60 hospital and health system CISOs and CPOs to know | 2023

Cybersecurity is becoming a top priority for many healthcare organizations, as they are facing an unprecedented number of cyber threats and data breaches. Across the nation, hospitals and health systems have recruited CISOs and CPOs to execute strong cybersecurity initiatives, integrate new innovative technologies, build strong IT teams, and protect patient and system data. 

This list shines a light on the accomplishments of CISOs and CPOs, who leverage their backgrounds in IT and cybersecurity to protect patient privacy. As the landscape of cybersecurity continues to change at a rapid pace, these leaders adapt and adjust so that their organizations can continue to safeguard sensitive information. 

Note: This list is not an endorsement of included leaders, organizations or associated healthcare providers. Leaders cannot pay for inclusion on this list. Leaders are presented in alphabetical order.

Contact Anna Falvey at afalvey@beckershealthcare.com with questions or comments.

Mauricio Angee, DBA. CISO of University of Miami Health System. As CISO for University of Miami Health System, Dr. Angee plays a pivotal role in bridging the gap between technology, security, and healthcare to protect sensitive information. He has crafted an information security strategy for the academic medical institution, which protects health information and research data, complies with all privacy laws and ensures that the digital infrastructure is immune to cyber threats. His leadership has led the system to significantly enhance its security posture in alignment with the system's business objectives. Throughout his 30 years in the information security field, he has earned a reputation for proactivity and his strong strategic vision. 

Scott Arnold. Executive Vice President and Chief Information Officer of Tampa General Hospital (Tampa, Fla.). Mr. Arnold guides the implementation of all technology and cyber systems across the organization to protect the privacy of patient records. He formed and staffed Tampa General’s first cyber security team over ten years ago and formed a security risk management process that evaluates the safety and reliability of potential technology partners. Following Mr. Arnold's guidance, the system adopted a monitoring system that proactively alerts the compliance department to potential risks, deployed a security perimeter that adds extra layers of protection and partnered with the GE Healthcare Command Center system to create an early warning system for sepsis cases. 

Vikrant Arora. CISO of Hospital for Special Surgery (New York City). Mr. Arora has overseen Hospital for Special Surgery's technological information efforts since May 2017, when he joined the system. He has experience designing the health system's dynamic security program and developing the security architecture that allows care teams to access information from anywhere and on any device. During his tenure, HSS was awarded HIMSS Stage 7 inpatient certification for advanced EMR adoption.

Jennings Aske. Senior Vice President and CISO of NewYork-Presbyterian (New York City). Mr. Aske joined NewYork-Presbyterian in 2015 and now leads the health system's information security efforts. He has previous experience as vice president and CISO of Nuance Communications and as CISO of Boston-based Partners HealthCare, UMass Memorial Medical Center and the Commonwealth of Massachusetts' Executive Office of HHS.

Connie Barrera. Corporate Director and CISO of Jackson Health System (Miami). Ms. Barrera joined Jackson Health in February 2014 as director of information assurance and CISO and was promoted to corporate director and CISO in May 2017. Her responsibilities include developing policy and standards related to privacy as well as ensuring the integrity and availability of IT services. She has previous experience at the University of Miami, where she served in management and executive roles for seven years.

Miroslav Belote. CISO of Valley Health System (Ridgewood, N.J.). Mr. Belote became director and CISO of Valley Health System in March 2019 after spending 22 years of his career at JFK Health System in Edison, N.J., most recently serving as the director of information systems infrastructure. He has experience in infrastructure design, information security, telecommunications and data center operations. Mr. Belote has also built high-performing teams and been responsible for major IT initiatives. Prior to joining JFK, he spent 10 years with Dreyfus Service Corp.

Jeff Bontsas. CISO and Vice President of Information Security at Ascension (St. Louis). Mr. Bontsas sets the vision, strategy, architecture and operations of all information security and cybersecurity efforts at Ascension, one of the nation's largest nonprofit healthcare systems. He and his team enact a layered security and defense-in-depth strategy that protects the system from cybersecurity risks. With over 33 years of experience in IT, more than 22 dedicated to information and cybersecurity, and nine years as CISO for the system, Mr. Bontsas has honed his skills and continued to adapt to the ever-changing landscape of cybersecurity. 

George Carion. CTO and CISO of Cedars-Sinai (Los Angeles). Mr. Carion is an executive leader at Cedars-Sinai, overseeing the system's technology and information security strategy and infrastructure. He has stewardship over its data centers, system integration and IT approaches that support merger and acquisition activities.

Brad Carvellas. Vice President of Cybersecurity and CISO of The Guthrie Clinic (Sayre, Pa.). As CISO, Mr. Carvellas leads the information security and risk management program at The Guthrie Clinic. He has successfully implemented various programs and controls, including a quantified cyber risk management program, an advanced cybersecurity operations center, and improved incident response capabilities. Additionally, Mr. Carvellas effectively built a third-party cyber risk management program to support digital health and cloud initiatives. Previously, he was director of information security and risk management at Highmark Health.

James Case. Vice President and Chief Information Security Officer at Baptist Health (Jacksonville, Fla.). Mr. Case leads day-to-day operations for information security, including incident response, workforce education, vulnerability management, risk assessment, intrusion prevention, regulatory, procedure development and forensic investigations for Baptist Health and its senior leadership team. He is responsible for protecting all clinical information and confidentiality of patients, as well as delivering an effective and sustainable cybersecurity program. He has worked in healthcare IT for nearly 30 years, beginning with Baptist Health as a project manager before working his way into the information security C-suite, becoming chief information security officer in 2021. Mr. Case has operational oversight for nearly two dozen information services functions, including Epic security and incident response. Recently, he organized a three-hour exercise that rehearsed what the health system would do in the event of a full-on cyberattack. 

Brian Cayer. CISO of Keck Medicine of USC (Los Angeles). Mr. Cayer took on the role of CISO for Keck Medicine of USC in July 2023. He brings expertise in cybersecurity strategy, security architecture, vulnerability management, security operations and governance to his role. Prior to assuming his current position, he served as CISO for Burlington, Mass.-based Tufts Medicine, where he helped to transform their cybersecurity program through the creation of a centralized model. During his time at Tufts Medicine, he helped lead the system's migration to Epic, making it the first healthcare system to host Epic on Amazon Web Services.

Dave Christiano. Chief Technology Officer and CISO of Middlesex Health (Middletown, Conn.). Stepping into the CISO role in 2014, Mr. Christiano has been a digital healthcare leader for 16 years. He became director of IT infrastructure and St. Raphael integration CIO for Yale New Haven (Conn.) Health System in 2004 and served in that position for nine years before becoming the director of IT for Norwalk (Conn.) Hospital. He also has experience as the chairman of the technology leadership group at the Connecticut Hospital Association.

Andrew Coyne. CISO of Mayo Clinic (Rochester, Minn.). Leading the Mayo Clinic's Office of Information Security since 2016, Mr. Coyne has led initiatives to build up the system's IT capacity. He notably built cybersecurity operations centers, implemented a cybersecurity incident response process and created a medical device cybersecurity program that has since been widely adopted by other health systems. He has previous experience as the director of PwC's Health Industries Cybersecurity practice.

Lee Cullivan. CISO of Boston Medical Center. First joining Boston Medical Center in 2008, Mr. Cullivan left the system briefly to serve as director of IT at Pierce Atwood, a law firm in Portland, Maine. He returned to Boston Medical Center in August 2017 to assume the CISO role, responsible for the 514-bed hospital's information security. He is experienced in guarding the hospital and its patient data against malware, ransomware, phishing attacks and other threats.

Phil Curran. Chief Information Assurance and Privacy Officer of Cooper University Health Care (Camden, N.J.). Mr. Curran gained more than two decades of experience in information security and privacy in the military, government and private sectors before joining Cooper University Health Care. In his current role at Cooper, a health system with more than 7,000 employees, he focuses on managing governance and regulatory compliance, risk assessment and management, threat intelligence and vulnerability assessment, and other privacy and security areas.

Michael Erickson. CISO of Baptist Health (Louisville, Ky.). Mr. Erickson joined Baptist Health in 1995 and has served as its chief information security officer since November 2016. His other IT roles at Baptist Health have included system director of IT infrastructure, HIPAA security officer and executive director of IT infrastructure and security.

Wayne Floyd. CISO of Saint Francis Healthcare System (Cape Girardeau, Mo.). Saint Francis Healthcare System tapped Mr. Floyd to serve as cybersecurity officer for IT in October 2017. He has more than 20 years of IT experience and is responsible for IT security policy, standards and safeguards at Saint Francis, a Catholic-based system that includes a 306-bed nonprofit tertiary care hospital.

Bruce Forman. CISO of UMass Memorial Health Care (Worcester, Mass.). Mr. Forman serves at UMass Memorial Health, a three-hospital system with 13,000 total employees and 1,125 hospital beds. Before joining UMass, he was director of information security for Genesis HealthCare in Lake Forest, Calif.

Greg Garneau. CISO of Marshfield (Wis.) Clinic Health System. Mr. Garneau is a seasoned information security leader who has acted as CISO of Marshfield Clinic Health System for over seven years. His role entails managing security for the $3 billion integrated system, which is one of the largest rural health systems in the nation. He creates and launches security solutions that protect patient data for the rural populations the system serves. Within five years, he supported the system's acute care growth from one to 11 hospitals, helped implement a medical device security program, assisted with the system's digital transformation to the cloud, increased system resiliency to help react to downtime events, and much more.

Todd Greene. Senior Vice President and Chief Information Security Officer at Advocate Health (Charlotte, N.C.). Mr. Greene is chief information security officer for Advocate Health, the entity created when Atrium Health combined with Advocate Aurora Health in December 2022, forming what is now the third-largest nonprofit health system in the U.S. Mr. Greene and his team of 105 experts are responsible for the entire system's cybersecurity strategy. Mr. Greene prevents cyberattacks by sending out phishing tests to his team to identify and avoid weak spots. During the merger, Mr. Greene worked with Atrium's chief information and analytics officer to ensure patient data remained secured during the time of transition. Additionally, he orchestrated cybersecurity for the closure of Advocate's existing data center and ensured a smooth and protected merger.

Karen Habercoss. Chief Privacy Officer at UChicago Medicine. Ms. Habercoss is responsible for ensuring that the university stays compliant with federal, state and local laws and regulations related to patient privacy and data security. She develops and implements the system's privacy policies and procedures, and ensures the handling of patient information aligns with best practices for data protection. She oversees privacy audits and risk assessments, responding to any identified incidents and data breaches. She and her staff also engage directly with patients, providing responses to questions about privacy. She works with IT and legal on digital health innovations and data sharing. Recently, she formed a group at the university that evaluates the privacy risk of using generative artificial intelligence.

Andy Heins. Vice President and CISO of Lifepoint Health (Nashville, Tenn.). As Lifepoint Health's vice president and CISO, Mr. Heins provides leadership and oversight in Lifepoint’s information security program. This includes the strategic planning, execution, and assessments of the organization's cybersecurity efforts, including access, policies, and third-party strategies. Before joining Lifepoint 13 years ago, he worked for HCA Healthcare and Community Health Systems in Franklin, Tenn.

Dan Henke. Vice President, Information Security Officer at Mercy Technology Services (St. Louis). Mr. Henke has over 20 years of experience in information security. He joined Mercy Hospital and Healthcare in 2013 as the vice president and information security officer responsible for disaster recovery and business continuity of clinical systems. He also is the system's chief HIPAA security compliance officer and has a reputation for building strong technical teams.

Joe Hooks. CISO and CTO of Children's Hospital of The King's Daughters (Norfolk, Va.). Mr. Hooks has spent the past 22 years at Children's Hospital of The King's Daughters, where he currently oversees the information security and technology departments. He has experience overseeing data projects and innovations, including the recent roll-out of new wireless barcode scanners.

Preston Jennings. CISO of Trinity Health (Livonia, Mich.). Since 2016, Mr. Jennings has served as CISO for Trinity Health, a $23 billion healthcare organization with 115,000 colleagues across 25 states. In his role, he leads over 65 security professionals in ongoing implementation and operationalization of information security for the organization. Over the past fiscal year, he and his team have launched over 50 projects, including the transition to enhanced multi-factor authentication for over 100,000 team members, the extension of privileged access management to new platforms and the introduction of data leakage prevention. This has helped to identify and address threat actors in early stages. 

Esmond Kane. CISO of Steward Health Care (Dallas). Mr. Kane brings 25-plus years of experience leading IT and security programs across multiple industries to Steward Health Care. In his role as CISO, he is responsible for assisting clinicians and leaders to deliver high quality care in alignment with industry frameworks, regulations and best practices. Mr. Kane has led intern programs sourcing from local universities, including Cyberwarrior, YearUp, StemMatchMA, BFIT, and more. In June 2021, Mr. Kane was named Cisco's inaugural CISO of the month.

Darrell Keeling, PhD. CISO at Parkview Health (Fort Wayne, Ind.). Dr. Keeling is in charge of developing and implementing an information security strategy at Parkview Health, conducting risk assessments, designing safeguards and protecting against threats. He has established the system's security culture, delivered training programs and collaborated with various departments to align security objectives. He also ensures compliance with data protection and works with the system's legal and compliance teams to stay current on new threats and regulations. He has 25 years of experience leading information technology and security in various industries, including retail, manufacturing, hospitality, banking, finance and healthcare. Dr. Keeling has also been an adjunct professor at six universities, educating on cybersecurity, programming, robot process automation and informatics. 

Kris Kusche. Senior Vice President and System CISO of Albany (N.Y.) Medical Center. Mr. Kusche oversees information security and cybersecurity at Albany Medical Center. He has experience with clinical systems, data architecture and leading infrastructure teams. In addition to his current role, he is a member of the ECRI Institute's advisory board, a past board president of the New York Chapter of HIMSS, and he sits on Excelsior College's industry advisory committee.

Tony Lakin. Vice President and CISO at UT Southwestern Medical Center (Dallas). Mr. Lakin joined UT Southwestern Medical Center in March 2023 as vice president and CISO. He brings 26 years of management and leadership experience to his role, over 13 of which have been spent in information assurance and cyber operations management. Prior to assuming his current role, he served as CISO for Moffitt Cancer Center in Tampa, Fla. 

Thien Lam. Vice President and CISO of BayCare (Clearwater, Fla.). Mr. Lam joined BayCare in 2011. He brings a strong focus on the strategic implementation of the organization’s vision for robust protection via BayCare's information security program which includes IT risk, business resiliency and PCI compliance. He is an avid speaker on security awareness and has a reputation as a mentor to cybersecurity professionals. Before joining BayCare, Mr. Lam was the director of IT security systems and data security officer for Methodist Hospital System in Houston, Texas. He has more than 30 years of experience in IT and information security.

Derrick Lowe. Assistant Vice President of IT Resiliency and CISO at Orlando (Fla.) Health. Mr. Lowe sets the vision and strategy for Orlando Health's cybersecurity, IT risk, and business resiliency programs. He oversees daily cybersecurity needs for the entire organization, which encompasses 15 hospitals, over 200 ambulatory sites, more than 27,000 team members, 4,750 physicians and $9.2 billion in assets. As the system experiences rapid growth through mergers and acquisitions, Mr. Lowe has ensured the seamless IT and clinical engineering integration of each unique entity. He first joined Orlando Health in 2019 as corporate director for IT security and resiliency. 

Les McCullom. CISO of UChicago Medical Center. As CISO of UChicago Medical Center, Mr. McCullom handles all enterprise security programs, safeguarding all information assets and technologies. He leverages experience in risk management and strategic planning to help the medical center achieve its goals. He brings to his role a background in board membership and governance, as he has served on multiple not-for-profit boards.

Matthew Modica. Vice President and CISO of BJC HealthCare (St. Louis). Mr. Modica is a servant leader who holds 25 years of experience in the information security and technology fields at multiple Fortune 1000 companies across the financial services, healthcare and data services industries. He is a certified information security manager and has served on multiple nonprofit and customer advisory boards, such as the St. Louis CISO Board, Securonix Advisory Board and Autism Speaks Heartland Board. He is also a governing body member of the Evanta STL CXO Summit. He is an adjunct professor for cybersecurity courses in the McKelvey School of Engineering and serves on the cybersecurity advisory committee at Washington University in St. Louis.

Richard Mitchell. CISO and Director of IT and Security at Eagleville (Pa.) Hospital. Mr. Mitchell brings 25 years of experience in healthcare and financial services to his role as CISO and director of IT at Eagleville Hospital, a 305-bed independent hospital. Prior to joining Eagleville, Mr. Mitchell worked as the manager of technology services at the data center at Catholic Health Initiatives' data center in Exton, Pa.

Ronald Mehring. CISO and Vice President of Information Security for Texas Health Resources (Arlington). Mr. Mehring oversees information security for Texas Health Resources, which serves 16 counties and 6.2 million people in Texas. He began his career in the Marine Corps and served for 21 years before he joined the Department of Veterans Affairs and led compliance assessment teams. His experience at the VA was a springboard to his current role at Texas Health Resources.

Jacki Monson. Senior Vice President, Chief Integration Officer and Chief Privacy Officer of Sutter Health (Sacramento, Calif.). For the past 12 years, Ms. Monson has been responsible for all aspects of privacy and information security. Ms. Monson is a member of the HHS's Health Care Industry Cybersecurity Task Force, and previously held the chief privacy officer role at Rochester, Minn.-based Mayo Clinic.

Mike Mucha. Chief Information Security Officer at Stanford Health Care (Palo Alto, Calif.). Mr. Mucha leads the cybersecurity and operations program across the teaching, research and patient care missions at Stanford's School of Medicine and Stanford Health Care. He manages enterprise cybersecurity for life critical patient care systems, patient attached medical devices, facilities operations technology, information technology, supply chain and financial systems and the fitness of all security programs for both cyber risk management and impact of cyber controls on usability and the efficiency of medical center operations. Mr. Mucha has backgrounds in both engineering and legal, bringing a technical and a legal compliance point of view. He has been with Stanford for over 20 years, setting its data security strategy and ensuring its successful implementation. 

Hai Ngo. CISO of NYU Langone Medical Center (New York City). Mr. Ngo has spent the past 15 years at NYU Langone and he currently oversees information security of the health system. He has previous experience as director of IS at Deutsche Bank – MaxBlue Americas and vice president of IS at PaineWebber. He has spent his career helping to build organizations in healthcare, biomedical research and finance fields as well as startups.

Mitchell Parker. Executive Director of Information Security at IU Health (Indianapolis). Mr. Parker has expertise in security governance, regulatory compliance and risk management. In his role as executive director of information security and compliance at IU Health, Mr. Parker is responsible for the information security of the 2,696-bed health system's patients and nearly 30,000 employees. He is an avid speaker on several health IT topics, with a recent focus on blockchain in healthcare.

Jim Perkins. Vice President and CISO of Novant Health (Winston-Salem, N.C.). Mr. Perkins serves as head of information security at Novant Health, a 16-hospital health system with more than 36,000 team members and physician partners. He has developed a reputation as a team builder and a mentor to the next generation of leaders in cybersecurity. 

Robert Perry. Chief Information Security Officer at Carilion Clinic (Roanoke, Va.). Mr. Perry is Carilion's first-ever chief information security officer. He is responsible for overseeing the development, implementation and maintenance of its cybersecurity program. He ensures that Carilion's data and systems are secured from unauthorized access, data breaches and cyber threats. He sets up and enforces information security policies, develops and implements security measures and monitors threats and vulnerabilities. He has worked in information security leadership for over 20 years, designing and implementing security programs that reduce risk and increase compliance with regulatory requirements. He also established Carilion's security awareness and training program. 

Michael Prakhye. Director of Information Security and CISO of Adventist Healthcare (Gaithersburg, Md.). Mr. Prakhye is an director of information security and CISO at Adventist HealthCare, responsible for safeguarding sensitive information and patient data through the implementation of robust policies and procedures. With a strong technical background, he is responsible for identifying security risks, conducting regular audits, and staying up-to-date with emerging threats and technologies. Mr. Prakhye's strategic planning abilities have resulted in effective security strategies, ensuring regulatory compliance with data protection laws.

Andy Price. Vice President of Information Technology, CIO and CISO of St. Claire HealthCare (Morehead, Ky.). Mr. Price is vice president of information technology, CIO, and CISO at St. Claire Healthcare, where he oversees the organization's cybersecurity and privacy programs. He brings strong technical expertise and numerous cybersecurity certifications to both his role at St. Claire and his volunteer work with various cybersecurity groups. Prior to becoming CIO and CISO, Mr. Price served as administrative director of information technology at the health system.

Steven Ramirez. Vice President and CISO of Renown Health (Reno, Nev.). As vice president and CISO of Renown Health, Mr. Ramirez oversees the development, maintenance and implementation of information security processes within the organization's information security program. Prior to working with Renown Health, he served as CISO and assistant vice president of University of Louisville Health in Kentucky.

Joshua Roth. CISO of Children's Hospital of Orange County (Orange, Calif.). Mr. Roth is responsible for overseeing the quality and security of business partner, employee and patient information at Children's Hospital of Orange County. He brings over 17 years of experience in cybersecurity to his role, many of which has been spent in the healthcare industry. He has expertise in ensuring that security strategies align with industry standards and regulatory requirements.

Sanjeev Sah. Vice President and CISO of Centura Health (Centennial, Colo.). Mr. Sah is a vice president and CISO at Centura Health, where he leads a team of 47-plus dedicated resources, including deputy CISO. In his role, he delivers strategic priorities and a multi-year cybersecurity program while overseeing people, finances, and performance-based outcomes for Centura Health. Prior to his current role, Mr. Sah served as vice president and CISO at Medical University of South Carolina.

William Scandrett. Vice President and CISO of Allina Health (Minneapolis). Mr. Scandrett joined Allina Health as CISO in 2016. He handles all aspects of the system's cybersecurity functions, such as threat and vulnerability management, identity and access management, and governance, risk and compliance. He also leads medical device security and the organization's IoT program. He has a stellar reputation for proactivity and for addressing security risks before they happen. He brings prior experience leading information security in retail, finance and healthcare. 

Michael Shrader. Director of Information Security at WellSpan Health (York, Pa.). Mr. Shrader establishes and maintains the information security program for WellSpan, ensuring information assets, associated technology, applications, systems, infrastructure and processes are adequately protected across 20,000 team members and 220 locations. He identifies, evaluates and reports on legal, regulatory, information technology and cybersecurity risk while supporting business objectives. Since joining the role, he has grown WellSpan's cybersecurity team and evolved and improved the company's security posture. 

Ben Smith. Vice President and CISO of Nuvance Health (Danbury, Conn.). For over 20 years, Mr. Smith has been dedicated to building world class information security and IT risk management organizations within the healthcare industry. Currently, he serves as the vice president and CISO of Nuvance Health, an integrated health system with more than 15,000 team members spanning seven hospitals and over 200 clinics. In support of Nuvance’s goals, Mr. Smith oversees the information security and IT risk management vision, strategy, delivery, and operations. He also oversees infrastructure, cloud, and service management functions for the organization.

Glynn Stanton. Vice President of Information Technology, Chief Information Security Officer and Chief Technology Officer at Yale New Haven (Conn.) Health System. Mr. Stanton is responsible for maintaining information security for the Yale New Haven Health System, which serves patients across three different states in the region. He provides direction for the system across cybersecurity, IT auditing, patient privacy, disaster recovery and incident management. He coordinates both technical and administrative controls around the security office for the system. Mr. Stanton has been with Yale for 11 years, and has held his current C-suite role for eight of those years. He was brought to the system to build the office of information security, which has increased from three to 40 staffers since he joined. At the start of the COVID-19 pandemic, he took responsibility for rolling out additional security capacity for remote access, doubling capabilities for staff to work remotely. He increased capacity for the system's telehealth program, reducing the usage of in-person PPE and reducing the number of clinicians needed in patient rooms. 

Hussein Syed. CISO of RWJ Barnabas Health (West Orange, N.J.). Mr. Syed serves as CISO of RWJ Barnabas Health, where he drives cybersecurity strategy to secure technology and data assets for the academic healthcare system. He is playing a key role in the implementation of the system's historic overhaul of its EHR platform. During his time as CISO, he has grown the department into several divisions focused on risk, architecture, operations, vulnerability management, and identity and access management.

Patrick Tisdale. CISO of Monument Health (Rapid City, S.D.). Mr. Tisdale oversees information security at the six-hospital Monument Health. The health system also has seven urgent care locations, senior care and home health services. He has previous experience as Regional Health Rapid City Hospital's application supervisor and as a consultant with Darca Consulting.

Teresa Tonthat. Vice President and Associate CIO, CISO and Chief Technology Officer at Texas Children's Hospital (Houston). Ms. Tonthat is responsible for information technologies, cybersecurity, medical records, clinical applications, information technology infrastructure and health technology management at Texas Children's. She secures the data of over 90,000 devices, 24,000 employees and contractors, 800 applications and seven petabytes of data. Under her leadership, the system has matured its cybersecurity program, protecting itself from internal and external harms. She has built a relationship with the executive team and board that promotes cybersecurity principles. She also significantly increased the cybersecurity team and its funding, which increased overall cybersecurity maturity. 

Jeffrey M. Vinson, Sr. Senior Vice President and Chief Cyber & Information Security Officer of Harris Health System (Bellaire, Texas). Mr. Vinson was promoted to senior vice president and chief cyber and information security officer at Harris Health System in 2020 after having been with the organization since 2013. In his current role, he is responsible for developing and executing a strategic cyber vision in alignment with organizational goals to ensure patient safety. In 2022 and 2023, Mr. Vinson was recognized as a Top 50 Information Security Professional by Oncon Icon.

Aaron Wishon. Vice President and CISO of Cook Children's (Fort Worth, Texas). Mr. Wishon oversees information security for Cook Children's, which includes a medical center and physician network that has more than 60 primary, specialty and urgent care locations in Texas. There are 303 specialty care doctors in the network. In September 2019, the College of Healthcare Information Management Executives recognized Cook Children's as one of the nation's Most Wired hospitals.

Randy Yates. Vice President and Chief Information Security Officer at Memorial Hermann Healthcare System (Houston, Texas). Mr. Yates is responsible for the development and execution of Memorial Hermann's security strategic plan for 30,000 employees, 6,700 providers and 15,000 business partner users. He oversees the system's data security program, ensures implementation of technical solutions for data security, access management, security risk assessment, cyberattack response, business resiliency and executive governance of the security program. He coordinates internal and external audit inquiries, manages digital compliance efforts and manages information security policies. He helped transform Memorial's information security team into a full-service InfoSec and cybersecurity program. In 2021, his team organized an exercise for a common ransomware attack. He also established an internship program in the Memorial cybersecurity department to bring interns into full-time roles on the team. 

Dee Young. CISO of UNC Health (Chapel Hill, NC). Ms. Young is CISO for UNC Health, where she ensures the overall cyber resiliency of the system and leads teams responsible for cybersecurity, information and medical device security compliance, emerging technology security and cyber risk management efforts. Her innovative spirit has led UNC Health in the implementation of cutting-edge tools and processes such as generative AI for care teams, virtual nursing initiatives and the Advance Care at Home program. She has over 20 years of security and technology experience, ranging from healthcare to academia. 

Vugar Zeynalov. CISO of Cleveland Clinic. Since 2017, Mr. Zeynalov has served as CISO for Cleveland Clinic, where he is responsible for a cybersecurity organization of over 100 caregivers. Mr. Zeynalov leads his team in controlling IT assets including clinical, research, and educational areas of the enterprise. Prior to joining Cleveland Clinic, Mr. Zeynalov operated as executive director of information security of Blue Cross Blue Shield of Illinois, Montana, New Mexico, Oklahoma and Texas as well as head of information security at pharmaceutical and medical device company Hospira.

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.


Featured Whitepapers

Featured Webinars