Wisconsin’s healthcare sector spans major academic medical centers, regional health systems, and community hospitals serving patients across the state and into neighboring Michigan and Minnesota. The CISOs in this feature are protecting electronic health records, clinical systems, research data, and the operational infrastructure that patient care depends on every day. Their backgrounds range from military service and national intelligence work to financial technology and energy utilities, and all of them have landed in healthcare security, where the stakes are as high as they get.
Chad Joranlien — Chief Information Security Officer, Mercyhealth
Chad Joranlien joined Mercyhealth as CISO in July 2025, bringing a background built across healthcare, financial technology, and payments security. He spent nearly four years as CISO at WPS Health Solutions in Madison before moving to Mercyhealth, and before that spent nearly seven years as director of IT security oversight at Fiserv and more than four years as director of information security at TSYS, giving him a grounding in financial services security that informs how he approaches compliance and risk governance in a regulated healthcare environment. His earlier career includes information security officer at Promega Corporation and nine years as manager of network security, capacity, and performance at TDS Telecom. That arc through telecommunications, life sciences, payments, and health insurance before arriving at a regional health system reflects a security leader whose cross-sector experience shapes how he thinks about risk across genuinely different operating environments.
Trevor Martin — Vice President and Chief Information Security Officer, UW Health
Trevor Martin joined UW Health as VP and CISO in October 2023, bringing a background built almost entirely in healthcare and technology operations. He spent more than six years at Carle Health in Illinois, progressing from IT cybersecurity manager through director of information security to executive director and information security officer, before stepping into his current role leading security for one of Wisconsin’s most prominent academic health systems. Before his healthcare security career, he spent nearly eight years at Wolfram Research as a senior Windows administrator, development operations lead, and ultimately director of technical operations, overseeing thousands of physical and virtual machines and global security policy enforcement. That systems administration and technical operations foundation gives him a practitioner-level understanding of the infrastructure he now leads from a security perspective at a complex academic medical center environment.
Lucas Otten — Vice President of Information Security and Chief Information Security Officer, Aspirus Health
Lucas Otten leads cybersecurity for Aspirus Health, an eighteen-hospital system serving central Wisconsin, eastern Minnesota, and Michigan’s Upper Peninsula, and simultaneously serves as executive vice president of the Michigan Healthcare Cybersecurity Council, a nonprofit strengthening collective defense across the healthcare industry statewide. Before Aspirus, he spent nearly five years as CISO at Munson Healthcare in Traverse City, Michigan, where he built the dedicated information security function through adoption of HITRUST, GRC, and COBIT principles, following six years as manager of cybersecurity and operations and lead network engineer at the same organization. His career traces a direct line from network technician at the Sault Tribe of Chippewa Indian through network engineering, cybersecurity operations management, and CISO roles, giving him twenty years of technical and operational experience that informs how he approaches security in complex multi-site healthcare environments.
Richard Durost — Vice President and Chief Information Security Officer, Froedtert ThedaCare
Before arriving in healthcare, Richard Durost spent more than two decades as a Lieutenant Colonel in the United States Army, earning a BS in General Engineering from West Point and an MS in Computer Science from the Naval Postgraduate School, where he was recognized as the best student in the Computer Science curriculum and received the Rear Admiral Grace Murray Hopper Award. His post-military career includes senior program management in Microsoft’s Cloud and Enterprise Security Division, chief and deputy chief roles in the Information Assurance Directorate at the National Security Agency, security operations leadership at Providence St. Joseph Health, and a management role at Deloitte. He joined Froedtert Health as director of IT security and deputy CISO in January 2019, served as interim CISO from May 2023, and stepped into the VP and CISO role at Froedtert ThedaCare in January 2024, where he leads security governance and operations for the combined health system. That trajectory from West Point through the NSA and Microsoft to a major Wisconsin health system is not a common one, and it reflects the breadth of experience he brings to a role that requires both strategic vision and operational discipline.
Carl Cahill — Vice President, Enterprise Information Security Risk Management, Emplify Health
Carl Cahill joined Emplify Health in La Crosse as VP and CISO in June 2025, bringing a background that spans energy, insurance, and global retail at significant scale. He spent more than ten years at Duke Energy in security leadership roles before serving as CISO at WPS Health Insurance in Madison. He then spent more than five years at Ahold Delhaize, first as director of cyber defense and operations in the US, then as EU CISO overseeing security for the company’s European operations, and finally as US CISO and VP of information security for the company’s US-based operating companies including Food Lion, Giant Food, and Stop and Shop. That combination of critical infrastructure security, health insurance compliance, and global retail cybersecurity at enterprise scale gives him a cross-sector depth that is uncommon in regional health system security leadership.
David Hotchkiss — Vice President, Chief Information and Security Officer, Medical College of Wisconsin
David Hotchkiss has served as VP and chief information and security officer at the Medical College of Wisconsin since October 2012, overseeing information services for 100 FTEs and a $31 million budget across one of the nation’s leading academic medical centers. In that tenure he founded MCW’s Information Security division, designed hybrid-cloud architecture for workforce and learners, delivered institution-wide work-anywhere capability in approximately two weeks during the pandemic, stood up tele-psychiatry in 48 hours, and launched the Research Computing Center. He reports to the Board of Trustees on progress and risk. Before MCW, he spent nearly seven years at the University of Texas Health Science Center at San Antonio across director, interim CIO, interim chief administrative officer, and interim VP of human resources roles, and before that held director-level clinical informatics roles at Tenet Healthcare and Cleveland Clinic. More than twenty-eight years in healthcare technology, most of it at the intersection of clinical operations, research computing, and security governance, makes him one of Wisconsin’s most experienced leaders in academic medical center technology and security.
Wisconsin’s Healthcare Security Bench Is Built for Complexity
The leaders in this feature are not operating in simple environments. They are securing health systems that span dozens of hospitals, clinical research operations, academic programs, and patient data obligations that carry the full weight of HIPAA, HITRUST, and an evolving regulatory landscape. Several of them came to healthcare security from entirely different sectors, bringing perspectives from national intelligence, energy utilities, global retail, and financial technology that have made their programs stronger for it. The patients, clinicians, and researchers depending on those programs are well served.
Discover more CISOs protecting the healthcare industry:
- Missouri’s Healthcare CISOs to Watch: Protecting Patients Across the Show-Me State
- Protecting Michigan’s Patients: The State’s Healthcare CISOs
- Colorado’s Healthcare Cybersecurity Leaders: Protecting Patients at Scale
- Securing Patient Data and Business Continuity: Arizona’s Healthcare CISOs
- Cybersecurity Leaders to Watch: Louisiana Healthcare
- CISOs to Watch in Maryland’s Hospitals & Healthcare Industry
