Q&A with United Musculoskeletal Partners CISO Krista Arndt: “Investing in Operational Partnerships is Key To Cyber Success”

The pressures that go along with leading cyber in a healthcare institution are daunting; some of which include the need to be perfect all the time, the fact that the industry is under almost constant attack, and the presence of financial margins that don’t leave IT with money to burn. Of course, combine all that with the reality that lives are usually on the line, and it’s no wonder the niche is seeing some burnout. Krista Arndt, CISO at United Musculoskeletal Partners notes that, while lives may not be on the line if some of her practices go down, qualify of life certainly is, as anyone slated for a knee or hip replacement can attest. In this interview with healthsystemCIO Founder & Editor-in-Chief Anthony Guerra, Arndt talks about why it’s important for cyber leaders to realize their department is a ‘trust center,’ how she’s partnered with operational leaders to absorb the ins and outs of healthcare, and why it’s just as important for other leaders to have cyber’s back as it is for cyber to have theirs.

This interview was conducted on 6/6/24, subsequent to which Krista Arndt has become Associate CISO at St. Luke’s University Health Network 



LISTEN HERE USING THE PLAYER BELOW OR SUBSCRIBE THROUGH YOUR FAVORITE PODCASTING SERVICE. 



Bold Statements

You always hear: have your team’s back. But the same goes for the rest of your organization in having your back and saying, ‘look, we know that something is going to happen so show due diligence, minimize the damage, and do your best and do what’s ethically right within the constraints of what you have to work with.’

I have found that with security in healthcare, getting the time with people for BCP is tough. It’s not that they don’t want to do tabletops or they don’t want to train; they actually want to because they all love to learn – which I think is one of the things that drew folks into medicine – but just getting the time … they’re already working 10, 12 hour day and then you’re like “oh, by the way, I need one more of your hours – because we can’t do it during clinic – to just do a quick tabletop.”

I think that if you don’t have sympathy and you aren’t an empathetic person, you shouldn’t be working in security …

Anthony: Welcome to healthsystemCIO’s interview with Krista Arndt, CISO at United Musculoskeletal Partners. I’m Anthony Guerra, Founder and Editor-in-Chief. Krista, thanks for joining me.

Krista: Thank you, sir. It’s very nice to be here.

Anthony: Excellent. Looking forward to having a nice chat. Why don’t you start off, tell me a little bit about your organization and your role?

Krista: My name is Krista Arndt. I’m the CISO at UMP and it is my job to oversee the national strategy for all the practices that we help manage. UMP is the largest orthopedic system in the nation. We have presence in three different states or three different markets which is Georgia, Colorado and Texas, and all the practitioners and all of the employees and leadership essentially trust us to keep the patients safe, to keep operations going and unify security strategy while helping them to maintain their unique identities and what made them successful in the first place.

Anthony: Very good. You’ve spent most of your career outside of healthcare. Talk about any learning curve you’ve faced to really understanding the operations – which I’m told is a huge part of being a successful cyber executive.

Krista: Of course, that’s a really important topic, and I can say that you hear it a lot in security that you need to speak the busines...