AEHIS Member Wins Chicago Area CISO of the Year

By Zach Donisch, Director, AEHIS, AEHIT, AEHIA Membership

Erik Decker, Chief Security and Privacy Officer at University of Chicago Medicine and chair of the AEHIS Board, has a long list of achievements that demonstrate his leadership skills. Whether managing IT personnel in an academic medical center or guiding a federal task force, he aims to build a strong team around him. These strengths have all led to recognition as one of the Chicago-area’s leading CISOs.

“My style, which is not unique, is to leverage delegation, empowerment and accountability”,  Decker said. “It’s important for my team to have the authority to accomplish their goals, while at the same time being responsible for achieving those goals. In addition, I wholeheartedly believe that the path to success in this business is through rapid, measurable and iterative improvement. Waterfall type projects are part of our toolkit, to be sure, however to be agile enough to stay ahead of the modern threats we face we must be able to detect issues as they arise, resolve them, and then close the hole that was leveraged. If you can detect it, quantify its risk, mitigate it, and document it, you will go far in proving the value of your cybersecurity program.”

In late October 2017, the Association of Information Technology Professionals announced Erik Decker as the winner of the Chicago Area CISO of the Year Award. This yearly award is judged by several Chicago area cybersecurity leaders and industry firms, and evaluates cybersecurity leaders from all industries, including healthcare, government and banking.

Decker’s win is the first time the award has recognized excellence in healthcare cybersecurity. With 17 years of experience in information technology and 11 years focused on information security, Decker has focused a majority of his career on academic medical centers, where he has established two information security programs and an identity and access management program. Decker also previously served as an adjunct faculty member at Columbia University, teaching HIPAA privacy and security.

He joined AEHIS in 2015 and currently chairs the AEHIS Board and chairs AEHIS’ Public Policy Committee. As Decker explains, AEHIS will “be at the table, providing feedback on what we think are the best next steps for legislation and federal affairs that impacts providers.”

He also co-leads a Department of Health and Human Services (HHS) task group of 100 industry experts across the country to develop a cybersecurity “how to” guide for the Healthcare Sector, as required by the 405D provision within the Cybersecurity Information Sharing Act (CISA) of 2015. This group is charged with “aligning the healthcare industry security approaches” as well as implementing several components of the recently released federal Cybersecurity Task Force report.

“This effort couldn’t come at a more critical time for the healthcare sector.” Decker said. “When you consider the varied nature of our sector, securing our organizations in a consistent manner is not as cut and dry as one might think. Between the small practices, the insurers, the pharmaceuticals and the large integrated delivery systems, we have a varied sector that each comes with its own unique security challenges. Our task group believes that we can explain the modern threats and risks that exist to our sector. With that, we will recommend best practices around cybersecurity hygiene, tailored to a particular organizations complexity, that will help move the needle across the sector. If we can do that, we are taking a step in the right direction.”

Decker’s list of accomplishments are numerous, and the CISO of the Year award is a well-deserved recognition of his success and passion for cybersecurity in healthcare. To learn more from Decker and other great leaders, join him and AEHIS at the HIMSS-CHIME Cybersecurity Forum on March 5 in Las Vegas. Decker will co-present with Intermountain Healthcare’s CISO Karl West in a session titled “How to be an Effective Cybersecurity Leader in Healthcare.” The hour-long talk will outline what it takes to be a successful leader, highlight best cyber practices, effective C-suite level communication surrounding security and privacy, and more.

More AEHIS News Volume 2, No. 1:

Looking to contribute to the AEHISecurity Newsletter? Email your contributions to [email protected].