Hospitals and healthcare systems operate in one of the most complex cybersecurity environments in the world, where patient safety, clinical uptime, regulatory compliance, and data privacy intersect. As digital health platforms expand and threat actors increasingly target healthcare, security leaders must balance resilience, innovation, and trust. The CISOs featured here exemplify how modern healthcare cybersecurity leadership protects not just data and systems, but the continuity of care itself.
Anahi Santiago — Chief Information Security Officer, ChristianaCare
Anahi Santiago leads the enterprise information security and privacy program at ChristianaCare, providing strategic oversight across policy, governance, risk management, and regulatory compliance. Her role positions cybersecurity as a trusted advisory function to senior leadership, workforce members, and business associates, ensuring security practices are embedded throughout the organization.
She oversees standards and controls implementation, training and awareness initiatives, and regular risk assessments, while maintaining close partnerships with internal and external auditors. Anahi also collaborates actively with state and federal regulatory bodies, contributing to the evolution of privacy and information security regulations that govern healthcare organizations. A respected leader within the security community, she serves on steering and advisory committees and is deeply passionate about governance, privacy, and strategic alignment, helping ChristianaCare protect patient data while advancing high-quality, secure care delivery.
Wayman Cummings — Vice President & Chief Information Security Officer, Ochsner Health
Wayman Cummings drives enterprise-wide cybersecurity strategy at Ochsner Health, aligning security initiatives directly with the organization’s mission to deliver world-class patient care. He leads the development and governance of advanced security frameworks designed to protect sensitive patient information while proactively mitigating emerging cyber risks.
An inclusive and innovative executive, Wayman has built and led diverse, high-performing security organizations across complex environments. His leadership spans security intelligence, incident response, vulnerability management, and compliance-driven operations. Known for translating cyber risk into business-relevant insights, he provides transparent reporting to executive leadership and the board. Wayman’s approach emphasizes maturity, resilience, and measurable outcomes, ensuring cybersecurity strengthens operational continuity and patient trust across Ochsner’s healthcare ecosystem.
Todd Greene — Senior Vice President & Chief Information Security Officer, Advocate Health
Todd Greene brings decades of healthcare cybersecurity leadership to his role as SVP and CISO at Advocate Health. With deep expertise in information security operations, governance, and regulatory compliance, he plays a critical role in protecting clinical systems and sensitive patient data across a large, integrated health system.
Todd’s experience spans HIPAA, PCI compliance, security training, and executive communication, enabling him to bridge technical execution with organizational awareness. He is recognized for building programs that prioritize both compliance and operational effectiveness, ensuring security initiatives support care delivery rather than disrupt it. His leadership reflects a steady, disciplined approach to cybersecurity in a highly regulated, mission-critical environment.
Wendy Kacer — Senior Vice President & Chief Information Security Officer, CommonSpirit Health
Wendy Kacer is a globally experienced cybersecurity executive known for building and executing large-scale governance, risk, and compliance strategies across complex healthcare organizations. As SVP and CISO at CommonSpirit Health, she leads enterprise security and information risk programs spanning the US and international operations.
Her career includes leading high-performing teams across onshore and offshore models, with a strong focus on stakeholder engagement at all levels of the organization. Wendy’s global experience has shaped her ability to navigate regulatory, cultural, and operational differences while maintaining consistent security standards. Passionate about leadership development, she places strong emphasis on team growth and organizational resilience, ensuring cybersecurity capabilities scale alongside CommonSpirit’s mission-driven healthcare delivery.
TJ Bean — Vice President of Information & Cybersecurity, HCA Healthcare
TJ Bean oversees one of the largest healthcare cybersecurity organizations in the world, managing a department of 100+ professionals securing over 2 million endpoints across 180 hospitals and thousands of physician offices. His scope includes product security, secure AI development, Zero Trust architecture, exposure management, and 24×7 cyber defense operations.
A long-standing thought leader at HCA Healthcare, TJ has played a foundational role in building key cybersecurity capabilities, including SIEM, phishing defense, vulnerability management, GRC programs, and the organization’s first internal Cyber Defense Center. His leadership blends deep technical expertise with large-scale execution, driving resilience across clinical, cloud, and cyber-physical environments. TJ is widely respected for empowering teams, managing complex budgets, and delivering measurable security outcomes in a Fortune 100 healthcare enterprise.
John Taylor — Deputy CISO & Executive Director of Cybersecurity, Johns Hopkins Medicine
John Taylor serves as Deputy CISO for Johns Hopkins University and Medicine, leading a team of more than 45 professionals responsible for systems management, monitoring, and cybersecurity across one of the world’s most respected academic medical institutions.
His role spans both healthcare delivery and academic research environments, requiring a balanced approach to security, availability, and innovation. John’s leadership focuses on operational excellence, continuous monitoring, and scalable security controls that support clinical care, education, and research missions. By aligning cybersecurity operations with institutional priorities, he ensures Johns Hopkins maintains resilience across its global footprint while supporting groundbreaking medical research and patient care.
Rakesh Sharma — Chief Information Security Officer, Cleveland Clinic
Rakesh Sharma is a transformative cybersecurity and IT leader with a proven track record of building security organizations from the ground up. As CISO at Cleveland Clinic, he brings extensive experience leading cybersecurity programs across both healthcare and financial services sectors.
A trusted advisor to senior executives and boards, Rakesh is known for navigating complex organizational environments while driving measurable risk reduction. He is a passionate mentor who prioritizes team development, cross-functional collaboration, and long-term capability building. His leadership style emphasizes strategic vision paired with hands-on execution, enabling Cleveland Clinic to strengthen cyber resilience while continuing to deliver world-class patient care.
Andrew Coyne — Vice President & Chief Information Security Officer, Banner Health
Andrew Coyne is a veteran healthcare CISO with experience securing some of the world’s most advanced hospital systems. Now VP and CISO at Banner Health, he previously led cybersecurity for a $20B+ global healthcare enterprise, building a world-class security organization of more than 240 professionals.
Andrew achieved significant reductions in major incidents through data-driven risk governance, advanced threat detection, and root-cause remediation. He is also a technology innovator, having spearheaded hybrid cloud security architectures supporting AI-powered healthcare platforms protecting millions of medical records. A trusted partner to boards and executive teams, Andrew excels at aligning cyber resilience with clinical operations, innovation, and regulatory compliance in mission-critical healthcare environments.
Defenders of Digital Care
Healthcare cybersecurity is no longer just about protecting data; it is about safeguarding patient outcomes, clinical trust, and system-wide resilience. The leaders featured here demonstrate how effective healthcare CISOs blend technical excellence, regulatory fluency, and executive leadership to protect environments where downtime and breaches carry human consequences. As hospitals continue to digitize care delivery, these CISOs are shaping secure foundations that enable innovation while preserving the integrity of healthcare itself.