Mayo Clinic's chief information security officer, Jim Nelms, is no longer with the clinic, the Post-Bulletin has learned.
Nelms is well-known nationally as an information security expert, with 14 years of experience with the World Bank. This month, he was to be featured in a webinar called, "The Changing Role of the Chief Information Security Officer: What Every CISO Should Know," also featuring the chief information security officer with Veracode.
Nelms could not be reached for comment this morning.
Mayo spokesman Karl Oestreich confirmed today that Nelms is no longer with the clinic, saying in an email that Nelms had "recently resigned from Mayo Clinic. We are thankful for the contributions Jim has provided to Mayo Clinic since 2013, including the formal establishment of the Office of Information Security. We wish Jim success in his future endeavors."
Oestreich said Mayo has begun a search for a new chief information security officer.
According to his LinkedIn page, Nelms had been CISO at Mayo since March 2013. He was with the World Bank from 1999 to 2013. His LinkedIn page describes him as "a leading information security and risk management practitioner with a broad experience in creating, transforming and sustaining architectures for protecting organizations and their information assets."
Nelms has often been cited in national media on health information security issues. In a story with the headline, "Most large health organizations have already been hacked -- twice," Nelms said defending against data breaches was extremely difficult and "the adversary is way ahead of us right now."
Nelms said in that story, published last summer on the Advisory Board Company website, that it can be difficult to convince "hospital staff" that cybersecurity is necessary. "When (Nelms) implemented a stronger authentication system for the organization's network, 'A lot of the response was, 'We live in a cornfield in the middle of Minnesota. Who wants to hurt us?' he says."