2024 AEHIS Board Election

I have twenty-five years of progressive IT, information security and cyber risk management experience in both small and large global organizations. The past three years I’ve served as the Chief Information Security Officer for The Guthrie Clinic, a rural not-for-profit integrated healthcare system covering 9000 square miles within central New York state and Pennsylvania, privileged to lead a worldclass cybersecurity team. Previously, I was a director, Informa􀆟on Security and Risk Management at Highmark Health headquartered in Pitsburgh, PA. In 2023 I was humbled to be elected by my peers as a top 100 CISO and noted in Becker’s Health as a “CISO to Know”. I’m currently pursuing an MS, Cybersecurity at Georgia Tech.
Over the past decade I have served on numerous IT and cybersecurity advisory boards including for: Vizient, Care Compass Network, Muhlenberg College and as a director and governance chair for a not-for-profit performing arts board. I currently serve on the Health-ISAC Board of Directors and am a member of the finance committee.

The mission of my team is to relentlessly protect patient safety. We achieve this mission not just with talent, technology, and process, but trusted relationships, sharing with and learning from others within the cybersecurity community. I want to expand these trusted relationships within and contribute to the AEHiS community.

I have been in IT Security for 30plus years and strictly focused on Healthcare since 2013. Re􀆟red Marine Corps Cyber Officer (27 yrs). I have worked in cyber for 3 hospitals (Rady Children’s, Scripps Health, Yuma Regional) and have also worked as a security consultant in the healthcare industry.

I have been a previous AEHIS Board member.

I would like the opportunity to serve our healthcare security vertical by contributing my experience and work efforts to impact patient care in a meaningful manner.

Kimberlee is an amazing and engaging healthcare cyber security leader; I (James Case) have collaborated with her for over 7 years now

Kimberlee Millikan is a proven cybersecurity professional with over 23 years of experience.  She serves as a Cybersecurity Director focused in on application security governance, risk, and policy at Ascension. Kimberlee specializes in information security, insider threat discovery and prevention, regulatory compliance (HIPAA), digital forensics, security & fraud analysis, application development, and cybersecurity education. She is an information technology professional with a diverse technical background, strong leadership, communication, and decision-making skills.

Ms. Millikan’s strongest skill sets are her communication, analysis, and leadership skills. She is highly regarded by her colleagues and clients as a gifted communicator who can take complicated cybersecurity-based principles and make them easy to understand and implement. Her years of experience have built a solid foundation that enables her to quickly identify data irregularities and analyze the information system infrastructure for preventative, detective, and corrective controls. Additionally, she enjoys falling back on her early career of teaching software development and programming at a state University and presenting cybersecurity and best practice training to businesses and technology enthused youth.

Kimberlee is honored to sit on and advise two technology education boards sponsored by the National Science Foundation focused on developing collegiate curriculum. She serves her community as an InfraGard healthcare sector chief and is involved in many cybersecurity initiatives in her community including volunteering through CISA.  Additionally, she was honored to be invited as a cybersecurity advisor to a national electoral convention. Kimberlee holds the HCISPP, CISSP, CISA, EnCE, and CEH designations.

Kimberlee is certain that her board participation in AEHIS can help bolster the organization’s collaboration efforts in education from both a collegiate and grass roots perspective as well as to assist in advocating for a more secure healthcare posture for health care organizations and communities.

Currently serving as the Director, IT Customer Experience for Moffitt Cancer Center.  In this role I am responsible for all customer facing activities to include Identity Access Management, Biomedical Engineering, Service Desk and Field Services activities for over 10,000 employees and  growing.  Prior to the last three years at Moffitt Cancer Center I served in similar roles with the additional responsibilities of overseeing technology infrastructure, IT Security and Enterprise Architecture at Reid Hospital in Richmond, Indiana for 6 years and Beebe Healthcare in Lewes, Delaware for 9 years as the IT Director.  This is after serving 20 years in the US Navy as an Electronics Technician.

Served on the board for the Association for Executives in Healthcare Information Technology from 2017 to 2021 serving as vice chair and chair during that timeframe.  Currently serving as chair for the Biomedical Engineering Advisory Council for St. Petersburg College.

In the military I was inculcated with a sense of service to others and why I feel at home in healthcare IT surrounded by colleagues that don’t just work for a paycheck but go home every night knowing they have had a positive impact on the lives of others.  I look forward to partnering with the AEHIS membership as we work together to transform Healthcare Information Security ensuring our clinicians and providers have the tools they need to provide safe and quality care to the patients they serve.

Steven Ramirez is the Chief Information Security and Technology Officer (CISTO) for a major Nevada-based regional healthcare organization where he provides leadership and oversight in the strategic planning, execution, and assessment of the organization’s technology and cybersecurity strategies, policies, procedures and guiding practices. Steven has extensive experience in healthcare information technology, security, working in both the payer and provider workstreams, with organizations such as Catholic Health Initiatives (now CommonSpirit Health) UofL Health, IBM and McKesson. Steven holds two master’s degrees, his Master of Healthcare Administration (MHA) and Master of Science (MSc) in Safety, Security and Emergency Management. Steven is a Certified Information Systems Manager (CISM).

I have served as an advisory board member for UNR’s Cybersecurity Program; I served as an Advisory Board member for Ithica University’s cyber program; and serve on several CISO advisory boards with tech companies such as clearwater, Imprivata. In addition I support HISAC and 405(d) workgroups

I am passionate about healthcare cybersecurity and bettering our hygiene and posture as a healthcare community.

Bernadette Reid is a Senior VP of Information Technology executive at Torrance Memorial Health, a Cedars-Sinai Affiliate.  With over 37 years of experience in healthcare information technology, a clinical background in Nursing, Lean Management experience and business acumen, she has lead her organization in IT strategic planning initiatives, innovation and operational excellence.  Bernadette Reid has overseen the development of the IT Security program since 2015 and continues to provide executive sponsorship.  Bernadette has direct reporting responsibility of the IT Security Team and works closely with Cedars Sinai as an affiliate in developing a unified approach to Security across the health system.  Torrance Memorial Health has a 443 bed hospital, a Foundation based physician network with 205 providers in 45 offices, an IPA and an ACO.  Torrance Memorial is a designated Magnet facility, ranked the #1 Hospital in the South Bay; the Best Hospital for 2023-24 for the twelfth straight year by U.S. News & World Report which places Torrance in the top 3% in the state.

Currently an ad hoc member of Torrance Memorial’s Board of Trustees and member of the Torrance Memorial Community Board.

As a Senior Leader of my organization overseeing our IT Security Program, I rely heavily on organizations like AEHIS.   I’m passionate about securing our organization’s technology and information assets and I’m fully engaged with the day-to day-operations managed by our IT Security team.  I believe it is critical to provide ongoing education for my team and support their networking activities with other clients and security focused organizations. There is a shortage of skilled, certified Security resources and we have to develop and “grow” our own.  AEHIS is a great organization to help facilitate that type of education and I look forward to being a part of a team dedicated to the growth and development of the organization.

Jason Taule is a 30+ year information assurance and cybersecurity veteran who has worked in both the intelligence community and commercial sectors first consulting to Federal agencies and then serving as inside CISO and CPO both within Government and at large systems integrators like General Dynamics and CSC.

Mr. Taule helped build the original DARPA CERT, helped develop the first computer security programs at the VA and NASA, and revised the Risk Assessment Methodology still used throughout the Federal Government.  Mr. Taule helped author the Maryland Data Privacy Law, led a multi-million-dollar global cyber security practice for a large international consulting firm, ran the team responsible for HIPAA complaint investigations for OCR for 3 years, and for the last 20 years has been a luminary in the US Health IT sector helping hundreds of FISMA-reported systems of the US Department of Health earn their accreditations and avoid compromise.  Mr. Taule previously served as the inside CISO and VP of Standards for HITRUST, where he was responsible for developing and maintaining the Common Security Framework (CSF).

Mr. Taule currently serves as the Managing Director of The vCISO, a cybersecurity consulting organization providing executive level information protection, risk management, and compliance services on a fractional basis.  In this capacity, Mr. Taule supports several different organizations concurrently.  Of greatest relevance to AEHIS is the fact that Mr. Taule currently serves as the vCISO for Luminis Health, a regional healthcare system reporting to the organization’s CDIO, Mr. Saad Chaudhry.  In this capacity Mr. Taule co-chairs the Cybersecurity Council, directs the planning and execution of a portfolio of cybersecurity projects, and provides day-to-day oversight of the cybersecurity team responsible for recurring cybersecurity operations including SOC Alerts, incident response, patching/vulnerability management, asset/configuration management, posture assessment, regulatory compliance, third party assurance, cyber insurance, and vendor management.

Mr. Taule holds a Master of Science in Information Technology Management from Johns Hopkins University and a Bachelor of Business Administration from the College of William and Mary.  Mr. Taule has earned numerous industry and professional certifications, is a graduate of the FBI Citizen’s Academy, is member of the Homeland Security Preparation and Response Team, serves on the Board of the Loyola Sellinger School of Business and the Howard County Economic Development Authority Technology Council, and is a founding member of and National Advisor to the CISO Executive Network.  Mr. Taule served on the DHHS/CMS Information Security and Privacy Workgroup, the FBI Cyber Health Work Group, the US Health IT Standards Committee’s Transport and Security Workgroup, both the Security and Privacy Workforce Groups of NIST, was a member of the 405(d) Task Group, and was a White House invitee to the Security Policy Roundtable for the President’s Precision Medicine Initiative.

In my profile I explained that I have been in cyber for more than 30 years, during which time my focus has almost exclusively been on healthcare.  I have served as CISO, CRO, and CPO for healthcare organizations and have worked with and for most organizations within the public health sector including the VA, DHHS, CMS, CDC, NIH, Tricare, etc.  I have served on numerous health care specific task forces and work groups and even did a stint at HITRUST, the dominant health sector cybersecurity standards and accreditation body.  All of this is to say that I have accumulated substantial firsthand experience uncovering, grappling with, and surmounting untold numbers of pain points and the opportunity to serve on the board of AEHIS affords me a platform to continue helping the industry overcome these same obstacles to success.

Cybersecurity is paramount in healthcare to safeguard patient data, protect critical medical systems, and ensure the integrity of healthcare services.  As the healthcare industry increasingly relies on digital technologies, the potential risks and threats to patient privacy and safety grow.  Robust cybersecurity measures are not just a matter of compliance; they are essential to maintain trust, confidentiality, and the continuity of care.  Without adequate cybersecurity, patient records and sensitive medical information could be compromised, leading to identity theft, medical fraud, or even life-threatening disruptions in healthcare services.  In a world where technology and healthcare are becoming ever more intertwined, prioritizing cybersecurity is not just a choice, but a moral and professional responsibility, ensuring the well-being of patients and the integrity of the healthcare ecosystem.

To be successful, all organizations require access to capital and access to customers — objectives which are questions of confidence and trust.  And nowhere is this more important than in healthcare where the availability, integrity, and confidentiality of data is both fundamental and absolute if we are to enable clinical workflows to proceed in a timely manner, provide quality outcomes for our patients, and avoid unwanted compromises of our operations.  Healthcare is not alone in that it is subject to extreme financial pressures, substantial compliance mandates, heavy regulatory review, and enormous operating complexity.  But the consequences of getting things wrong are what set the healthcare sector apart.  Cybersecurity breaches have occurred across all industries yet most affected organizations continue to operate and do so frequently with only limited impact on their operations.  Yahoo, eBay, Experian, Equifax, SolarWinds, Capital One, Marriott, Facebook, Target, Home Depot and many others have all experienced data breaches affecting millions of personal records and yet consumers continue to do business with these organizations.  With the exception of emergent care, for which patients typically do not have the ability to exercise choice, I respectfully suggest that most hospital systems or health providers would not find patient populations so forgiving.

So, mindful of this sense of urgency and importance, why is it so difficult for many healthcare organizations to develop and maintain mature information protection and data security programs?  Is it our people and culture?  Is it a lack of funding?  Is it a lack of tools and resources?  And what about shifting operating paradigms to say nothing of a continually evolving threat landscape?  Admittedly, these are all challenges we must confront, but there is nothing about the cybersecurity mission that we cannot achieve if we adopt the right mindset and focus on two core principles:  Strategic Risk Thinking and Collaboration.

First, we must stop approaching security only from the bottom up.  Yes, there are clearly tactical level protocols and tooling that we must implement, but we must first treat cybersecurity like any other question of risk.  Our leadership teams are already well versed in addressing financial risk, legal risk, regulatory/compliance risk, and information risk is no different.  But all too often security is not considered until far too late in the decision-making process.  I advocate that by ensuring that all healthcare organizations have executive level accountability for cyber and afford their CISOs a “seat at the table” we can ensure that the key conversations are suitably informed, that there is full awareness, and that decisions made can be shown to be both carefully reasoned and defensible.  We do this by facilitating an interactive conversation where the business first sets its objectives and articulates a corresponding strategy.  This business strategy is then supported and empowered with an IT strategy, which once articulated can then be evaluated for information risk.  Security controls can be recommended to reduce identified risks to an acceptable level or if the organization deems the associated cost to be higher than desired, attention can be given to modifying the strategy or even the original objectives themselves.

Second, the threat actors who attack our organizations on a seemingly unending basis often achieve success because they collaborate with one another.  Our adversaries build on each other’s successes with complementary abilities that collectively overwhelm security programs built to withstand single attacks.  If we are to avoid succumbing to prolonged and persistent campaigns, we too must collaborate with one another, providing threat intelligence and advance notice to those not yet affected, sharing culturally attuned best practices adapted to the unique needs of healthcare, and collectively demanding more of our vendors and third parties.

This platform is neither revolutionary nor novel.  But it is one that I have repeatedly adopted in many real-world situations with great success, and I welcome the opportunity to help others in our industry realize similar results.

I am Swathi West, a cybersecurity professional with a track record of over eight years in the healthcare information security sector. My career has been dedicated to fortifying data protection measures, ensuring regulatory compliance, and fostering a resilient cybersecurity posture.  My expertise lies in designing, implementing, and enhancing robust cybersecurity programs tailored to the unique needs of healthcare organizations. I specialize in safeguarding sensitive healthcare data while aligning with stringent compliance standards, including SOC, HIPAA, HITRUST, ISO, and Privacy.  Throughout my journey, I have been at the forefront of identifying, evaluating, and mitigating cybersecurity risks. My strategic mindset and analytical skills have allowed me to effectively navigate the complex landscape of healthcare IT security.  I am the Chief Information Security Officer (CISO) at Summa Health, safeguarding the organization’s information assets. This role entails managing a talented team of security professionals, crafting and executing strategic security initiatives, and ensuring compliance with ever-evolving regulations and standards.  My previous engagements with prominent organizations, like BARR Advisory, Schellman, Cardinal Health, and United Health Group, have significantly contributed to enhancing the cybersecurity posture of healthcare entities. I have orchestrated multifaceted cybersecurity programs, deploying advanced security frameworks (such as HITRUST CSF, NIST, SOC, ISO, PCI, CMMC, and CSA Star) for diverse clients, including large healthcare systems and service providers. My initiatives have fortified their defenses, mitigated risks, and fostered a culture of security excellence.  My experience extends to leading healthcare service lines, where I brought in substantial revenue, exceeded targets, and supervised high-impact projects. I have conducted security assessments, audits, and vulnerability assessments, consistently ensuring the integrity and confidentiality of sensitive healthcare data.  Furthermore, my role as Manager of Healthcare & Privacy at BARR Advisory, P.A. was marked by remarkable achievements, including generating over $3.5 million in annual revenue through new business and client upselling. I have been instrumental in steering HIPAA assessments and other compliance initiatives, ensuring that healthcare clients meet stringent regulatory requirements.  In addition to my professional journey, I hold respected certifications, including Certified Information Systems Auditor (CISA) and Certified Information Privacy Professional/United States. My commitment to advancing the field of healthcare cybersecurity is evident in my active involvement in industry associations and leadership roles, such as Vice President of Membership at Toastmasters International, Chair for Programs at HIMSS Northern Ohio Chapter, and Co-Manager for Community Engagement and Sponsorships at getWITit Cleveland.  Beyond the boardroom, I am passionate about sharing my cybersecurity knowledge through thought leadership engagements, where I have tackled crucial topics like privacy, endpoint security, and information security culture.  My extensive experience and unwavering dedication to cybersecurity, particularly in healthcare, make me a compelling candidate for the AEHIS board.

My dedication to fostering growth and innovation in healthcare cybersecurity extends beyond my professional roles. I have actively contributed to the industry by serving on various boards and leadership positions. Notably, I have had the privilege of holding the Vice President of Membership position at Toastmasters International, where I facilitated an environment of effective communication and leadership development. Additionally, as Chair for Programs at HIMSS Northern Ohio Chapter, I orchestrated thought-provoking events and initiatives that brought together healthcare IT professionals to discuss critical industry challenges and solutions. Moreover, as Co-Manager for Community Engagement and Sponsorships at getWITit Cleveland, I was pivotal in promoting diversity and inclusion in technology, fostering connections among like-minded individuals, and driving community engagement.  These experiences have allowed me to cultivate leadership skills, build collaborative networks, and contribute positively to the healthcare cybersecurity ecosystem. I remain committed to leveraging my expertise and passion to drive meaningful change and innovation in the field, both in my professional capacity and through my active participation in industry associations and boards.

As a candidate for the AEHIS board, I am committed to advancing the field of healthcare cybersecurity and promoting excellence in information security practices within the healthcare industry. My platform centers on three key pillars:  1. Elevating Cybersecurity Standards: I believe in continuously raising the bar regarding cybersecurity standards in healthcare. If elected, I will work diligently to advocate for and implement cutting-edge security frameworks, such as HITRUST and NIST, to ensure that healthcare organizations have the tools and guidance to protect patient data effectively.  2. Strengthening Collaborative Partnerships: Collaboration is essential in the complex landscape of healthcare cybersecurity. I will actively foster partnerships between healthcare institutions, regulatory bodies, and cybersecurity experts to create a united front against evolving threats. Together, we can enhance information sharing and fortify our collective defenses.  3. Empowering the Next Generation: Investing in the future of healthcare cybersecurity is vital. I support educational initiatives and mentorship programs that empower emerging professionals to excel in this critical field. As a mentor for Women in CyberSecurity (WiCyS) and Cyversity, I am particularly passionate about nurturing talent and fostering diversity. We can ensure a sustainable and secure healthcare ecosystem by equipping the next generation with the knowledge and guidance they need.  In summary, my platform is built on a foundation of innovation, collaboration, education, and mentorship. If entrusted with a seat on the AEHIS board, I will tirelessly champion these principles to strengthen healthcare cybersecurity and uphold the industry’s highest standards of data protection.

Tamer Baker is a seasoned professional with over 20 years of experience, specializing in cybersecurity and technology solutions. As the Healthcare CTO at Zscaler, Tamer focuses on assisting healthcare organizations, state and local governments, and educational institutions in their digital transformation efforts. Tamer is driven by the desire to help healthcare organizations “do more with less” while enhancing their cybersecurity posture and improving the user experience for care providers. His expertise lies in modernizing infrastructure, optimizing operational costs, and enhancing productivity and security while reducing risk through the implementation of a zero trust architecture.Before joining Zscaler, Tamer spent nearly a decade at Forescout, where he provided strategic direction and designed tailored solutions for customers around the globe in healthcare, national defense, government, finance/banking, and other industries. Prior to his private sector experience, Tamer served in various roles within the public sector, including as an officer and fighter pilot in the United States Air Force. He’s steadily risen in responsibilities, moving up in a career that literally began at the bottom, cleaning networking closets. With a passion for leveraging technology to achieve security and business goals, Tamer now brings a wealth of expertise to his role in driving digital transformation within the healthcare sector.Tamer holds a B.S. in aerospace engineering from Embry-Riddle Aeronautical University (ERAU Daytona Beach, FL). He currently resides in the Nashville, Tennessee area with his wife and daughter. His philanthropic endeavors extend across the healthcare sector, reflecting his generous spirit and commitment to making a positive impact, actively supporting organizations such as Alzheimer’s Association, Rachel’s Gift, Ronald McDonald House, St. Jude Children’s Research Hospital, and nearly a dozen more.While I have not served on a board like this previously, I have extensive experience being involved in board meetings and presenting to/engaging with board members at previous organizations I’ve worked at.

Ever since I was young, I’ve been driven by an innate sense of security. As a child, I dreamed of flying and helping ensure the physical security of our country. This drive led me to serve as a fighter pilot, protecting our nation – instilling a disciplined mindset, adaptability, and the ability to navigate complex challenges. My passion evolved into a second career with a focus on cybersecurity, protecting our virtual assets. Today, I am motivated by the implicit promise that healthcare CXOs make to patients: to provide the highest quality care and protect their data as sacred.My desire to serve on the board of AEHIS stems from my passion for making a meaningful impact and fostering collaboration within the healthcare community. By serving on the board, I can extend my contributions beyond my immediate sphere of influence and make a profound difference.During my tenure on the board, my primary goals would be to:

-Drive positive change within the healthcare cybersecurity landscape with deep engagement in the newly-formed Innovation committee

-Actively participate in creating educational opportunities based on member needs

-Advise on the HICP 405(d) similar to the contributions I made shaping and advising on the NIST SP 800-207 publication of the Zero Trust Architecture

-Contribute to other committees within AEHIS and CHIME, leveraging my expertise to further advance healthcare in the digital transformation journey

Looking into the future, my vision for AEHIS is to:

-Ensure membership continues to grow while maintaining its collaborative spirit among healthcare professionals around the world

-Keep the CXO community actively engaged, fostering a strategic focus and strong executive-level participation

Drawing from my diverse background, including speaking engagements at HIMSS conferences, moderating CHIME and AEHIS focus groups, and participating in hundreds of educational webinars over the years, I possess the necessary skills to effectively communicate and engage with the healthcare community.

With a strong technical foundation and extensive experience in the cybersecurity industry including across many other challenging environments like the DoD and Federal Government, I bring a wealth of knowledge in helping healthcare organizations in their digital transformation journey. It would be a privilege to serve on the AEHIS board, contributing to the success of our members, helping them improve patient outcomes.

Thank you for considering my candidacy.Sincerely, Tamer Baker

Joel Burleson-Davis is the SVP of Worldwide Engineering and Cybersecurity at Imprivata where he’s responsible for building, delivering, and evolving the suite of Imprivata’s cybersecurity products that include Privileged Access Management, Privacy Monitoring, and Identity Governance solutions. Prior to joining Imprivata, Joel was Chief Technical Officer at SecureLink, the leader in critical access management for organizations in need of advanced solutions to secure access to their most valuable assets, including networks, systems, and data. While at SecureLink, Joel was responsible for the overall technology and operational strategy and execution including direction and oversight for Product Development, Quality Assurance, IT and Cybersecurity Operations, Compliance, and Customer Success.

Before SecureLink, Joel held Systems Engineering, IT Consulting, and Instructor positions while serving as one of the founding members of The Linux Foundation certification committee, a global committee of key Linux subject matter experts.

For over ten years, Joel has been a member of the Linus Foundation Certification Committee, the group that develops educational material, certification criteria and exams for current and aspiring Linus Engineers.  He has been involved in developing the Linus Foundation’s top three certification tracks since their inception.

In his past role as CTO at SecureLink, Joel’s cybersecurity experience spanned all critical infrastructure sectors.  This cross-industry perspective has played a valuable role in driving innovation in Digital Identity and Access Management for healthcare during his nearly two years as SVP Worldwide Engineering and Cybersecurity at Imprivata.  Joel believes in Effortlessly Ensuring Appropriate Access in healthcare, and that as we design and build solutions to address the unique challenges in a healthcare industry that is undergoing digital transformation, mobilization, and consumerization, we can draw from approaches proven (and failed) in fully automated industries.

Joel’s experience as an IT Security executive in healthcare and other industries would be a valuable complement to the outstanding AEHIS Advisory Board.  Thank you for considering the impact of his contribution as you cast your vote.

Jeff Buzzella, MS, GCIH, GSEC, Security Practice Lead, has worked for a variety of organizations in both the private and public sector. As the Director of Incident Response for PwC he worked closely with clients, often as a virtual CISO, to prepare for, respond to, and recover from security incidents.

Prior or to PwC, Jeff worked for several OEMs, including Tanium and Qualys.

He also has experience working as part of the security team at a large insurance company. In this capacity he led the security engineering, architecture, and SOC teams.

In the public sector he worked as part of a small team working to secure a variety of organizations. He was also a reserve police office in California.

In today’s ever evolving security landscape, cybersecurity is not merely a necessity; it is a strategic imperative, especially in the healthcare industry. I am committed to developing collaboration within the AEHIS community, sharing best practices, and identifying education opportunities.

By working together, we can reinforce the critical role of information security in healthcare. In my current role I serve as a trusted advisor to health care organizations and security leaders. This includes reviewing the latest security trends and assisting with security strategy development and selection of technology-based controls.

Steve Cagle has dedicated his career to advancing innovation across the healthcare industry. From his experience working in technology, services, consumer products, and pharmaceuticals, he brings a very well-rounded perspective on where the industry is headed. He has extensive experience leading and scaling healthcare and technology businesses, including guiding numerous companies through critical transformation periods. For the past five years, Mr. Cagle has served as the CEO and a Board Director of Clearwater, the healthcare’s largest pure-play provider of cybersecurity and compliance solutions. During his tenure, the company has significantly expanded its solutions portfolio to serve the evolving needs of healthcare organizations, including integrating the products and services of TECH LOCK and CynergisTek, which Clearwater acquired in 2022.  Formerly, Mr. Cagle was president and CEO of Moberg Pharma North America, a subsidiary of Moberg Pharma AB (OMX:MOB), a publicly traded Swedish pharmaceutical company. Prior to its acquisition by Moberg AB, Mr. Cagle was president and CEO of Alterna LLC, a consumer healthcare products company.  Before joining Alterna, Mr. Cagle was a principal and executive team member of Sparta Systems, Inc., (now Honeywell) a software company providing enterprise quality and compliance management software to pharmaceutical and medical device companies. During his nine-year tenure with the company, he served in numerous leadership positions, including marketing, sales, operations, and product innovation, contributing to Sparta’s leading role in the pharmaceutical and medical device industries and its 100-fold sales growth.

In addition to his role as CEO of Clearwater, Mr. Cagle is a Director of the company’s board. He also has also on the board of CMP Pharma since 2012, and from 2015 – 2021, he was CMP’s Executive Chairman. In his role as Executive Chairman, he guided CMP’s strategic transformation from a family-owned generic pharmaceutical manufacturer to an institutionally-owned specialty pharmaceutical company. Mr. Cagle also served on the board of directors of M2S, a medical imaging and clinical registry company in the vascular therapeutic area from 2011 – 2016.

Cyberattacks are a serious business issue, and more importantly a patient safety issue. Cyberattacks on our health system continue to grow in frequency and sophistication, making it difficult for security professionals to keep up. The attack surface continues to grow more extensive due to the rapid digitization of healthcare, expansion of telehealth, and the shift to a remote workforce. This phenomenon has inevitably led to increased vulnerabilities, and more opportunities for threat actors to extract larger data sets or impede operations of providers and their critical partners. Without question, for most healthcare providers, cybersecurity is under-resourced. Health system executives consistently tell me that the rise in their operating costs and declining revenues resulting from lower reimbursements and shift of profitable services to outpatient clinics are some of the reasons why they cannot afford much-needed risk management and cybersecurity investments. Resources are scarce, and finding talent is difficult. The problem we face as security professionals will only grow larger, more complex and more impactful over the next several years. As part of the AEHIS Board, I will help our healthcare ecosystem combat this challenge by supporting our mission to advance the role of the Chief Information Security Officer (CISO) through education, collaboration and advocacy. My platform is as follows:

1. Foster stronger cybersecurity culture and cyber risk management throughout the healthcare ecosystem, starting at the board level, through education and awareness programs. Building a strong cybersecurity program foundationally begins with the establishment of a deep-seated culture of cybersecurity and implementing a continuous risk management program that assesses and responds to every-changing cybersecurity risks.  Gaining support and engagement from the board and C-suite are critical components to achieving these objectives. While it’s fair to say that cybersecurity and related patient safety risk have gained more awareness at the board and executive level, broadly speaking, there is still much more work to be done. Organizations that have implemented robust cyber risk management governance, and consistently assess, respond to, and monitor risks on-going basis, have proven to be the most successful in preventing ransomware attacks and breaches. As an AEHIS Board Member, I will apply my extensive experience and skillset to help our association advance programs to educate boards and executives in best practices for cyber risk management. We will set out to drive more awareness of cyber risks and provide best practice for instilling “cybersecurity DNA” into their organizations.  Gaining support at these levels in the organization will further benefit our members, by raising awareness for our profession and helping to facilitate a better understanding and prioritization for cybersecurity investments.
2. Promote strong collaboration and information sharing among industry stakeholders, including AEHIS and CHIME members. As many know, threat actors are often funded or supported by rogue nation states. Our adversaries are becoming more coordinated, with integrated distribution networks, specialized purposes (e.g., access brokers), and integrated operations. We, too, must endeavor to further leverage each other’s talents, experiences, and unique capabilities to best position ourselves for defense as well as recovery. There have been a significant number of efforts to drive collaboration in our industry, and many have resulted in great outputs, such as the 405(d) Health Industry Cybersecurity Practices Guide. Our association should double down on these efforts and seize additional opportunities for information sharing and collaboration. For example, today we have multiple sources for threat intelligence, vulnerability notices, standards, free resource tools, and regulatory updates. These can be better centralized. We also must find ways to better collaborate in areas that are redundant in nature. For example, many organizations are struggling to perform vendor or other third- and fourth- party assessments on the same vendors.  Finding ways to reduce redundant efforts, and sharing resources and information, will help to solve the enormous resource shortage most providers have.  As an AEHIS Board Member, I will work with colleagues and peers to build strong relationships between AEHIS and other organizations and promote collaboration and communication among members.
3. Advocate for government-sponsored cybersecurity resources for healthcare providers. An effective and resilient healthcare system is critical to our nation’s national security and for the wellbeing of our public health system. And while healthcare is the most targeted critical infrastructure industry for ransomware attacks according to the FBI, most organizations don’t have the resources they need to fund cybersecurity programs. Providers need more support from our government, and we should continue to advocate for this much needed assistance. This includes, among other things, educational resources, tools and grants to fund investments in cybersecurity. While new standards may be useful tools in building and evaluating programs, we must also ensure that the industry does not become overburdened with regulations that don’t drive value and which result in unnecessary additional costs. In the case that regulations are brought forth, we must ensure that they are reasonable and appropriate and include input from our members. As an AEHIS Board Member, I will advocate strongly for the interests of our AEHIS members, and strive for productive, value-added assistance from our government in order to address our challenges in resources and funding.

Angela Rivera is a Partner at The Chartis Group, ranked Best in KLAS three years in a row for Healthcare Management Consulting, where she serves as Market Leader and co-leader of Chartis’ Cybersecurity Practice.  With over 25 years of healthcare and technology experience, Ms. Rivera brings deep knowledge and experience leading impactful clinical, financial and operational improvement initiatives enabled through information technology and process redesign. Since joining Chartis, she has led many cybersecurity assessments and complex maturity projects, as well as other complex IT initiatives bringing her cybersecurity expertise to bear.  She serves as a cybersecurity thought leader for the firm where she has developed new solutions, published education pieces, served as a moderator at conferences, and has contributed as an industry expert to several healthcare publications.  In her role at Chartis, she also serves as the current liaison with CHIME and AEHIS as a Foundation member.

Prior to joining The Chartis Group, Ms. Rivera served as Executive Vice President, Operations at CynergisTek, Inc., an information security, privacy and compliance consulting firm offering solutions that measure privacy and security programs against regulatory requirements and assists in developing risk management best practices. Prior to CynergisTek, Ms. Rivera spent 17 years at Computer Task Group, Inc., an international IT consulting firm where she served in several roles, most recently as Vice President of its Healthcare and Life Sciences division.

Ms. Rivera has a passion for service and has served on various boards and in other volunteer roles.  She holds a Fellow Status with HIMSS and was the President of the Southern California HIMSS Chapter.  She has served as Board Member and Annual Conference Chair for the San Diego Chapter of the American College of Healthcare Executives (ACHE) where she still provides Information Technology training for the Board of Governors Exam workshops.  She has been an advocate for the advancement of women in technology for many years and currently serves on the Board of Directors as current President for Women in Healthcare Information Technology (WHIT) and was named “Women in Healthcare IT to Know” by Becker’s Hospital Review in 2018 and 2019.   She also proudly volunteers outside of the healthcare technology industry as a Guardian Scholar Mentor supporting foster youth to achieve their educational and career goals.

Ms. Rivera received her MBA from Louisiana State University, Shreveport, a Bachelor of Arts from University of California, San Diego and is a Certified Information Security Manager (CISM).

Ms. Rivera has a passion for service and has served on various boards and in other volunteer roles.  She holds a Fellow Status with HIMSS and was the President of the Southern California HIMSS Chapter.  She has served as Board Member and Annual Conference Chair for the San Diego Chapter of the American College of Healthcare Executives (ACHE) where she still provides Information Technology training for the Board of Governors Exam workshops.  She has been an advocate for the advancement of women in technology for many years and currently serves on the Board of Directors as current President for Women in Healthcare Information Technology (WHIT).

I am excited to announce my candidacy for a position on the Board of the Association for Executives in Healthcare Information Security (AEHIS). With my unwavering passion for cybersecurity, particularly in driving diversity and inclusion within the field, my proven track record in board leadership, and a strong commitment to the strategic importance of cybersecurity in healthcare, I believe I am the ideal candidate to help AEHIS achieve its mission.

Passion for Cybersecurity and Diversity:

I have always had an intense passion for cybersecurity, and I firmly believe that diversity is essential for a robust and innovative field. The world of cybersecurity is constantly evolving, and to address the ever-increasing threats, we must have diverse voices and perspectives at the table. As a candidate for the AEHIS Board, I am committed to fostering an inclusive environment where individuals from all backgrounds feel welcome and empowered to contribute.

Board Experience and Success:

My experience serving on various boards in the past has provided me with valuable insights into effective governance, strategy development, and collaboration. I have a history of working collaboratively with diverse teams to drive results. My past board positions have equipped me with the skills needed to make strategic decisions, set priorities, and navigate the complexities of a nonprofit organization like AEHIS. I am confident that this experience will enable me to provide sound guidance and leadership to help AEHIS achieve its goals and enhance its impact in the healthcare cybersecurity sector.

Cybersecurity as a Strategic Enabler for Healthcare:

I firmly believe that cybersecurity is not merely a defensive mechanism but a strategic enabler for healthcare organizations. The security of patient data and the integrity of healthcare systems are paramount. As a board member, I will work tirelessly to champion the message that cybersecurity is not just an overhead cost but an essential element that can positively impact the healthcare industry. By integrating cybersecurity into the strategic framework of healthcare, we can safeguard patient data, improve the resilience of healthcare infrastructure, and ultimately enhance the quality of care.

In summary, my passion for cybersecurity, commitment to diversity, proven track record in board positions, and dedication to positioning cybersecurity as a strategic enabler for healthcare uniquely qualify me to serve on the AEHIS Board. I am excited about the opportunity to work with the AEHIS community to address the critical challenges and opportunities in healthcare information security. Thank you for considering my candidacy.

I am currently the CEO of Asimily (www.asimily.com). Asimily focuses on securing and managing Medical, IoT and OT devices within Healthcare. Prior to Asimily, I started and ran the IoT business at Symantec where Healthcare was a key focus area. I have been involved with healthcare and cyber-security for more than 12 years having been involved in different frameworks like NIST CSF and MITRE ATT&CK framework.

I have sat on several private company boards in my experience as a Senior leader at Symantec and an Investor before that. Currently I am part of Asimily’s board as well.

With my experience and knowledge in Cyber-security and Healthcare, I believe I can add value to AEHIS members. I also spend time with healthcare customers internationally and so can bring lessons we are learning from these interactions.