Board of Directors

James Routh Aetna, Inc. – James Routh – CISM, CSSLP, Chief Information Security Officer
Mr. Routh leads Global Information Security with over 20 years of experience as a practitioner, management consultant and leader of technology and information security functions for global service firms.  Prior to Aetna, he was the Global Head of Application and Mobile Security for JP Morgan Chase, and CISO for KPMG, Depository Trust and Clearing Corporation, and American Express.  Mr. Routh is also Chairman of the FS-ISAC Products & Services Committee and former Board member.
Allergan plc – Mike Towers – VP Chief Information Security Officer
Mike is accountable globally for protecting the confidentiality, integrity and availability of Allergan’s vast information assets across an R&D, supply chain and commercial enterprise spanning 250+ locations in ~100 countries. Previously, Mike was VP, Information Security Assurance at GlaxoSmithKline (GSK). There, Mike was accountable for the security of GSK’s information systems and computing infrastructure spanning 400+ sites in 110 countries, owning shared services in the areas of platform, network, application, and data security and advanced threat defense.

City of Hope – Jeanie Larson – Senior Director IT Security
Ms. Larson is a seasoned IT security practitioner who is passionate about information sharing. Ms. Larson’s current role includes leading cyber incident response, vulnerability management, security operations, IT compliance and risk management programs. Prior to City of Hope, Ms. Larson led cybersecurity initiatives for Stanford Health Care and held various positions in the U.S. Government including the Office of Director of National Intelligence, where she led cyber threat information sharing initiatives across the government, including public-private partnerships with the Defense Industrial Base and the National Cybersecurity Investigative Joint Task Force (DC3/FBI).
CVS Health – Frank Price
Frank Price serves as Chief Information Security Officer of CVS Health, the largest pharmacy healthcare provider in the United States, and is responsible for the company ís Enterprise Information Security Program.Prior to joining CVS Health in 2013, Frank worked in the telecommunications sector as Chief Information Security Officer of Alcatel-Lucent and in the healthcare sector as Vice President of Global Information Security at Medco Health Services, Inc. (now Express Scripts).  Frank has also held Information Security roles in the banking sector at Dai-Ichi Kangyo Bank and Long Island Savings Bank.  He obtained his Bachelor of Science degree in Information Systems Management from New York University.
Emory University – Brad Sanford, Chief Information Officer
Brad Sanford currently serves as the Chief Information Security Officer for Emory University where he has overarching information security responsibilities for both Emory University and Emory Healthcare. Brad has over 25 years of IT experience working for organizations such as Humana, Vanderbilt University, Hospital Corporation of America, and Emory University where he has focused on creating and leading Information Security programs and developing innovative Information Security solutions. Brad was a finalist for Southeast Information Security Executive of the Year in 2011 and was the recipient of the 2011 Healthcare Information Security Executive of the Year award for North America. Brad Serves on the Board of Directors for the National Health Information Sharing and Analysis Center (NH-ISAC) and is an active member of the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC). Additionally, Brad serves on the SANS Educational Advisory Board and served on customer advisory boards for Lancope and TippingPoint. Brad is also an Emory University faculty member within the Rollins School of Public Health where he serves as a periodic lecturer and has taught a graduate course on Information Security and Privacy.
Horizon Blue Cross Blue Shield – Gregory Barnes – Chief Information Security Officer
Mr. Barnes is the Chief Information Security Officer at Horizon Blue Cross Blue Shield and has over 20 years of experience as a practitioner. He began his security career in the United States Air Force, where he managed classified intelligence and cyber operations systems. Prior to joining Blue Cross and Blue Shield, Mr. Barnes worked for Lucent Technologies as a Managing Principal, leading multiple highly skilled technology teams, designing advanced technology networks for MCI/Worldcom and conducting numerous penetration testing and security design engagements for Exxon, Washington Mutual, Cisco, State Farm, Williams Communications, WalMart and others. Mr. Barnes is a Board Member of the NHISAC, Chair to the Payer Subsector of the Healthcare and Public Health (HPH) Sector Coordinating Council (SCC), and Blue Cross Blue Shield Association (BCBSA) Cyber Security Subcommittee member.
Human Longevity, Inc. – Sara Hall – Chief Information Security and Privacy Officer
Sara Hall is the Chief Information Security and Privacy Officer at Human Longevity, Inc, the leading genomics-based, technology-driven company working to revolutionize healthcare. In her role, she ensures that appropriate protections are in place in an environment where privacy and security are of utmost importance. With her extensive background in cybersecurity for the healthcare industry, Ms. Hall brings a unique perspective to the role, helping privacy, security, and IT to partner together to protect critical corporate systems and data. Sara also serves on the Strategic Advisory Board of the International Consortium of Minority Cybersecurity Professionals (ICMCP), a non-profit working to bring more minorities and women into the field of cybersecurity. Prior to her current role, Ms. Hall served as the Chief Information Security Officer for the U.S. Department of Health and Human Services (HHS), where she led the Office of Information Security and championed HHS efforts around cyber data sharing across Government and with the private sector. Sara has a Bachelor’s of Science in Information Systems and Operations Management from the University of North Carolina at Greensboro.
Intermountain Healthcare – Karl West – Chief Information Security Officer and Assistant Vice President
Karl West has been involved in information technology and security for more than 30 years. His current responsibilities span all aspects of Cybersecurity and Strategy at Intermountain Healthcare, an integrated delivery network of 22 hospitals and 185 clinics in Utah and Southern Idaho. Security specialties include governance, architecture, risk and compliance, Identity and Access, eDiscovery, forensics, and incident management. He is currently a member of the Utah Health Information Network (UHIN) Privacy and Security Board, a member of the Association for Executives in Healthcare Information Security (AEHIS), which is part of CHIME, and also Weber State College’s Computer Science department.
Michael Wagner Johnson & Johnson – Michael Wagner, Senior Director, IT Risk & Information Management
As a member of the IT Risk Management and Supply Chain Leadership Teams, Mr. Wagner has responsibility for the IT Risk Management Operating Model, Worldwide Information Security, Digital Asset Risk Management and the Worldwide Records and Information Management Program.  Prior to J&J, he was Director of Information Security at Medco Health Solutions.  Mr. Wagner holds a BS degree in Biology, US Air Force Academy; and Master’s of Science degree in Telecommunications Management, University of Maryland.
Terence Rice Merck & Co. – Terence Rice, Vice President, Information Risk Management and CISO
Mr. Rice is responsible for Information Security, IT Regulatory Readiness, Quality/Technical Assurance, Business Continuity Planning and Policy, and has held multiple roles at Merck, as Executive Director, Information Risk Management & Compliance within the Enterprise Technology & Application Services organization.  Prior to Merck, Mr. Rice served as Director of Global Information Security for Johnson & Johnson, and then in the consulting industry in a variety of roles.  Mr. Rice holds a BS degree from West Point; and a Masters of Science, George Washington University.
Medtronic – Patrick Joyce – Vice President – Information Technology, Chief Security & Privacy Officer (CISO)
Patrick Joyce is responsible for all global functions, strategies, operations and execution related to all forms of security and privacy across the company, including IT/cybersecurity, physical/facility and travel security, identity & access management (IAM), the product/device security programs and data privacy. Within Global IT, he is also responsible for the global process teams supporting Master Data Management, IT Quality Management and Legal/Compliance.
Patrick joined Medtronic in 2005 to initially build the Corporate IT Audit function, providing audit and consulting services across Medtronic’s global business units, corporate functions and IT organizations. In subsequent roles, he has also had responsibility for leading Medtronic’s Global IT Program & Portfolio Management Office, as well as Medtronic’s Global Physical Security organization and many of the IT Core Process Teams.
Partners Healthcare – Jigar Kadakia Chief Information Security and Privacy Officer CISSP, CIPP, CRISC
Jigar is the Chief Information Security and Privacy Officer for Partners Healthcare. He has more than 17 years of information security experience across multiple industry’s with a focus on healthcare delivery. Jigar holds a Bachelor of Science degree in Chemical Engineering from the University of Cincinnati and a Master in Business Administration from Xavier University.
Royal Philips Michael McNeil – Global Product Security & Services Officer
Michael C. McNeil is the current Global Product Security & Services Officer for Royal Philips. In this capacity, McNeil is responsible for leading the global product security program for the company and insuring consistent repeatable processes are deployed throughout their products and services in the Healthcare market. Prior to this assignment, McNeil was the former Global Chief Privacy & Security Officer at Medtronic responsible for the development and design of their initial product security and incident response management programs; Chief IT Security Officer at Liberty Mutual Group; Global Chief Privacy Officer at Pitney Bowes, and Vice President, Chief Privacy Officer of Data Services for Reynolds & Reynolds.

Texas Health Resources – Ronald Mehring – Vice President – Technology and Security
At Texas health Resources, Ron leads IT GRC, security architecture, security operations, and the IT BC DR program. His current initiatives are focused on improving team performance, improving resiliency management, integrating a threat-management architecture that accounts for present and emerging threats, and maturing a technology risk management program that is aligned with the strategic goals of the organization.
Ron began his career in technology for the United States Marine Corps. After 21 years of military service, Ron retired from the Marine Corps and joined the Department of Veteran Affairs where he led Compliance Assessment teams within the newly formed Oversight & Compliance group. He also served as the Department of Veterans Affairs’ Deputy Director for Network & Security Operations
Ron holds an MBA in Risk Management from NYIT and is a Certified Information Systems Security Professional (CISSP).

Wellmark Blue Cross Blue Shield – Thien La – Chief Information Security Officer (CISM, CRISC)
Thien La leads Corporate Information Security at Wellmark BCBS with over 17 years of experience working in technology, risk management and cyber security for global organizations. Prior to Wellmark BCBS, he served as Senior Vice President, heading Information Security for Global Banking and Markets at Bank of America where he led a global team supporting more than 50,000 users. Prior to Bank of America, Thien served as VP, Global Head of Application Security and Business Continuity at SunGard as well as various leadership roles as a VP of Technology Risk at Goldman Sachs. Thien was the Chair of the FS-ISAC Application Security Product Group and a member of the Financial Services Cybersecurity Roundtable led by the Department of Treasury.
NH-ISAC – Denise Anderson – President
Denise Anderson is President of the National Health Information Sharing and Analysis Center (NH-ISAC). Prior to NH-ISAC, she was a Vice President of FS-ISAC where for almost nine years she helped the ISAC grow and achieve its successful status in the information sharing community. She has over 25 years of executive management level experience in the private sector.

Denise currently serves as Chair of the National Council of ISACs (NCI) and as Chair of Working Group 2 of the new ISAO Standards Organization. She was instrumental in implementing a CI/KR industry initiative to establish a private sector liaison seat at the National Infrastructure Coordinating Center (NICC) to enhance information sharing between the private sector, CI/KR community and the federal government and serves as one of the liaisons. She is a health sector representative to the National Cybersecurity and Communications Integration Center (NCCIC) — a Department of Homeland Security-led coordinated watch and warning center that improves national efforts to address threats and incidents affecting the nation’s critical information technology and cyber infrastructure. Denise is certified as an EMT (B), Firefighter I/II and Instructor I/II in the state of Virginia and is a graduate of the Executive Leaders Program at the Naval Postgraduate School Center for Homeland Defense and Security.

Back to Top