In a rapidly evolving healthcare landscape, cybersecurity leaders are under pressure to not only protect sensitive data but to drive strategic value and build trust

Join Devin Shirley from Arkansas Blue Cross Blue Shield and Ryan Patrick from HITRUST as we discuss how frameworks like NIST, HITRUST, and others are being actively leveraged to go beyond checkbox compliance — enabling organizations to scale security programs, accelerate adoption, and align with both customer expectations and internal strategic goals.

We'll dive into:

  • The latest regulatory changes impacting healthcare security programs 
  • How leading organizations are operationalizing frameworks for measurable impact
  • Tips to align security efforts with business strategy and customer demands
  • Real-world lessons on gaining executive buy-in and driving adoption across teams

Whether you're building, maturing, or scaling your cybersecurity program, this session will equip you with actionable insights to move faster — and smarter.


Featured Speaker

Scott Mattila

SVP, Product Strategy and Chief Security Officer, Cybersecurity, Health Catalyst

Scott Mattila is the Chief Operating Officer/Chief Security Officer at Intraprise Health, a Health Catalyst Company, overseeing cybersecurity service delivery and operations, including the BluePrint Protect™ platform. With over 15 years of experience in information technology and healthcare, Scott specializes in supporting operational and security executives in diverse healthcare organizations.

Featured Speaker

Ryan Patrick

VP of Adoption, HITRUST

Ryan Patrick brings over two decades of leadership in cybersecurity, risk management, and information technology. Currently serving in a senior leadership role at HITRUST, Ryan plays a key role in advancing trusted assurance programs and cybersecurity framework adoption across critical industries. Before joining HITRUST, he was the Senior Vice President of Security at Intraprise Health, and held influential positions at MetLife and Memorial Sloan-Kettering Cancer Center, where he led enterprise risk assessments and compliance initiatives aligned with HIPAA, ISO 27001, NIST 800-53, and PCI-DSS. His work has consistently focused on building scalable, trustworthy security and compliance programs that reduce risk and instill confidence. A retired U.S. Army Colonel, Ryan’s career spans both combat and corporate command. He led airborne and tank units, served as a communications officer supporting frontline operations, and brings the discipline, strategic clarity, and mission focus developed over a 20-year military career to every endeavor. He holds a Master of Strategic Studies from the U.S. Army War College and an MBA from Norwich University.

Featured Speaker

Devin Shirley

Chief Information Security Officer, Arkansas Blue Cross Blue Shield

Devin Shirley is the Chief Information Security Officer at Arkansas Blue Cross and Blue Shield, where he has developed a comprehensive cybersecurity program to safeguard members’ data and reinforce regulatory compliance. A U.S. Army West Point graduate and former Signal Corps officer, he leverages his military discipline and leadership to build resilient defenses and train teams across both digital and physical security domains. Outside of his CISO role, he is a third‑degree black belt and level six Krav Maga instructor, running Krav Fit to teach self‑defense to military, law enforcement, and civilians

Watch Now