information security risk management practices.

Nick Falcone. Executive Director of Information Security and University Information Security Officer of Penn Medicine (Philadelphia). Mr. Falcone directs information security at the University of Pennsylvania and at Penn Medicine. He previously led Philadelphia-based Einstein Healthcare Network's information security and privacy program and served as the network's interim chief technology officer. Mr. Falcone also was the enterprise information security officer at Philadelphia-based Thomas Jefferson University and Hospitals before joining Penn Medicine.

Wayne Floyd. CISO of Saint Francis Healthcare System (Cape Girardeau, Mo.). Saint Francis Healthcare System tapped Mr. Floyd to serve as cybersecurity officer for IT in October 2017. He has more than 20 years of IT experience and is responsible for IT security policy, standards and safeguards at Saint Francis, a Catholic-based system that includes a 306-bed nonprofit tertiary care hospital.

Bruce Forman. CISO of UMass Memorial Health Care (Worcester, Mass.). Mr. Forman serves at UMass Memorial Health, a three-hospital system with 13,000 total employees and 1,125 hospital beds. Before joining UMass, he was director of information security for Genesis HealthCare in Lake Forest, Calif.

Michael Gomez. Vice President and CISO of Bon Secours Mercy Health (Cincinnati). Mr. Gomez oversees information security for 43 hospitals and more than 57,500 employees at Bon Secours Mercy Health. He had experience in several technology and security management roles at Bon Secours before it merged with Mercy Health and he became chief information security officer. Throughout his career of more than 20 years, he's worked in technology leadership in the defense, computer game development and energy industries.

Todd Greene. Associate Vice President and CISO of Atrium Health (Charlotte, N.C.). Mr. Green is a founding member of Atrium's cybersecurity team, which formed in 2000. He is responsible for the health system's information security department, ensuring the security of Atrium's patient information and supporting its academic medical center and more than 900 care locations.

Jeremiah Grant. Vice President and CISO of Novant Health (Winston-Salem, N.C.). Mr. Grant serves as head of information security at Novant Health, a 15-hospital health system with more than 29,000 team members and physician partners. During his tenure, he has played a key role in growth of Novant's cybersecurity program.

Kevin Hamel. CISO of Baystate Health (Springfield, Mass.). Since 2017, Mr. Hamel has served as chief information security officer of Baystate Health, an organization with nearly 12,000 employees and more than 980 hospital beds. He has a wealth of experience managing IT, cybersecurity and risk management in the financial and healthcare sectors. Before joining Baystate, he was chief information security officer of COCC, a financial technology company, and vice president of IT for Peoples Bank.

Judy Hatchett. Vice President of Information Security and CISO of Fairview (Minneapolis). Ms. Hatchett has more than 15 years of experience in cybersecurity, and oversees information security for Fairview's 12 hospitals, 55 specialty clinics and 40 retail pharmacies. Before joining Fairview, Ms. Hatchett handled cybersecurity and HIPAA compliance for 3M, Best Buy and SuperValu.

Andy Heins. Vice President and Information Security Officer at LifePoint Health (Brentwood, Tenn.). Mr. Heins oversees information security for LifePoint Health's hospitals in 70 communities. Before joining LifePoint, he worked for HCA Healthcare and Community Health Systems in Franklin, Tenn.

Dan Henke. Vice President, Information Security Officer at Mercy Technology Services (St. Louis). Mr. Henke has over 20 years of experience in information security. He joined Mercy Hospital and Healthcare in 2013 as the vice president and information security officer responsible for disaster recovery and business continuity of clinical systems. He also is the system's chief HIPAA security compliance officer and has a reputation for building strong technical teams.

Joe Hooks. CISO and CTO of Children's Hospital of The King's Daughters (Norfolk, Va.). Mr. Hooks has spent the past 22 years at Children's Hospital of The King's Daughters, where he currently oversees the information security and technology departments. He has experience overseeing data projects and innovations, including the recent roll-out of new wireless barcode scanners.

Preston Jennings. Executive Vice President of Information Security and CISO of Trinity Healthcare (Livonia, Mich.). Mr. Jennings joined Trinity Health in 2016 and oversees information security for the 92-hospital health system, which has 129,000 employees. Before joining Trinity, Mr. Jennings was chief information security officer of PwC eight years and built the firm's information security program. He's worked as an information security consultant on ethical hacking and security solution deployment.

Jigar Kadakia. Chief Information Security and Privacy Officer at Partners (Boston). Mr. Kadakia has more than 17 years of experience in IT and information security. He joined Partners in 2014 after working as senior manager at Deloitte & Touche. In his current role, he is focused on general data protection regulation requirements, medical device security and educational programs.

Kris Kusche. CISO of Albany (N.Y.) Medical Center. Mr. Kusche oversees information security and cybersecurity at Albany Medical Center. He has experience with clinical systems, data architecture and leading infrastructure teams. In addition to his current role, he is a member of the ECRI Institute's advisory board, a past board president of the New York Chapter of HIMSS, and he sits on Excelsior College's industry advisory committee.

Tony Lakin. CISO of Children's Hospital of Orange County (Orange, Calif.). Mr. Lakin is responsible for overseeing the quality and security of business partner, employee and patient information at Children's Hospital of Orange County. Before joining Children's Hospital of Orange County, Mr. Lakin was the executive director and chief information security officer for Maricopa Integrated Health Systems in Phoenix. He also has experience as director of cybersecurity for Archimedes Global, a diversified technology company.

Thien Lam. Vice President and CISO of BayCare (Clearwater, Fla.). Mr. Lam has more than 25 years of experience in IT. At BayCare Health System, Mr. Lam is responsible for information security and compliance for the 15-hospital health system. Before joining BayCare, Mr. Lam was the director of IT security systems and data security officer for Methodist Hospital System in Houston.

Will Long. Vice President and CISO of Dallas Children's. Mr. Long is responsible for the information security at Dallas Children's, protecting patient information at the hospital as well as its telehealth network. He was an integral part of launching the North Texas Healthcare CISO Leadership Summit and was appointed to the board of the Association for Executives in Healthcare Information Security. In 2018, he was a finalist for the Dallas Business Journal's Tech Titans award.

Matthew Modica. Vice President and CISO of BJC HealthCare (St. Louis). At BJC HealthCare, Mr. Modica is responsible for the direction, planning and adoption of IT systems, facility defenses against security breaches and business operations. Before joining BJC, Mr. Modica was vice president for global client security with Equifax, where he was responsible for a team of information security officers. He serves on the St. Louis CISO board and on the cybersecurity advisory committee for Southeast Missouri State University.

Richard Mitchell. CISO and Director of IT at Eagleville (Pa.) Hospital. Mr. Mitchell brings 25 years of experience in healthcare and financial services to his role as CISO and director of IT at Eagleville Hospital, a 305-bed independent hospital. Prior to joining Eagleville, Mr. Mitchell worked as the manager of technology services at the data center at Catholic Health Initiatives' data center in Exton, Pa.

Ronald Mehring. CISO and Vice President of Information Security for Texas Health Resources (Arlington). Mr. Mehring oversees information security for Texas Health Resources, which serves 16 counties and 6.2 million people in Texas. He began his career in the Marine Corps and served for 21 years before he joined the Department of Veterans Affairs and led compliance assessment teams. His experience at the VA was a springboard to his current role at Texas Health Resources.

Jacki Monson. CISO and Chief Privacy Officer of Sutter Health (Sacramento, Calif.). For the past 12 years, Ms. Monson has been responsible for all aspects of privacy and information security. Ms. Monson is a member of the HHS's Health Care Industry Cybersecurity Task Force, and previously held the chief privacy officer role at Rochester, Minn.-based Mayo Clinic.

Hai Ngo. CISO of NYU Langone Medical Center (New York City). Mr. Ngo has spent the past 15 years at NYU Langone and he currently oversees information security of the health system. He has previous experience as director of IS at Deutsche Bank – MaxBlue Americas and vice president of IS at PaineWebber. He has spent his career helping to build organizations in healthcare, biomedical research and finance fields as well as startups.

Mitchell Parker. Executive Director of Information Security at IU Health (Indianapolis). Mr. Parker has expertise in security governance, regulatory compliance and risk management. In his role as executive director of information security and compliance at IU Health, Mr. Parker is responsible for the information security of the 2,696-bed health system's patients and nearly 30,000 employees. He is an avid speaker on several health IT topics, with a recent focus on blockchain in healthcare.

Rob Perry. CISO of Carilion Clinic (Roanoke, Va.). Mr. Perry joined Carilion Clinic in 2018 and currently oversees information security for the health system. He has previous experience as senior director of IT infrastructure and cybersecurity as well as the information security officer for The George Washington Medical Faculty Associates. He developed and oversaw GW Medical Faculty Associates' technology infrastructure for more than 2,000 users and 40 locations. He also has experience overseeing IT budget and managing third-party vendor relationships.

Wayne Pierce. CISO of Aspirus (Wausau, Wis.). Mr. Pierce joined Aspirus in 2017 as an IT security coordinator and worked his way up to being named CISO of the health system. He has experience with information security governance and managing IS teams. He also oversees the health system's information assurance program that includes data classification, log monitoring and system auditing.

Art Ream. CISO of Cambridge (Mass.) Health Alliance. Mr. Ream has spent more than 17 years at Cambridge Health Alliance, joining the organization as a manager of applications in 2003 and working his way up to the CISO position. He has a background as an executive business leader and has led his team through technology implementations and product launches. Prior to joining CHA, Mr. Ream held IT leadership positions at three other hospitals in Massachusetts.

William Scandrett. Vice President and CISO of Allina Health (Minneapolis). Mr. Scandrett joined Allina Health in 2016 as CISO after serving as CISO of HealthEast. He has experience leading information security in retail, finance and healthcare. While at HealthEast, Mr. Scandrett oversaw the organization's cybersecurity, technology compliance and risk management.

Pavel Slavin. Vice President and CISO of Froedtert Health (Milwaukee). Mr. Slavin oversees the enterprise security and cybersecurity for Froedtert Health. He has spent more than two decades developing and operating cybersecurity programs, previously serving as a cybersecurity managing principle for Cleveland Clinic Foundation. Mr. Slavin has a background in developing brand differentiation through adaptable and business-focused security services.

Ben Smith. Vice President and CISO of Nuvance Health (Danbury, Conn.). Mr. Smith joined Nuvance in 2019 as Vice President and CISO after spending nearly four years as CISO of MultiCare Health System in Tacoma, Wash. He has experience with building MultiCare's first rationalized systemwide information security and risk management program. He also spent time advising senior leadership on risk management and IS strategy as well as regulatory compliance issues.

Glynn Stanton. CISO of Yale New Haven (Conn.) Health System. Mr. Stanton oversees information security at Yale New Haven Health System, which includes five hospitals, more than 70 physician practices and 1,500 employees. YNHHS features a team of 500 IT professionals and has been consistently recognized by Hospitals & Health Networks as one of the country's "Most Wired and Most Wireless" health systems. He also has experience as chief technology officer of the system.

Tom Stumpek. CISO of Lahey Health (Burlington, Mass.). Since 2017, Mr. Stumpek has overseen information security for Lahey Health, a five-hospital system with more than 1,400 physicians providing care to 3,000 patients per day. Previously he operated as chief technology officer and CISO of Electric Insurance Co. and served as an advisor for cybersecurity start-ups and enterprise clients.

Dave Summitt. CISO and Director of Cybersecurity Operations at Moffitt Cancer Center (Tampa, Fla.). Mr. Summitt manages the security operations center and the identity and access management programs at Moffitt Cancer Center. He has extensive experience in cybersecurity, information systems and network and engineering operations. Prior to entering the healthcare sector, Mr. Summitt had a 21-year career with the Department of Defense.

Hussein Syed. CISO of RWJ Barnabas Health (West Orange, N.J.). Mr. Syed operated as director of IT and security at RWJ Barnabas Health for 12 years before he was appointed CISO of RWJ Barnabas Health, which features more than 9,000 physicians and serves over 2 million patients per year. In 2019, CHIME's "Most Wired" list recognized 12 of the health system's facilities for demonstrating success in health IT adoption.

Patrick Tisdale. CISO of Regional Health (Rapid City, S.D.). Mr. Tisdale oversees information security at the six-hospital Regional Health. The health system also has six urgent care locations, senior care and home health services. He has previous experience as Regional Health Rapid City Hospital's application supervisor and as a consultant with Darca Consulting.

Teresa Tonthat. CISO of Texas Children's Hospital (Houston). Ms. Tonthat joined Texas Children's Hospital in 2018 and is responsible for the strategic guidance of digital technology, infrastructure, biomed engineering, information security and cybersecurity. In 2019, the hospital achieved HIMSS Stage 7 designation for inpatient and ambulatory services, demonstrating expertise in implementing health IT to improve patient care.

Paul VanAmerongen. Vice President and CISO of UW Health (Madison, Wis.). In 2017, Mr. VanAmerongen joined UW Health, a seven-hospital health system with 1,750 physicians and 21,000 staff. His responsibilities include protecting the information of the 600,000 patients who are treated at UW Health annually and leading the enterprise information security program at the system's accountable care organization, which aims to boost communication between providers and improve patient care across its facilities.

John Weller. CISO of Metro Health Hospital (Wyoming, Mich.). Mr. Weller spearheads cybersecurity and supervises compliance requirements at the 208-bed Metro Health Hospital. Demonstrating success in the adoption of health IT, the hospital has been recognized among CHIME's "Most Wired" list for nine out of the last 10 years and is also a recipient of the VMWare Innovation Award for being an early adopter of virtualization in both its data center and workstation delivery.

Karl West. CISO and Assistant Vice President of Information Systems at Intermountain Healthcare (Salt Lake City). Mr. West oversees information access, authorization, privacy, business continuity and data governance at Intermountain Healthcare, a nonprofit health system consisting of 24 hospitals and 3,800 affiliated physicians. With more than 25 years of experience in information technology, Mr. West leads the planning, development and installation of the system's information systems security program.

Chad Wilson. CISO of Lucile Packard Children's Hospital Stanford and Stanford Children's Health (Palo Alto, Calif.). Mr. Wilson joined Stanford Children's in 2019 after serving as director of IT security and chief security officer at Children's National Health System in Washington, D.C. He has experience leading information security initiatives and improving security systems and clinical applications through key partnerships. Mr. Wilson also has experience as a senior associate for Booz Allen Hamilton where he managed cybersecurity services for clients.

Aaron Wishon. CISO of Cook Children's (Fort Worth, Texas). Mr. Wishon oversees information security for Cook Children's, which includes a medical center and physician network that has more than 60 primary, specialty and urgent care locations in Texas. There are 303 specialty care doctors in the network. In September 2019, the College of Healthcare Information Management Executives recognized Cook Children's as one of the nation's Most Wired hospitals.

Vugar Zeynalov. CISO of Cleveland Clinic. Mr. Zeynalov has served as CISO for Cleveland Clinic since 2017, advising system leaders on cybersecurity and technology risk management and providing strategic planning for its information security program. Prior to joining Cleveland Clinic, Mr. Zeynalov operated as executive director of information security of Blue Cross Blue Shield of Illinois, Montana, New Mexico, Oklahoma and Texas as well as head of information security at pharmaceutical and medical device company Hospira.



Copyright © 2022 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.


Featured Whitepapers

Featured Webinars