Matt Morton, Executive Director and Chief Information Security Officer, University of Chicago - Becker’s Healthcare Podcast

Summary4 min read

Becker’s Healthcare Podcast Summary

Episode: Matt Morton, Executive Director and Chief Information Security Officer, University of Chicago
Host: Hayley Rutger
Release Date: August 1, 2025

Introduction

In this episode of Becker’s Healthcare Podcast, host Hayley Rutger engages in an insightful conversation with Matt Morton, Assistant Vice President and Chief Information Security Officer (CISO) at the University of Chicago. Recorded live at Becker’s 15th Annual Meeting, the discussion delves into cybersecurity in healthcare, innovative technological advancements, and leadership in a rapidly evolving industry.

Background and Role

Matt Morton provides an overview of his professional journey and current responsibilities. With an 18-year background in security roles across education, healthcare, and corporate sectors, Matt emphasizes his primary focus on safeguarding research data and ensuring the secure use of systems and devices by clinicians.

"My goal is to make sure and enable that for the clinicians that are doing that research and making sure that they can come up with these breakthroughs." [04:21]

Recent Initiatives at the University of Chicago

Matt highlights a significant initiative undertaken in the past year: Phoenix AI, an artificial intelligence chatbot designed to enhance clinical research practices. The project emphasizes compliance with HIPAA standards to ensure patient data security and privacy.

"One of the things that I'm most proud of my team for doing is working on the basically certification to HIPAA standards of that chatbot." [01:41]

The implementation of Phoenix AI represents a stride towards integrating advanced AI tools while maintaining stringent security protocols, thereby supporting both clinical excellence and patient confidentiality.

Current Challenges in Healthcare Security

Addressing the pressing challenges in healthcare cybersecurity, Matt underscores the persistent vulnerabilities within the system. He points out the false sense of security that can lead to complacency, making organizations susceptible to breaches.

"There is. We are always a couple of steps away from one of those bad days." [02:45]

The advent of AI-powered cyber-attacks exacerbates these challenges, coupled with difficulties in recruiting and retaining qualified cybersecurity professionals. Matt elaborates on the complexities of managing security across diverse components of a large organization like the University of Chicago, which encompasses multiple entities such as the academic medical center and UChicago Medicine clinical operations.

Technological Innovations Transforming Healthcare

The conversation shifts to the transformative role of technology in healthcare. While Matt clarifies that his expertise isn't in specific medical fields like pediatric cancer, he emphasizes the critical role of cybersecurity in enabling medical breakthroughs.

"Making sure that the tools are compliant, learning these new tools... protect that data." [04:21]

He discusses emerging technologies like advanced encryption methods and federated learning with AI models, which allow for data analysis without compromising privacy. These innovations not only safeguard sensitive information but also assist clinicians in their research and patient care endeavors.

"Federated learning with AI models... allow the models to learn and to teach us and maybe even act as assistance to our clinicians." [04:21]

Prioritizing Digital Healthcare Security

At the University of Chicago, the priority lies in balancing the integration of cutting-edge technologies with robust security measures. Matt's team continuously adapts to new tools and threats, ensuring that digital advancements contribute positively to patient care without introducing undue risks.

Leadership Lessons

Reflecting on his leadership journey, Matt shares valuable insights on managing change within an organization. He emphasizes the importance of adaptability and flexibility, both personally and within his team, to navigate the constant evolution of technology and threats.

"No matter what you do and how well you do it things will always change... you have to help your staff also be flexible and adaptable." [05:29]

Matt advocates for proactive change management, ensuring that staff are prepared to embrace new technologies and methodologies, thereby fostering a resilient and forward-thinking organizational culture.

Conclusion

The episode concludes with Matt expressing his commitment to enhancing healthcare security while supporting clinical research and patient care. His balanced approach to integrating technology with security ensures that the University of Chicago remains a leader in both innovation and data protection.

"It's to serve us to make lives better and to make the lives of our patients better." [05:29]

Hayley Rutger thanks Matt Morton for his participation, wrapping up an engaging and informative discussion on the intersection of cybersecurity, technology, and leadership in the healthcare sector.

Key Takeaways:

Phoenix AI: A HIPAA-compliant AI chatbot initiative aimed at supporting clinical research.
Security Challenges: Persistent vulnerabilities, AI-driven attacks, and staffing shortages in cybersecurity.
Technological Innovations: Advanced encryption and federated learning enhancing data security and clinical assistance.
Leadership: Emphasis on adaptability and proactive change management to navigate the dynamic healthcare landscape.

This episode offers a comprehensive look into the critical role of information security in healthcare, the integration of innovative technologies, and effective leadership strategies to ensure the safety and advancement of healthcare services.

Loading summary

Transcript14 lines

[00:00]
A
At Insight Global Health, we are dedicated to helping you and improving healthcare for everyone. That means building stronger teams and delivering sustainable solutions that truly make a difference. We offer a full spectrum of talent and technical services and deliver cross industry expertise to bring you innovative best practices to solve the problems that we face in healthcare. We're not just promising you results, we are delivering them. Visit us@insightglobal.com this is Hayley Rutger with the Beckers Healthcare podcast and we are recording live at the Beckers 15th annual meeting. I am thrilled today to be joined by Matt Morton, Assistant VP and Chief Information Security Officer for the University of Chicago. Matt, thank you so much for joining me today.
[00:42]
B
Thank you.
[00:43]
A
Now, before we begin, can you go ahead and introduce yourself, your background and a little bit more about your organization?
[00:48]
B
Sure. So, like you said, I'm Matt Morton. I'm an Assistant Vice President, Chief Information Security Officer for the University of Chicago. My background is largely education and healthcare and corporate in the security roles that I've held over the last 18 years, most of them as a CISO in most organizations. And so to ensure, you know, that we understand my perspective, you know, most of the healthcare information and things that I use that I work with are related to research and how clinicians are actually using their research and maybe the systems and devices that, that they work with in their research.
[01:30]
A
Thank you so much for sharing your experience with us. Now I really want to dive deeper into the last 12 months at university of Chicago. So what's an initiative you took on that you're particularly proud of?
[01:41]
B
Yeah, that's. That's a great question. Of course, there's always never a never ending supply of work in security. Right. There's always lots to protect with and so forth. And so what we do is we work hard to ensure that our clinicians and our staff and our faculty are protected from the worst day. We don't want the worst day to happen. But one of the fun things we got to do that we've done is this thing called Phoenix AI. And what Phoenix AI is, is it's an artificial intelligence chatbot. Well, we had to secure that. Right? And we're still in the process of doing that. But one of the things that I'm most proud of my team for doing is working on the basically certification to HIPAA standards of that chatbot. So we can use that as we go forward in our clinical research practices and other things that we're doing with related to improving health care for our patients and for the people that, you know, we Serve every day at the university.
[02:40]
A
Absolutely. Now, what's a significant challenge that you guys are currently facing in the healthcare industry?
[02:45]
B
Yeah, I think one of the most significant challenges is the maybe the assumption that everything's okay. Right. Because it's not. Right. There's lots of gaps still, and it only takes the attackers one time to get through one of those gaps before we all have a bad day. And sometimes CISOs have a rightfully deserved reputation for being a little negative about that. But nonetheless, it is the truth. There is. We are always a couple of steps away from one of those bad days. And so that challenge is compounded by the use of AI by the attackers and also by the inability to find qualified staff. Right. Staff retention, making sure that we can retain our staff and making sure that we work with, you know, all of our components of our organization. You know, universities are like small cities, and we have multiple components to that. We have an academic medical center. Right. Where our clinicians are learning. And then we also have the University of Chicago Medicine UChicago Medicine clinical operation. Right. And so we all collaborate very closely to defend against these things. But as you can imagine, none of us have enough staff and or resources sometimes to do a fully thorough job like we need to.
[04:05]
A
Now, you mentioned AI just a little bit ago. I'd really like to pick your brain on the recent expansion of technology in the healthcare industry. So what technological innovations are transforming healthcare right now, and what are you prioritizing in regards to digital healthcare at your organization?
[04:21]
B
So to be clear, I'm not an expert in, I don't know, pediatric cancer or anything like that, but my goal is to make sure and enable that. Enable that for the clinicians that are doing that research and making sure that they can come up with these breakthroughs. These breakthroughs will happen, but we also have to protect the privacy and the security of the studies of the people in these studies to ensure that the data is not somehow used incorrectly. Right. So that's where my team comes in. Making sure that the tools are compliant, learning these new tools. Right. And then learning new and unique ways in which we can protect that data. So there are some things that are developing in the world of encryption, in the world of federated learning with AI models that will help us not reveal that data and but at the same time, allow the models to learn and to teach us and maybe even act as assistance to our clinicians.
[05:23]
A
Absolutely. Now, before we wrap up here, what is the biggest leadership lesson you've learned thus far?
[05:29]
B
I think the biggest leadership I've lessened is that no matter what you do and how well you do it things will always change Right and you have to be adaptable and flexible and work with that change and then you have to help your staff also be flexible and adaptable so that they can be a part of that change rather than perhaps being overly resistant or or get run over by the change. Right but but as change occurs and it's going to occur very rapidly in the next five years we have to balance that with you know making sure that people understand what the use of these tools are and how our how best technology used to serve us because that's what it's here for right? It's to serve us to make lives better and to make the lives of our patients better.
[06:13]
A
Well I really enjoyed our conversation today. Again this is Haley Becker with the Becker's Healthcare podcast recorded live at the Becker's 15th annual meeting. Matt, thank you so much.
[06:22]
B
Thanks Haley. Appreciate.