Cybersecurity has become a top priority for healthcare organizations as data breaches and cyber threats continue to rise in frequency and sophistication.
Across the country, hospitals and health systems rely on their CISOs and CPOs to build strong cybersecurity frameworks, implement cutting-edge technologies, recruit top IT talent and protect sensitive patient data. As the digital threat landscape evolves, these leaders remain agile, ensuring their organizations stay one step ahead to safeguard critical information.
Note: Becker’s Healthcare developed this list based on nominations and editorial research. This list is not exhaustive, nor is it an endorsement of included leaders, organizations or associated healthcare providers. Leaders cannot pay for inclusion on this list. Leaders are presented in alphabetical order. We extend a special thank you to Rhoda Weiss for her contributions to this list.
Contact Anna Falvey at afalvey@beckershealthcare.com with questions or comments.
Mauricio Angée, DBA. CISO for University of Miami Health. Dr. Angée, the CISO for the University of Miami, is instrumental in protecting the academic medical institution’s sensitive data, including health information and research data. He has developed and implemented a comprehensive information security strategy to ensure compliance with regulations such as HIPAA, strengthen the university’s cybersecurity posture and manage security technologies. Dr. Angée leads incident response efforts and fosters a culture of security across the institution, including UHealth, safeguarding intellectual property and research data. With over 30 years of experience in various sectors, including healthcare and financial services, Dr. Angée is recognized for his technical expertise, strategic vision, and leadership in cybersecurity.
Connie Barrera. Corporate Director and CISO of Jackson Health System (Miami). Ms. Barrera joined Jackson Health in February 2014 as director of information assurance and CISO and was promoted to corporate director and CISO in May 2017. Her responsibilities include developing policy and standards related to privacy as well as ensuring the integrity and availability of IT services. She has previous experience at the University of Miami, where she served in management and executive roles for seven years.
Miroslav Belote. CISO of Valley Health System (Ridgewood, N.J.). Mr. Belote became director and CISO of Valley Health System in March 2019 after spending 22 years of his career at JFK Health System in Edison, N.J., most recently serving as the director of information systems infrastructure. He has experience in infrastructure design, information security, telecommunications and data center operations. Mr. Belote has also built high-performing teams and been responsible for major IT initiatives. Prior to joining JFK, he spent 10 years with Dreyfus Service Corp.
James Bowie. Vice President of Cybersecurity and CISO at Tampa (Fla.) General Hospital. Mr. Bowie leads cyber operations, governance, risk, compliance, and identity and access management to protect Tampa General Hospital’s on-premises and cloud environments, clinical systems, biomedical assets and endpoints. He chairs the hospital’s cybersecurity council and oversees policy, standards and incident readiness, providing regular program updates to executive leadership and the board. Mr. Bowie rebuilt Tampa General’s enterprise cybersecurity for 18,000 users and 70,000 endpoints across six hospitals and 150-plus sites, including crisis-containment and remediation playbooks. His program has supported recognitions such as The College of Healthcare Information Management Executives’ “Digital Health Most Wired” status, Healthcare Information and Management Systems Society’s “Stage 7” designation, and recurring high external security ratings. Mr. Bowie also serves on the Evanta Florida CIO and CISO governing board and volunteers with Cyber Florida to mentor students. His previous roles include director of cyber operations and supervisor of the Threat Analysis Center at Tampa-based Moffitt Cancer Center, and multiple security and infrastructure leadership positions at Tampa General.
James Case. Senior Vice President and CISO for Baptist Health (Jacksonville, Fla.). Mr. Case serves as senior vice president and chief information security officer for Baptist Health, overseeing the organization’s information security operations, including incident response, vulnerability management and risk assessments. With nearly 30 years of IT experience, primarily in healthcare, he leads efforts to protect sensitive electronic information and ensure that Baptist Health’s digital ecosystem remains secure and compliant. Since taking on his current role in December 2021, he has implemented a comprehensive cybersecurity program aligned with the health system’s business and clinical objectives. He is also actively involved in IT strategy planning and has led initiatives like a full-scale cyberattack rehearsal to prepare the organization for potential threats. He currently serves on the board of directors for the Association for Executives in Healthcare Information Security and the Jacksonville/Northeast Florida chapter of the Information Systems Security Association.
Monte Coulter. CISO at OU Health (Oklahoma City). Mr. Coulter leads a high-performing cybersecurity team that has significantly improved Oklahoma’s flagship academic health system’s cyber resilience. In 2025, the team launched a robust cybersecurity training program and implemented software to automate identity and access management, significantly improving account provisioning across the organization. Under his leadership, OU Health has leveraged automation and frameworks from the National Institute of Standards and Technology to streamline operations, reduce costs and enable focus on proactive security measures. He emphasizes the potential of AI and machine learning in enhancing threat detection and response alongside trends such as zero trust architectures and privacy-by-design principles to strengthen healthcare security. With more than 25 years in information technology and 17 years in information security, Mr. Coulter previously established an information security program at Caris Life Sciences and led a multinational security initiative at GAF Materials. He serves on Microsoft EDU Security’s CISO advisory panel, and contributed to advisory boards at Rutgers University and Forcepoint.
Wayman Cummings. Vice President and CISO at Ochsner Health (New Orleans). Mr. Cummings aligns cybersecurity strategy with enterprise goals to safeguard patient data and ensure uninterrupted care delivery across the Ochsner Health system. He integrates security intelligence, incident response and vulnerability management to protect the environment while enabling clinical operations. Under his leadership, Ochsner Health strengthened protections that support its standing as Louisiana’s top-ranked health system and a Healthcare Information and Management Systems Society “Davies Award” recipient. Mr. Cummings serves on the boards of advisors for cybersecurity companies SlashNext and ISTARI Global and is president of the board for Capital of Texas InfraGard. He previously served as deputy CISO at food distribution company Sysco and CISO at technology solution company Unisys.
Brian Elrod. Vice President and CISO at St. Jude Children’s Research Hospital (Memphis, Tenn.). Serving in his role since 2013, Mr. Elrod oversees the departments of cybersecurity, disaster recovery, risk and compliance, and identity and access management. He provides executive oversight for all information security strategy, architecture, policies and operations for the organization. He is accountable for the information security for over 12,000 endpoints and servers across a dispersed 36-building campus. He organized the information security office into five key programs focusing on IT risk and compliance, cybersecurity, awareness and outreach, identity and access management and disaster recovery. He established and chairs an information security council made up of senior leaders from across the organization to provide oversight and guidance to the information security office. He also created the information security incident response team that leads the response to a cybersecurity incident or data breach. He is a board member of the Greater Memphis IT Council and the CyberRisk Collaborative Memphis Community. He received the “CISO of the Year” award at the 2025 Tennessee ORBIE awards for exceptional leadership, innovation and vision and for enhancing the safety and security of St. Jude.
Jesse Fasolo. Head of Cybersecurity and Infrastructure Technology and Information Security Officer at St. Joseph’s Health (Paterson, N.J.). Mr. Fasolo leads cybersecurity, technology operations and clinical engineering at St. Joseph’s Health, safeguarding sensitive patient and organizational data. He built the system’s cybersecurity program from the ground up, achieving full National Institute of Standards and Technology and HIPAA compliance and establishing strong governance and risk management structures. Mr. Fasolo directed modernization initiatives including an active-active metro cluster, a comprehensive incident response program and a disaster recovery playbook. He also introduced a robust security awareness program and optimized vendor relationships, reducing costs by up to 50%. In addition to cybersecurity, he oversees infrastructure engineering, with improvements that earned zero nonconformities in regulatory assessments.
Melissa Bateman Fitzgerald. Chief Privacy Officer at Mass General Brigham (Boston). Ms. Fitzgerald is a seasoned privacy attorney with more than two decades of experience advising global organizations on data governance, digital strategy and privacy law. At Mass General Brigham, she oversees enterprisewide data privacy operations spanning academic medical centers, community hospitals, ambulatory practices and the system’s health plan. She leads efforts to embed privacy by design across digital initiatives and is driving systemwide frameworks for AI governance, ethical data use and lifecycle management. Prior to joining Mass General Brigham, Ms. Fitzgerald held senior leadership roles including privacy officer and AI center of excellence co-founder at Olympus, head of privacy operations at Dell Technologies, and general counsel at Gryphon Networks.
Chase Franzen. Vice President and CISO for Sharp HealthCare (San Diego). In his role at Sharp HealthCare, Mr. Franzen manages IT security architecture, engineering, operations and various aspects of cybersecurity, including training and compliance. Recently, he launched the cybersecurity ambassadors program, promoting a culture where cybersecurity is a shared responsibility across all levels of the organization. He also spearheaded the integration of identity governance and administration with Epic. Additionally, he is developing a cybersecurity apprenticeship program to train aspiring professionals through mentorship. Before joining Sharp, Mr. Franzen held senior technology roles in banking and finance, including vice president positions at Wells Fargo, and has experience founding businesses in various sectors.
Greg Garneau. System Vice President and CISO of Hospital Sisters Health System (Springfield, Ill.). Mr. Garneau is a seasoned information security leader who is currently CISO of Hospital Sisters Health System. He brings over 25 years of IT and information security experience to the role, which he assumed in January 2024. Prior, he served as CISO of Marshfield (Wis.) Clinic Health System for over seven years. There, he managed security for the $3 billion integrated system, which is one of the largest rural health systems in the nation.
Gordon Groschl. CISO and Director of Healthcare Technology Management at Texas Children’s Hospital (Houston). Mr. Groschl holds a rare dual role as CISO and director of healthcare technology management at Texas Children’s Hospital, the nation’s largest pediatric health system. He oversees four cybersecurity teams and directs the lifecycle management of more than 100,000 biomedical devices, ensuring both digital and clinical assets remain secure and reliable. Mr. Groschl is leading a multi-year roadmap to advance zero trust, strengthen identity management, and embed governance across IT and biomedical systems. He realigned biomedical engineering under IT governance, treating devices as networked assets subject to continuous oversight and risk management. He is an active contributor to industry forums like SecureWorld Houston and the College of Healthcare Information Management Executives.
Karen Habercoss. Vice President and Chief Information Security and Privacy Officer at UChicago Medicine. Ms. Habercoss leads the integrated privacy office and information security office, spanning cyber incident response, identity and access management, IT governance, risk and compliance, and all federal, state and international privacy requirements. She has built a risk-based privacy and security posture through education, training, auditing, monitoring and third-party oversight to enable safe, compliant technology use. Trusted across the enterprise, Ms. Habercoss advances a cohesive model that protects patients, strengthens safety and keeps pace with evolving regulations. Her UChicago Medicine career includes service as chief privacy officer and deputy privacy officer, following earlier roles at a healthcare startup and The Joint Commission. Ms. Habercoss joined UChicago Medicine over 25 years ago as a clinical social worker in psychiatry.
Kevin Hamel. CISO and Vice President of IT Operations and Technology Platforms at Hartford (Conn.) HealthCare. Mr. Hamel leads foundational technology platforms, including cloud strategy and operations, while serving as systemwide CISO for seven hospitals, 500 locations and 40,000 colleagues. He is driving Hartford HealthCare’s transition to modern, cloud-first architectures that enhance reliability, scalability and security. Mr. Hamel advances a comprehensive cyber program that aligns with clinical priorities and optimizes defenses. His prior CIO and CISO roles in banking and healthcare inform a rigorous, risk-based approach to resilience and regulatory compliance. He is recognized as a thought leader who translates complex technology decisions into business value and safer patient care.
Denise Hathaway. Vice President and Chief Compliance Officer at TMC Health (Tucson, Ariz.). Ms. Hathaway leads TMC Health’s enterprise compliance program, ensuring consistent interpretation and application of federal and state regulations. She strengthens HIPAA privacy practices, appropriate billing and patient-rights protections while cultivating a culture of trust, accountability and open reporting. Ms. Hathaway designed and enhanced a systemwide compliance framework that spans hospital and ambulatory settings and supports eligibility for federal funding. She helped transition clinical research studies into the TMC Health Cancer Center to streamline care and expand access across Southern Arizona. Ms. Hathaway staffs the board of trustees’ audit, compliance and privacy committee, aligning oversight with operational priorities. She has rapidly risen from administrative assistant to chief compliance officer in a decade.
Dave Heaney. CISO for Mass General Brigham (Boston). An IT and cybersecurity expert with more than 20 years of experience, Mr. Heaney leads a transformative cybersecurity program aligned with the health system’s digital health strategy and patient care priorities. Under his leadership, Mass General Brigham has seen significant advancements in cybersecurity maturity, including measurable improvements in National Institute of Standards and Technology cybersecurity framework scores and the deployment of multiple new capabilities. Mr. Heaney has also introduced a new cybersecurity risk assessment process that reduced wait times for new technology approvals by 80%. Viewing cybersecurity as a critical component of patient safety, he collaborates closely across the organization to embed security into core operational and clinical functions.
Andy Heins. Vice President and Chief Security and Privacy Officer for Lifepoint Health (Brentwood, Tenn.). Mr. Heins serves as vice president and chief security and privacy officer for Lifepoint Health, overseeing a broad range of responsibilities including cybersecurity, information protection, identity management, cloud security, IT risk management and enterprise customer support. He manages security and privacy across Lifepoint Health’s extensive network, which includes 60 community hospitals, 41 rehabilitation hospitals, 23 behavioral health hospitals and over 300 additional care sites. Known for his visionary approach, he has successfully integrated cybersecurity with digital transformation initiatives, ensuring that innovation is matched with robust security measures. His prior experience includes roles in information security compliance at Franklin, Tenn.-based Community Health Systems and roles in information security and internal audit at Nashville, Tenn.-based HCA Healthcare.
Dan Henke. Vice President and Information Security Officer at Mercy Technology Services (St. Louis). Mr. Henke has over 20 years of experience in information security. He joined Mercy Hospital and Healthcare in 2013 as the vice president and information security officer responsible for disaster recovery and business continuity of clinical systems. He also is the system’s chief HIPAA security compliance officer and has a reputation for building strong technical teams.
John Jeffries. CISO at the University of Tennessee Medical Center (Knoxville.). Mr. Jeffries leads cybersecurity strategy and risk management for the University of Tennessee Medical Center, ensuring confidentiality, integrity and availability of sensitive data across the enterprise. He has deep expertise in regulatory frameworks including HIPAA, National Institute of Standards and Technology, Payment Card Industry Data Security Standard, General Data Protection Regulation, and International Organization for Standardization standards. Mr. Jeffries has strengthened the enterprise’s cyber resilience by developing governance programs, disaster recovery plans and incident response strategies that align with operational priorities. Mr. Jeffries serves in a number of different leadership capacities, including the military veterans employee resource group board.
Mark Johnson. Vice President and CISO at Hackensack Meridian Health (Edison, N.J.). Mr. Johnson oversees all cybersecurity for New Jersey’s largest health system, leading a 36-person team and presenting strategy and budgets to the board of trustees. He executes a three-year resilience roadmap across identity and access management, vulnerability management, managed detection and response, and multi-cloud security aligned with the system’s “Going Google” and enterprise objectives. Under his leadership, the system operates 100-plus intrusion prevention systems and over 75 firewalls, with monthly enterprisewide patching and scanning that protect 60,000 users and vast device inventories. A former U.S. Navy flight officer and seasoned CISO and CSO, Mr. Johnson has led 500-plus incident responses, helped build one of the first healthcare security operation centers and co-leading the team that built the initial HIPAA audits for the office for civil rights at the U.S. Department of Health and Human Services. He is a frequent national speaker and a two-time Cyber Defense Magazine “Top Global CISO”, an honor he honored in 2023 and 2024. Prior roles span various consulting companies, healthcare organizations and the U.S. Navy.
Benjamin Koshy. CISO at Indian Health Service (Rockville, Md.). Mr. Koshy is CISO for Indian Health Service, an enterprise serving 2.5 million American Indian and Alaska Native people, overseeing risk management, compliance, incident response and modernization. Within nine months, he stood up a 24/7/365 Cybersecurity Operations Center, unifying defenses across over 170 care sites with zero trust principles, machine-learning threat detection and real-time analytics. Mr. Koshy couples technical rigor with cultural stewardship, mentoring a diverse cyber workforce and embedding sovereignty-aware governance that respects tribal priorities. Thanks to his leadership, the impact of the organization’s cybersecurity operations center was recognized with Government Executive and Nextgov/FCW‘s “Fed100” award in 2025. He advises the U.S. Department of Health and Human Services CISO council and advances workforce development while hardening critical clinical infrastructure. His approach is informed by earlier federal and consulting roles in incident response, information system security officer work and enterprise risk.
Jack Kufahl. CISO for Michigan Medicine (Ann Arbor). Mr. Kufahl has over 20 years of experience in information technology, primarily in leadership roles. As CISO officer for Michigan Medicine, Mr. Kufahl directs all information assurance activities across the enterprise, simultaneously working to build strong teams and support novel talent pipelines. He is also an incorporating officer and current board member of the Michigan Healthcare Cybersecurity Council, a public-private partnership that seeks to protect the critical healthcare infrastructure and institutions of Michigan by providing relevant knowledge and information security services.
Hugo Lai. CISO of Temple Health (Philadelphia). Mr. Lai leads Temple Health’s enterprise information security program, spanning security operations, identity and access management, biomedical device protection, incident response and IT continuity. He rebuilt and matured the system’s cybersecurity program from the ground up, with third-party audits validating year-over-year improvements. Mr. Lai standardized access controls and automated account lifecycle management, eliminating outside identity and access management contractors and earning Temple Health finalist recognition for software company SailPoint’s “Identity Security Champion” award. He advises executive leadership on risk, policy and regulatory compliance, keeping the organization ahead of emerging threats. Mr. Lai also contributes to the field as a speaker at SecureWorld and other forums, and serves on CISO advisory boards for the Institute for Applied Network Security, Trustwave and Rubrik.
Tony Lakin. Vice President for Information Security and CISO at UT Southwestern Medical Center (Dallas). Mr. Lakin joined UT Southwestern Medical Center in March 2023 as vice president and CISO. He brings 26 years of management and leadership experience to his role, over 13 of which have been spent in information assurance and cyber operations management. Prior to assuming his current role, he served as CISO for Moffitt Cancer Center in Tampa, Fla.
Thien Lam. Vice President and CISO at BayCare Health System (Clearwater, Fla.). Mr. Lam directs BayCare Health System’s enterprise information security, risk management and business resiliency programs, aligning cyber strategy with systemwide clinical, operational and financial goals. With more than 30 years in IT and security, he has advanced the system’s defenses through proactive threat mitigation, policy modernization and adoption of advanced security technologies. He is a visible advocate for security culture, speaking frequently and mentoring emerging professionals to strengthen the workforce pipeline. Mr. Lam’s leadership supports the system’s sustained national recognitions for workplace culture, patient experience and quality. Prior to joining BayCare Health System, he served as director of information system security and data security officer at Houston Methodist, associate director of information security at Houston-based MD Anderson Cancer Center, and director of technology and security at application service provider EbaseOne.
Derrick Lowe. Vice President and Chief Security Officer at Orlando (Fla.) Health. Mr. Lowe leads corporate security operations and key IT security functions, including cybersecurity and business resiliency, for a rapidly growing multi-state system of 25 hospitals and 300-plus sites. He has driven a National Institute of Standards and Technology cybersecurity framework–based transformation with measurable year-over-year audit gains, developed zero trust–aligned roadmaps, and built robust disaster recovery playbooks for every hospital and ambulatory site. Mr. Lowe oversees more than 400 security officers plus dedicated cybersecurity and corporate security teams, aligning physical, cyber and resiliency operations for enterprise readiness. He conducts regular tabletop exercises and mass-disaster drills with community agencies to ensure continuity of patient care during outages and attacks. He is a decorated U.S. Army veteran, co-chairs Orlando Health’s information security and privacy governance committee, and serves on external boards for technology companies in the community.
Hassnain Malik. Vice President and CISO at Tufts Medicine (Burlington, Mass.). Mr. Malik, vice president and CISO at Tufts Medicine, reports to executive leadership and the audit and compliance committee of the board. His role involves modernizing cloud security and revamping enterprise cybersecurity to protect critical assets. He established an agile, rapid-response capability and democratized security through education and embedded governance. Mr. Malik manages enterprise infrastructure alongside an outsourced team of 250, aligning resilience and scalability with system strategy. With over 25 years of experience spanning security, engineering, analytics and digital platforms, he brings deep experience across healthcare, academia and consulting. He is widely recognized for technical acumen, mentorship, and advancing best practices as a fellow of both American College of Healthcare Executives and Healthcare Information and Management Systems Society. Previously, Mr. Malik held roles with Oakland, Calif.-based Kaiser Permanente, served as CISO at Mountain View, Calif.-based El Camino Health, directed security compliance at Seattle-based Accolade Health, and taught as adjunct faculty at Boston University.
Trevor Martin. Vice President and CISO at UW Health (Madison, Wis.). Mr. Martin safeguards patient, research and operational data by leading a risk-based security strategy across clinical, research and administrative environments. He repositioned information security as a strategic partner, building high-performing teams and data-driven operations that support care rather than impede it. Mr. Martin advanced adoption of the National Institute of Standards and Technology cybersecurity framework and the vulnerability management maturity model while strengthening identity, operations, incident response and threat intelligence. He promotes secure innovation, including AI and academic data sharing, through pragmatic controls and trust-building with operational leaders. Externally, Mr. Martin represents UW Health across security forums and media while maturing return on investment and benefits-realization processes for cybersecurity investments. He previously served as executive director and information security officer at Urbana, Ill.-based Carle Health and as global IT director at Wolfram Research.
Ron Mehring. Vice President of Technology and Security and CISO at Texas Health Resources (Arlington). Mr. Mehring leads enterprise cybersecurity and technology operations for Texas Health Resources, directing risk management, regulatory compliance and systemwide security programs. He secured board approval for multiyear IT modernization and data center consolidation, aligning with the system’s 10-year growth plan. Mr. Mehring implemented a business-aligned security roadmap and transformed operations into a data-driven, risk-centered model. He launched enterprisewide education that reached 29,000 employees with 99% training completion and improved awareness scores. His efforts also reduced significant enterprise risks, strengthened resilience and improved incident response readiness. A nationally recognized security leader, Mr. Mehring has been honored with a CSO50 Magazine award for advancing information security and risk programs.
Julian Mihai. Chief Technology Officer at Penn Medicine (Philadelphia). Mr. Mihai oversees Penn Medicine’s digital backbone, including end-user platforms, clinical and research infrastructure, and core systems, ensuring secure, reliable technology at scale. Previously the health system’s CISO, he authored its first comprehensive, multi-year cybersecurity strategy and positioned security as a mission enabler. Mr. Mihai’s approach integrates engineering discipline with risk management to support patient care, research and operations across a $11.9 billion, 49,000-employee enterprise. A frequent advisor and speaker, he collaborates with the security community to accelerate innovation and challenge industry norms. Earlier leadership roles include Cleveland Clinic, Blue Cross Blue Shield of Illinois, Microsoft, Motorola and technology startups.
Matthew Modica. Vice President and CISO of BJC HealthCare (St. Louis). Mr. Modica is a servant leader with over 27 years of experience in the information security and technology fields at multiple Fortune 1000 companies. For the past 8 years, Mr. Modica has served as CISO for BJC Health System, a $12 billion-plus healthcare provider that serves communities across Missouri, Illinois and Kansas. He is a certified information security manager and has served on multiple nonprofit and advisory boards. Additionally, Mr. Modica sits on the Autism Speaks executive leadership council, supporting research and services for those on the autism spectrum.
Elizabeth Ortmann-Vincenzo. Chief Privacy Officer at Banner Health (Phoenix). Ms. Ortmann-Vincenzo joined Banner in 2024, bringing over 30 years of healthcare and privacy experience, including the last 10 years providing legal and compliance support to privacy, cybersecurity and data use. At Banner she is creating a best-in-class privacy program with a multi-year roadmap to substantially expand the program beyond the core HIPAA mandate with an overall risk-based approach, including expanding privacy work to include AI, consumer privacy, tracking technology and third-party oversight. She is working to increase privacy’s reach through enhanced auditing, monitoring and communication. She has also redesigned and launched a privacy risk assessment process and implemented compliance with the HIPAA reproductive rule. Ms. Ortmann-Vincenzo supports and enables Banner Health’s digital transformation in social media and patient communications using a privacy-by-design approach, has introduced collecting and tracking privacy metrics and effectiveness, began third-party oversight by privacy, and is a founding member of Banner’s AI executive steering committee. She chaired the Missouri Bar health and hospital committee, taught privacy and information security law at Missouri University of Science and Technology and remains active in the privacy community through speaking, education and mentoring.
Rob Perry. Vice President and CISO at HonorHealth (Scottsdale, Ariz.). Mr. Perry oversees enterprise cybersecurity and information risk for nine hospitals and 200-plus care sites, aligning strategy, governance and budgets with HonorHealth’s mission. He has built an integrated program spanning policy, identity and access, security operations center operations, incident response, vendor risk and physical security, while partnering closely with legal, privacy, IT and clinical leaders. Under Mr. Perry’s leadership, incident readiness and recovery have accelerated, awareness training has reduced phishing risk and controls now consistently safeguard PHI, research and business data. He implemented a multiyear roadmap that moved security from reactive to proactive and embedded resilience into clinical workflows. Mr. Perry’s experience across academic medicine, research and large enterprises enables pragmatic security that supports care delivery at scale. He is also a past chapter president in Healthcare Information and Management Systems Society and FBI CISO Academy graduate.
Michael Prakhye. CISO and Director of Information Security for Adventist HealthCare (Gaithersburg, Md.). Mr. Prakhye has led the security program at Adventist HealthCare since joining the organization in 2016. Since then, he has applied his technical expertise and numerous cybersecurity certifications to build a comprehensive security strategy. He has established a robust security posture that includes prevention, detection and response mechanisms while promoting a strong culture of security awareness. Mr. Prakhye is recognized for his effective communication of cybersecurity issues to the board of directors in clear, business-focused terms. Additionally, he has served as an adjunct professor at the University of Maryland and is an active member of the College of Healthcare Information Management Executives.
Andy Price. Vice President, Chief Information and Information Security Officer at St. Claire HealthCare (Morehead, Ky.). Mr. Price directly oversees IT, cybersecurity, privacy, informatics, analytics, and clinical engineering for St. Claire HealthCare. His direction of IT strategy and innovation efforts has led to improved patient care and clinician satisfaction. He works with all departments to optimize systems. Mr. Price volunteers with the Health Sector Coordinating Council, and is a member of the 405d Task Group and several school technology boards and advisory groups.
Steven Ramirez. CISO at Renown Health (Reno, Nev.). Mr. Ramirez leads Renown Health’s enterprise cybersecurity program, overseeing identity and access management, cyber operations, governance-risk-compliance and third-party risk management. He is recognized for a modern, automation-forward security strategy that strengthens controls while enabling clinical operations. Mr. Ramirez is a leader in identity and access management, using orchestration to improve speed, accuracy and least-privilege enforcement. Under his guidance, the system’s program maturity has advanced in step with the organization’s growth and quality trajectory. He extends his influence through service on the University of Nevada, Reno advisory board, Fortified Health advisory board, Association for Executives in Healthcare Information Security board, and as Health Information Sharing and Analysis Center data protection chair. Previously, Mr. Ramirez served as CISO at Louisville, Ky.-based UofL Health.
Adam Rosen. CISO at Roswell Park Comprehensive Cancer Center (Buffalo, N.Y.). Since 2019, Mr. Rosen has served as the CISO of Roswell Park Comprehensive Cancer Center, a National Cancer Institute-designated comprehensive cancer center. Overseeing Roswell Park’s cybersecurity program, he has worked to bring broad awareness of cyber-risk issues to senior leaders and throughout the organization, providing deeper insight into risks, realities and opportunities. His work to engage stakeholders across the cancer center in effective cybersecurity strategy helps this high-performing organization to align and prioritize resources in accordance with strategic objectives. Mr. Rosen’s key accomplishments as CISO include expanding the security team to handle new challenges and overhauling cyber-risk management processes for greater effectiveness and efficiency. He applies his 25 years of experience in IT and information security toward the care of more than 50,000 cancer patients each year.
Joshua Roth. CISO of Children’s Hospital of Orange (Calif.) County. Mr. Roth is responsible for overseeing the quality and security of business partner, employee and patient information at Children’s Hospital of Orange County. He brings over 17 years of experience in cybersecurity to his role, many of which has been spent in the healthcare industry. He has expertise in ensuring that security strategies align with industry standards and regulatory requirements.
Sanjeev Sah. Senior Vice President of Enterprise Technology Services and CISO at Novant Health (Winston-Salem, N.C.). Mr. Sah joined Novant Health in 2024 and serves as senior vice president of enterprise technology services and CISO. He is tasked with strengthening information security, protecting sensitive data and ensuring regulatory compliance. Mr. Sah leads innovative and mission-driven teams that integrate the quadruple aim of enhancing patient experience, improving population health, reducing costs and improving healthcare providers’ work life into technology and cybersecurity strategies. He has spearheaded the “Hospital of the Future” initiative, which integrates advanced technologies and cybersecurity measures to advance these goals. The initiative’s contributions include implementing solutions designed to optimize workflows and improve patient and provider experiences, deploying AI for predictive analytics and efficient resource management, and adopting sustainable energy solutions to reduce the hospital’s carbon footprint and operational costs, among other innovations.
William Scandrett. Vice President and CISO at Allina Health (Minneapolis). Mr. Scandrett directs Allina Health’s cybersecurity program across threat and vulnerability management, identity and access, governance, risk and compliance, and security architecture for on-prem and cloud environments. He also leads medical-device and Internet of Things security plus enterprise IT asset discovery, cataloging, and monitoring to strengthen visibility and control. Mr. Scandrett is a trusted advisor to the board, translating complex risks into clear business terms and proactively addressing emerging threats. Recognized by national outlets and industry groups, he was named a finalist for the 2025 Minnesota ORBIE awards.
Bob Schlotfelt. Executive Director of IT and CISO at Valleywise Health (Phoenix). Mr. Schlotfelt directs cybersecurity operations, information security, access management, EHR security and compliance for Arizona’s public teaching hospital and safety-net system, Valleywise Health. He leads the enterprise security program safeguarding availability, integrity and confidentiality across patients, partners and workforce data. Mr. Schlotfelt has built and led security teams across healthcare, life sciences, financial services and IT services, and participates in communities such as the CyberRisk Collaborative. Previous roles include director of global information security operations for a 110,000-employee firm, regional security officer for a multi-hospital healthcare company, and the first CISO for a large pension fund manager.
Michael Shrader. Senior Director of Information Security for WellSpan Health (York, Pa.). Mr. Shrader leads WellSpan Health’s information security program, ensuring the protection of the health system’s information assets, technology and infrastructure. His responsibilities include identifying and managing IT and cybersecurity risks while aligning security measures with business objectives. Under Mr. Shrader’s leadership, the information security team has expanded, with a focus on professional development and improving WellSpan’s overall security posture. He chairs key committees, such as the information security steering committee and a ransomware-focused workgroup, to drive operational advancement and innovation. He first joined WellSpan in 2014 as a senior information services security analyst and has taken on roles of progressive responsibility since.
Pavel Slavin. CISO for Endeavor Health (Evanston, Ill.). Mr. Slavin has served as CISO for Endeavor Health since 2023, where he advises system executives on cybersecurity risk management and oversees information security programs across the organization. He works closely with the CIO, C-suite peers, and senior technical teams to prepare for and mitigate evolving cyber threats while ensuring regulatory compliance and long-term risk management. Mr. Slavin brings more than 30 years of cybersecurity leadership experience, previously serving as CISO of Milwaukee-based Froedtert Health and holding key roles with Cleveland Clinic, Baxter International and more. He is nationally recognized for building adaptable, business-focused security programs, fostering collaboration between cybersecurity and business leaders, and creating high-performing teams. Mr. Slavin has led major enterprise transformations, developed regulatory expertise across multiple industries, and holds a patent for Trusted Operating Systems.
Monique St. John. CISO and Associate CIO at Children’s Hospital of Philadelphia. Ms. St. John has taken a comprehensive approach to cybersecurity, viewing it as an integral part of patient safety. This year, she and her team focused on enhancing healthcare cybersecurity resiliency and addressing risks through initiatives involving people, processes and technology. Their program emphasized governance and improved processes for external and internal risk assessments, risk treatment evaluation and prioritization oversight. They deployed AI tools for monitoring and detection and automatically addressed specific threat scenarios. Additionally, Ms. St. John served as a co-sponsor in partnership with the system’s emergency preparedness team for an enterprisewide cyber-readiness initiative. This taskforce initiative aimed to ensure the hospital’s resilience and ability to maintain healthcare operations during major cyber downtimes. The outcome was a significant increase in continuity discussions and plans, testing exercises to build muscle memory, and technology solutions to support the health system in a disaster situation. Ms. St. John’s leadership and program initiatives have significantly strengthened the hospital’s cybersecurity posture, ensuring that patient safety remains a top priority even in the face of evolving cyber threats.
Stephen Stallard. Assistant Vice President of Compliance and Ethics and Chief Privacy Officer at Orlando (Fla.) Health. Mr. Stallard leads Orlando Health’s enterprise compliance and ethics program and privacy function, setting strategy and ensuring adherence to HIPAA and related privacy and information security laws. A three-decade Orlando Health veteran, he advanced from revenue management and IT auditing to build a mature, risk-based privacy and compliance framework that scales with the system. Mr. Stallard successfully integrated compliance and privacy programs for recent expansions, including Brookwood Baptist Health in Alabama and facilities on Florida’s east central coast. He emphasizes education and governance, co-chairing the privacy and information security governance committee and aligning policy, training and incident response across regions. A collaborator by design, he founded the Florida Compliance and Privacy Consortium to raise statewide standards and peer coordination. Mr. Stallard pairs operational pragmatism with rigorous risk mitigation to safeguard protected health information and support growth.
Glynn Stanton. Senior Vice President, CIO and CISO at Yale New Haven (Conn.) Health. Mr. Stanton serves as both chief information and information security officer at Yale New Haven Health, overseeing cybersecurity, privacy, IT audit, disaster recovery, infrastructure, and service desk functions across seven hospitals and 240 outpatient sites. He built the system’s office of information security from three staff to more than 40, consolidating identity and access management and disaster recovery/business continuity functions under unified governance. Mr. Stanton balances strict security protocols with clinical usability, introducing tap-and-go access solutions to improve workflows while maintaining compliance. He is active in statewide security leadership, chairing the Connecticut Hospital Association information security committee and supporting health information exchange governance. Recently, he guided the system through a cyberattack, where layered defenses minimized impacts on patient care. His dual role ensures technology reliability and resilience while cultivating a culture of security awareness across the enterprise.
Stacy Stika. Vice President and CISO for INTEGRIS Health (Oklahoma City, Okla.).
Ms. Stika serves as vice president and CISO at INTEGRIS Health, where she leads cybersecurity strategy with a mission rooted in protecting patients and caregivers. She began her career as a medical assistant, an experience that continues to shape her belief that security is most valuable when it enables safe, compassionate care. Ms. Stika transitioned into IT to work on Walnut Creek, Calif.-based John Muir Health’s Epic EHR implementation project, where she developed a reputation for aligning security and innovation. She has since led transformational initiatives in risk governance, identity management and enterprise security strategy, building resilient frameworks. She currently serves as the INTEGRIS health system CISO, where she is a recognized advocate for responsible innovation and is focused on the safe adoption of AI in healthcare.
Hussein Syed. CISO at RWJBarnabas Health (West Orange, N.J.). Mr. Syed directs the systemwide cybersecurity strategy for RWJBarnabas Health, New Jersey’s largest academic health system, architecting a National Institute of Standards and Technology cybersecurity framework–aligned program that balances risk with system growth. He has expanded a multidisciplinary security organization that encompasses risk, architecture, operations, vulnerability management, and identity and access management, all while standardizing controls across mergers and new facilities. Mr. Syed and his team played a pivotal role in securing the enterprise Epic EHR deployment, contributing to sustained top-tier Epic performance recognition. A former security architect who built the program’s foundations, he now sets cyber investment strategy with the CIO and ensures consistent policy application across technologies and vendors. He serves on advisory boards, previously served on the College of Healthcare Information Management Executives’ board, and leads internal security committees as a High Reliability Organization facilitator.
Kevin Torres. Vice President of IT and CISO for MemorialCare (Fountain Valley, Calif.). With 27 years of progressive leadership experience at MemorialCare, Mr. Torres leads one of the nation’s top cybersecurity programs. His leadership has resulted in superior scores and outcomes in several national cybersecurity benchmarking reviews by American Hospital Association and National Institute of Standards reviews, with MemorialCare in the top 3-5% of all organizations surveyed for strong detection and response capabilities, as well as high ratings by cyber insurance companies. His leadership goals include building a more accountable and resilient cybersecurity framework that is well positioned to anticipate and respond to the most pressing issues facing digital organizations. Objectives also include increasing employee awareness of data protection and cybersecurity and creating a cyber awareness culture that empowers staff to mitigate risks. To do so, the program has increased interconnectivity, security, reliability and accessibility of departmental and system shared services, as well as advanced technology capabilities and resiliency of patient technology. A popular speaker on IT and cybersecurity, Mr. Torres is frequently quoted in industry publications and media outlets.
Swathi West. CISO at Summa Health (Akron, Ohio). Ms. West is responsible for all aspects of Summa Health’s cybersecurity program, leading strategy, people, processes and technologies. She built the system’s program from concept to execution, aligning it with the National Institute of Standards and Technology cybersecurity framework and vendor risk standards. Ms. West has assembled a high-performing, fully engaged cybersecurity team with no voluntary turnover in the past year. She also established cross-functional governance committees and strengthened incident response capabilities to minimize impacts of cyber events. In addition to her Summa Health leadership, she serves on the board of Executives in Healthcare Information Security and as programs chair for Healthcare Information and Management Systems Society Northern Ohio.
Beth Witte. Senior Vice President and Chief Compliance and Privacy Officer for Community Health Systems (Franklin, Tenn.). Ms. Witte leads the development, implementation, and oversight of compliance and privacy programs across all Community Health Systems affiliates. She joined the organization in 2009 as a director in revenue management and has since advanced through several leadership roles. Ms. Witte previously served as vice president of internal audit and oversaw the enterprise risk management program beginning in 2017. Earlier in her career, she was an audit manager at Deloitte & Touche, where she supervised audits of large, publicly traded companies and healthcare organizations. Her leadership ensures that CHS maintains a culture of accountability, transparency and compliance across its network.
Randy Yates. Vice President and CISO at Memorial Hermann Health System (Houston). Mr. Yates is responsible for the development and execution of Memorial Hermann’s security strategic plan for its employees, providers and business partner users. He oversees the system’s data security program, ensures implementation of technical solutions for data security, access management, security risk assessment, cyberattack response, business resiliency and executive governance of the security program. He coordinates internal and external audit inquiries, manages digital compliance efforts and manages information security policies. He helped transform Memorial’s information security team into a full-service InfoSec and cybersecurity program. In 2021, his team organized an exercise for a common ransomware attack. He also established an internship program in the Memorial cybersecurity department to bring interns into full-time roles on the team.
