Fractional Executive Leadership for Healthcare

I built security programs protecting 1,700+ healthcare clients across the continuum of care. HIPAA compliance, incident response, board reporting, and transaction readiness from someone who understands both the clinical and operational reality.

Get The Operator’s Take

Rick Passero speaking at a healthcare cybersecurity panel

The Healthcare Security Challenge

Healthcare organizations face a unique challenge: patient care must never stop, but neither can the compliance clock. HIPAA, insurance requirements, and patient trust demand security leadership that understands both the clinical and operational reality.

PE roll-ups are transforming healthcare, creating transaction triggers and integration complexity. Cyber insurance requirements are tightening. Ransomware actors target healthcare specifically because they know you can’t afford downtime. You need security leadership that can navigate all of this without disrupting care delivery.

Healthcare Security Experience

Healthcare MSP Leadership

CIO/CISO at Anatomy IT serving healthcare providers and business associates across the continuum of care

HIPAA Expertise

Deep background in HIPAA Security Rule compliance, risk analysis methodology, and regulatory readiness

Healthcare Incident Response

Led critical incidents in regulated healthcare environments, including ransomware, data exfiltration, and breach response

Healthcare Industry Panelist

Speaker at WCA Healthcare cybersecurity panel; active in DVHIMSS (Delaware Valley HIMSS Chapter)

How I Help Healthcare Organizations

Build HIPAA-compliant security programs that satisfy OCR expectations
Develop vendor oversight and business associate management frameworks
Prepare for cyber insurance renewals with documented controls
Lead incident response without disrupting patient care operations
Create board reporting that translates cyber risk for non-technical leadership
Navigate PE transaction requirements and post-acquisition integration

“He fundamentally changed what we offer as an MSP. He built and productized a full cybersecurity program suite, including our security operations center, turning security from a one-off service into a repeatable offering. That work didn’t just improve client protection, it became a growth engine for the company.”

Zandy McAllister, vCISO, Anatomy IT

Frequently Asked Questions

Yes. I’ve built HIPAA compliance programs, conducted Security Risk Analyses, and helped healthcare organizations prepare for OCR audits. I understand both the regulatory requirements and the operational reality of implementing controls in clinical environments where patient care can’t stop.

Yes. Cyber insurance carriers are requiring more controls and documentation every year. I help healthcare organizations understand what carriers are actually asking for, implement the controls that matter, and document your program in a way that satisfies underwriters.

Third-party risk is one of the biggest exposure points for healthcare organizations. I build vendor oversight frameworks, BAA management processes, and due diligence procedures that satisfy HIPAA requirements and actually reduce risk.

Healthcare PE roll-ups are one of my core areas. I’ve done diligence on healthcare organizations and integrated acquired entities. I know what PE firms expect in terms of security maturity, what gets flagged during diligence, and how to integrate without disrupting operations.

I’ve led 25+ critical incidents in healthcare environments, including ransomware, data exfiltration, and situations requiring breach notification. I coordinate response, manage communications, work with forensics and legal partners, and ensure you meet regulatory notification requirements.

Healthcare Security Leadership

Patient care can’t stop, but neither can the compliance clock. The Operator’s Take is a complimentary conversation about your security posture and whether your current structure is aligned with where you’re headed.