Massachusetts’ health and wellness ecosystem spans healthcare delivery systems, digital health startups, payer organizations, pharmacy services, and AI-driven care platforms. Security leadership in this sector must protect sensitive patient data, ensure regulatory compliance, and support innovation in cloud-native and AI-enabled environments—while maintaining trust at every layer of care delivery. The leaders below reflect the range of cybersecurity strategy now required across modern health systems.
Mike Higgins — Fractional Chief Information Security Officer, Qualified Health
Mike Higgins serves as Fractional Chief Information Security Officer for Qualified Health while leading MoorSecurity, a boutique executive security advisory firm. With prior roles including Head of Security at Amazon Healthcare and CISO for the Haven healthcare venture, he brings deep experience building and maturing security programs in complex, high-growth environments. His career spans executive security leadership at global organizations including The New York Times, NBCUniversal, and LexisNexis, where he established governance models, strengthened regulatory compliance programs, and drove measurable risk reduction initiatives. In health-focused environments, he applies board-level advisory expertise, AI-aware risk strategy, and cloud security discipline to help organizations scale securely.
Sameer Sule — Chief Information Security Officer and Vice President of Compliance, Rhapsody
Sameer Sule leads information security and compliance at Rhapsody, where he aligns risk mitigation with business growth and evolving healthcare regulatory requirements. His expertise spans governance, incident response, vendor risk management, and compliance across frameworks including ISO 27001, NIST, HITRUST, SOC 2, HIPAA, GDPR, and FedRAMP. He regularly communicates security posture updates to executive leadership and board committees, reinforcing transparency and accountability in regulated health technology environments.
Derek Costa — Vice President of IT Infrastructure and Chief Information Security Officer, Shields Health Solutions
Derek Costa oversees IT infrastructure and cybersecurity at Shields Health Solutions, drawing from extensive leadership experience across healthcare and financial services. His background includes enterprise IT modernization, program management, and operational delivery at major institutions. At Shields, he aligns infrastructure resilience with security strategy, supporting scalable healthcare services while maintaining disciplined governance and risk management practices.
Matt Shaw — Chief Information Security Officer, Southcoast Health
Matt Shaw leads cybersecurity strategy at Southcoast Health, advancing from governance and risk management roles into executive security leadership within a major regional healthcare system. His background includes experience in financial services security prior to transitioning fully into healthcare, providing cross-industry perspective on risk management and compliance. As CISO, he focuses on protecting clinical systems, patient data, and operational infrastructure while strengthening enterprise-wide governance and resilience.
Strengthening Trust in a Digitally Connected Care Ecosystem
Across providers, digital health innovators, and health services platforms, cybersecurity has become foundational to delivering safe and reliable care. Massachusetts’ health and wellness security leaders demonstrate how governance maturity, cloud-aware architecture, AI oversight, and board-level engagement combine to protect patient data and sustain innovation in one of the most sensitive and mission-critical sectors of the economy.
To see how cybersecurity leadership scales across digital platforms and enterprise infrastructure, explore CISOs to Watch in Massachusetts’ Information Technology Industry.