Healthcare has become one of the most targeted sectors in the threat landscape. From national health data platforms and diagnostic labs to digital-first care providers and provincial health authorities, Canadian healthcare organizations now operate some of the most complex and sensitive IT environments in the country. Cybersecurity leadership in this space isn’t just about protecting systems; it’s about preserving public trust, enabling care delivery, and keeping essential services running under constant pressure.
This list highlights security leaders shaping that reality across Canada’s healthcare ecosystem. Some hold the formal CISO title, while others operate in adjacent executive roles spanning privacy, governance, and digital leadership. What unites them is influence: each plays a meaningful role in securing healthcare at scale, navigating regulatory scrutiny, and translating cyber risk into outcomes that matter for patients, clinicians, and the public.
Nilesh Shastri — Chief Information Security Officer, Canadian Institute for Health Information (CIHI)
As CISO of CIHI, Nilesh Shastri is responsible for safeguarding one of Canada’s most critical national health data assets. CIHI sits at the intersection of policy, analytics, and care delivery, making its security posture foundational to trust across the health system. Shastri brings a steady, governance-driven approach to information security, balancing privacy, data integrity, and availability while supporting CIHI’s mandate to deliver actionable insights at a national scale.
Mike Melo — Former CISO & VP, IT Shared Services, LifeLabs Medical Laboratory Services
While Mike Melo is now CISO at TMX Group, his impact on Canadian healthcare cybersecurity was forged during his tenure at LifeLabs. Following one of the country’s most visible healthcare data breaches, Melo led a multi-year, $50M post-breach transformation, rebuilding trust with regulators, customers, and the public. His work integrated security and IT operations, modernized cloud infrastructure, and delivered measurable improvements in resilience, service reliability, and organizational confidence. His healthcare legacy remains a benchmark for post-incident leadership.
Gary Rankin — Chief Information Security Officer, Hamilton Health Sciences (HHS)
With a long tenure at Hamilton Health Sciences, Gary Rankin has overseen security for one of Ontario’s largest hospital networks. His experience reflects the realities of healthcare environments where legacy systems, clinical uptime, and patient safety converge. Rankin’s sustained leadership demonstrates how consistency, institutional knowledge, and operational pragmatism remain critical assets in hospital cybersecurity.
Iain Paterson — Chief Information Security Officer, WELL Health Technologies
Iain Paterson leads security for one of Canada’s most active digital health platforms. WELL Health’s ecosystem spans thousands of EMR instances, hundreds of clinics, and a fast-moving M&A strategy. Paterson’s role is less about static defense and more about enabling growth, identifying risk early, integrating acquisitions securely, and delivering practical controls that scale alongside the business. His work highlights how modern healthcare security increasingly lives at the intersection of technology, transactions, and trust.
Rob Davidson — Associate Vice President & Chief Information Security Officer, PBC Solutions
Rob Davidson brings deep technical credibility and standards-driven execution to healthcare benefits and insurance services. At PBC Solutions and Pacific Blue Cross, he has focused on translating frameworks like ISO, NIST, and PCI into real-world operational security. His emphasis on repeatability, clarity, and business alignment reflects the maturity required to secure health-adjacent platforms that millions of Canadians depend on.
Richard Henderson — Assistant Deputy Minister & Chief Information Officer, Government of Alberta
While Richard Henderson does not currently hold the CISO title, his influence on healthcare cybersecurity is substantial. As former Executive Director and CISO at Alberta Health Services, he led security for one of the largest healthcare environments in the world—spanning 106 hospitals, nearly 150,000 staff, and the largest Epic deployment globally. Now, as CIO for the Government of Alberta, his perspective continues to shape how large public-sector health systems balance innovation, resilience, and public trust.
Robert Martin — Former Senior Director, Security, Canada Health Infoway
Robert Martin played a pivotal role in securing national digital health initiatives, including PrescribeIT, Canada’s e-prescribing system. While his title was Senior Director rather than CISO, his scope was unmistakably CISO-level, overseeing security architecture, compliance, board reporting, and national stakeholder coordination. His work connecting vendors, regulators, and healthcare providers underscores how ecosystem security leadership often extends beyond formal titles.
Lia Sana — Director, Information Security & Data Stewardship, Fraser Health Authority
Lia Sana represents the next generation of healthcare security leadership. As Director of Information Security & Data Stewardship at Fraser Health, she operates at the intersection of cyber risk, data governance, and clinical trust. Her role reflects a growing recognition that security and data stewardship are inseparable in modern healthcare, particularly within large regional health authorities.
Ariane Siegel — General Counsel & Chief Privacy Officer, OntarioMD
Ariane Siegel does not carry the CISO title, but her role is foundational to healthcare security in Ontario. As General Counsel and Chief Privacy Officer at OntarioMD, she helps protect digital health services used by over 14,000 physicians. Her work ensures that EMR adoption, interoperability, and clinician-facing tools align with privacy, legal, and trust obligations, making her an essential figure in the broader security landscape.
Philip Owen — Global Chief Information Security Officer, TELUS Health
Philip Owen leads global cybersecurity for TELUS Health, protecting health data for more than 150 million lives across 160+ countries. As the organization’s first dedicated CISO, he built a six-team security function spanning threat intelligence, acquisition security, assurance, and data protection. His work exemplifies how Canadian healthcare security leadership now operates on a global stage, balancing domestic regulations with international scale and complexity.
The Leaders Redefining Healthcare Security
Canadian healthcare cybersecurity is no longer confined to hospital basements or compliance checklists. It is shaped by leaders who understand scale, public accountability, digital transformation, and human trust. Whether holding the CISO title or operating in adjacent executive roles, the individuals on this list are redefining what it means to secure healthcare, quietly, persistently, and with impact that extends far beyond technology.