Catholic Health’s Duemling Says Cybersecurity Should Be Managed Like a Chronic Condition

In his first year at Catholic Health, CISO Keith Dumling blended rapid listening with decisive action, leveraging an already mature security program. By conducting a comprehensive listening tour across clinical, technical, and business leaders, he identified immediate pain points and secured quick wins that demonstrated value without disrupting operations. This collaborative approach allowed him to craft a transparent roadmap that aligns cybersecurity initiatives with the organization’s mission and operational priorities, setting a solid foundation for long‑term resilience.

Dumling frames cybersecurity as a chronic condition, akin to ongoing patient care. Rather than treating security as a one‑off project, he advocates for a continuous care plan that evolves with clinical demands, regulatory shifts, and emerging threats. This mindset emphasizes flexibility—adjusting strategies during events like pandemics or labor shortages—while maintaining a steady focus on protecting patient outcomes and organizational agility. By positioning security as an integral part of the health system’s lifecycle, the team avoids the pitfalls of a siloed, cost‑center perception.

Artificial intelligence emerges as both a catalyst and a risk vector in Dumling’s strategy. He promotes secure AI enablement, integrating tools for incident triage, operational efficiency, and decision support while establishing guardrails to mitigate misuse. Governance plays a pivotal role, ensuring transparency, measurable outcomes, and bi‑directional communication with stakeholders. This open dialogue reduces shadow IT, builds trust, and aligns security investments with business value, ultimately supporting Catholic Health’s mission of superior patient care and a thriving workplace.