Skip over global navigation links
U.S. Department of Health and Human Services

Health Care Industry Cybersecurity Task Force


The Department of Health and Human Services today announced the members of the Health Care Industry Cybersecurity Task Force. Task Force members represent a wide variety of organizations within the health care and public health sector, including hospitals, insurers, patient advocates, security researchers, pharmacy and pharmaceutical companies, medical device manufacturers, health information technology developers and vendors, and laboratories. Many of the members are Chief Information Security Officers or equivalent positions within their organizations, while others have expertise in clinical medicine, software development, information security, and related fields.

The Task Force will hold four in-person meetings over the course of the year. These meetings will be open to the public on a space-available basis. In between in-person meetings the Task Force will meet by teleconference. As these teleconferences will be focused primarily on administrative matters and document preparation, they are not expected to be open to the public.

The Cybersecurity Information Sharing Act of 2015 does not specify a due date for the Task Force report. It is expected that it will be delivered in the next year, as the term of the Task Force expires in March 2017.


From the beginning of the Administration, the President has made it clear that cybersecurity is one of the most important challenges we face as a nation. That is why the Administration has led a broad strategy to enhance the Federal Government’s cybersecurity, including both our defensive and offensive capabilities, to tackle today’s increasingly sophisticated cyber actors. 

While all industries continue to face a growing threat of attacks on their information systems, the size and scope of attacks on health care information systems have accelerated particularly rapidly in the past two years. Health care data may be used for a variety of nefarious purposes, including fraud, identity theft, and disruption of hospital systems. Connected medical devices with cybersecurity vulnerabilities left unaddressed could pose a risk to patient safety.   Security of health care data and medical devices is essential to protecting patients and providing them with the highest level of care.

The Cybersecurity Information Sharing Act of 2015 tasked HHS with the creation of a Health Care Industry Cybersecurity Task Force. Under the Act, the Task Force was to consist of subject matter experts within and outside government, who would be selected by the Secretary of HHS in coordination with the Department of Homeland Security (DHS) and the National Institutes of Standards and Technology (NIST).

Initial Charge of the Task Force

The Task Force began with an initial charge from the Cybersecurity Information Sharing Act of 2015 to:

  • Analyze how other industries have implemented strategies and safeguards to address cybersecurity threats;
  • Analyze challenges and barriers the health care industry encounters when securing itself against cyber-attacks;
  • Review challenges to secure networked medical devices and other software or systems that connect to an electronic health record;
  • Provide the Secretary with information to disseminate to health care industry stakeholders to improve their preparedness for, and response to, cybersecurity threats;
  • Establish a plan to create a single system for the Federal Government to share actionable intelligence regarding cybersecurity threats to the health care industry in near real time for no fee; and
  • Report to Congress on the findings and recommendations of the task force regarding how it carried out subsections A through E.

To answer these questions, the Secretary of Health & Human Services selected a broad array of expert representatives from the Federal Government, private sector health care organizations, other public and private sector experts on information technology and cybersecurity.

Members of the Task Force

Task Force members were selected based on recommendations from a panel of subject matter experts from HHS, DHS, and NIST. The following criteria were used in selecting Task Force members:

  • Service in a position of influence in an organization that is representative of a component of the broad health care and public health sector
  • Experience in dealing with technical, administrative, management, and/or legal aspects of health information security
  • Knowledge of major health information security policies, best practices, organizations, and trends
  • Ability to participate actively in Task Force meetings and contribute to Task Force products

The members of the Health Care Industry Cybersecurity Task Force are:

Theresa Meadows, MS, RN, CHCIO, FHIMSS, FACHE
Senior Vice President and
Chief Information Officer
Cook Children’s Health Care System

George DeCesare, JD
Senior Vice President and
Chief Technology Risk Officer
Kaiser Permanente Health Plan

Vice President
IT Security and
Chief Information Security Officer
Anthem, Inc.

Mark Jarrett, MD, MBA, MS
Senior Vice President and Chief Quality Officer
Northwell Health and
Professor of Medicine
Hofstra Northwell School of Medicine

Jacki Monson, JD
Chief Privacy and
Information Security Officer
Sutter Health

Vice President
CRP Privacy and Information Security and
EHR Compliance Oversight
Catholic Health Initiatives

Fred Trotter
Data Journalist
CareSet Systems

David Ting
Co-Founder and Chief Technology Officer
Imprivata, Inc.

Christine Sublett, MA, CISSP, CIPT, CRISC, CGEIT
Chief Information Security Officer and
Head of Compliance
Augmedix, Inc.

Health Information Technology Officer
Symantec Corp.

Michael McNeil
Global Product Security and Services Office
Philips Healthcare


Terry Rice
Vice President
IT Risk Management and
Chief Information Security Officer
Merck & Co.

Joshua Corman
I Am The Cavalry

Alissa Johnson, PhD
Chief Information Security Officer
Stryker Corp.

Vito Sardanopoli, CSM, CISSP, CISA
Director of Cyber Security Services and Governance
Quest Diagnostics

Dan McWhorter
Vice President and
Chief Intelligence Strategist
FireEye, Inc.

Anura Fernando
Principal Engineer
Medical Software and Systems Interoperability
Health Sciences Division

Emery Csulak

Chief Information Security Officer
Centers for Medicare and Medicaid Services
U.S. Department of Health and Human Services

Laura Laybourn
Stakeholder Engagement and
Cyber Infrastructure Resilience
Office of Cybersecurity and Communications
U.S. Department of Homeland Security

Kevin Stine
Chief, Applied Cybersecurity Division
Information Technology Laboratory
National Institute of Standards and Technology

Lauren Thompson, Ph.D.
Department of Defense/Department of Veterans Affairs Interagency Program Office 
Defense Health Management Systems

Rob Suárez
Director of Corporate Product Security
BD (Becton, Dickinson and Company)

  • This page last reviewed: October 18, 2016