Michigan’s healthcare sector is one of the most complex in the Midwest, spanning academic medical centers, regional health systems, long-term care, and the statewide associations that set the security standards many smaller organizations depend on. The leaders in this feature are not working in comparable environments. They are securing a $500 million long-term care operator, a 64,000-person integrated health system formed from a merger, an academic medical center with a research and education mission, a regional health system, and the association that supports hospital security statewide. What connects them is the weight of the work.
Shawn Campbell Sr. — Chief Information Security Officer, Ciena Healthcare
Thirty years in security, engineering, and IT across healthcare, automotive, law enforcement, and financial industries precede Shawn Campbell’s decade-long tenure at Ciena Healthcare, where he serves as CISO and risk and privacy officer for a $500 million long-term care organization. He reports directly to the CEO and board, leads enterprise threat management, and oversees HIPAA and HITECH compliance. He is a founding member of the Michigan Healthcare Cybersecurity Council, a member of CHIME and AEHIS, a founding advisor board member of AVIEN, and a published author in Virus Bulletin magazine on scaling security in large corporate environments. He speaks regularly at national conferences including the Millennium Alliance, CISO Healthcare Connect, and CSO World. Few Michigan healthcare security leaders have built as broad a public profile alongside their operational responsibilities.
Tina Basch — Vice President and Chief Information Security Officer, McLaren Health Care
Tina Basch joined McLaren Health Care as VP and CISO in June 2025, bringing a career that spans insurance, health system infrastructure, and interim executive leadership across some demanding environments. At Baystate Health in Massachusetts, she held the VP and CISO role, briefly served as interim senior vice president and chief digital officer, and previously led as CISO during a period of significant operational pressure. Before Baystate, she spent more than four years at AF Group in Lansing, moving from director of information security to CISO. That path, from insurance into health system security leadership and back to Michigan, reflects a breadth of regulated-sector experience that informs how she approaches security governance, risk management, and operational resilience at McLaren.
Mike Nowak — Vice President and Chief Information Security Officer, Michigan Health and Hospital Association
Mike Nowak has served as VP and CISO at the Michigan Health and Hospital Association for fifteen years, a tenure that positions him as one of the longer-serving security leaders in Michigan’s healthcare ecosystem. His background tells an interesting story: he started as a chemical operations and training NCO in the US Army, moved into output analysis at Jackson National Life, then spent nearly a decade at Accident Fund Insurance Company of America progressing from application analyst to web application developer, building hands-on expertise in identity management, web security, and application architecture. He holds a BAS in network security from Davenport University. The combination of military discipline, insurance sector IT experience, and a decade and a half of statewide healthcare security leadership gives him a foundation that is more operationally grounded than most association-level roles suggest.
Scott Dresen — Senior Vice President and Chief Information Security Officer, Corewell Health
When Beaumont Health and Spectrum Health merged to form Corewell Health in 2022, Scott Dresen was already there. He had served as SVP and CTO/CISO at Spectrum Health for four years before the merger, and before that spent more than eight years as SVP of technology services at the same organization. His current remit covers the security and technology operations of a health system with 64,000-plus employees, more than 11,500 physicians and advanced practice providers, 22 hospitals, 300-plus outpatient locations, and a health plan serving 1.2 million members. He holds an MBA from the University of Michigan Ross School of Business and Fellow status with both the American College of Healthcare Executives and HIMSS. Fifteen years inside a single health system that then became one of Michigan’s largest gives him a depth of institutional knowledge that no external hire could replicate.
Jack Kufahl — Chief Information Security Officer, Michigan Medicine
Jack Kufahl has led information security at Michigan Medicine for more than a decade, expanding his accountability in 2022 to include affiliate hospital UM Health West and again in 2024 to include UM Health Sparrow in Lansing. He trained at the US Army War College and the FBI CISO Academy, served as deputy CIO at Michigan Medicine for two years, and has been a board member and former president of the Michigan Healthcare Cybersecurity Council since 2016. He currently contributes to the University of Michigan Ross School of Business Executive Education program, teaching information security, digital risk, and privacy as part of the Chief Data and AI Officer course. His framing of security as a storytelling and communication discipline, rooted in his time at the Army War College, shapes how he translates complex risk into language that resonates with clinical leaders, elected officials, and executive stakeholders alike.
Michigan Healthcare Security at Its Most Consequential
The environments in this feature are not comparable in size or complexity, but the accountability is the same across all of them: protect patient data, keep clinical systems available, and maintain the trust of people who have no choice but to share their most sensitive information with the institutions these leaders secure. Michigan’s healthcare security bench is meeting that responsibility with leaders who have, in several cases, spent a decade or more building the programs behind it.
Discover more healthcare CISOs: