Mayo Clinic CISO Jim Nelms, who previously spent 14 years at The World Bank securing financial information in war-ravaged countries and regions devastated by natural disasters, says protecting health-care information is far more difficult. "Medicine is 10 to 15 years behind in IT practices than other industries," he said. To hunt for nascent problems, Mayo Clinic has created a "threat intelligence group" within security. The group's founder recently quit for a vendor job, illustrating one of the tougher CISO challenges: keeping good people. CIO Journal talked with Mr. Nelms about what makes health-care vulnerable and why cybercriminals win. [Subscription Required]