The New CISO Ep. 80: Life After Breach: How Hospitals Can Protect Patient Data with Jackie Mattingly
Podcast Transcript | Air Date December 1, 2022
Listen to Steve and Jackie discuss the unique challenges of working as a healthcare CISO and handling security breaches:
Meet Jackie (1:51)
Host Steve Moore introduces our guest today, Jackie Mattingly. Jackie is the CISO for Owensboro Health, a three-hospital system in Kentucky serving eighteen counties and two states.
Jackie knew she wanted to work in technology since she was a little girl, first sparked by the game Oregon Trail. Getting her degree in computer programming, Jackie reflects on how she gained the work experience needed to have the career she wanted.
News Days (7:04)
Steve asks Jackie about her time working at a local news publication and if she has met anyone interesting while there. Jackie shares that she mainly worked alone at night, loading the news articles to the website.
The Radiology Center (8:41)
Jackie’s next move into information technology was at a radiology imaging center, whose owner understood the importance of keeping up with technology.
In one of the first radiology centers with an MRI machine, Jackie reflects on connecting the other radiology systems to that machine and what you should consider when working with a new device.
Transitioning Through Acquistions (13:18)
When Owensboro Health acquired the radiology center, Jackie’s lifestyle changed. Now at a much larger organization with never-ending hours, Jackie had to meet the challenges of serving a 24-hour operation.
Preventing Burnout (17:17)
To prevent her staff from burnout, Jackie rotated calls and cross-trained each person so no matter what, people could take on each other’s roles during their on-call shift.
Jackie would also be available to dive into on-call sessions because she likes to help and get into the weeds of technology.
Leveraging New Tech (20:30)
Jackie has tested new technology for her companies throughout her career. Now managing the information technology for a hospital, Jackie recognized the difficulty of getting advanced technology for a larger company.
While it is understandable that the hospital focuses more on patient care than tech, Jackie shares how she and her staff were leveraged to get the hospital’s systems up to par.
Updating The Voice Network (25:43)
Steve presses Jackie on her role in upgrading the hospital’s voice network. With so many providers’ offices and clinics to service, Jackie did have to hire a consulting company to help with the project.
Although Jackie does not have a project management certificate, she does believe that training is valuable.
Phasing Into Information Security (29:32)
One day the FBI showed up at the hospital to state that an employee was stealing patients’ identities through their systems. Still, in her IT management role, Jackie was less information security-minded at the time.
Jackie was brought on to navigate this investigation and fell in love with the security world, leading to the next phase of her career. During this time, Jackie learned that she couldn’t quit obsessing over this breach and had the drive to solve security problems.
Becoming The CISO (34:22)
In 2013, Jackie moved from being the IT leader to officially the security leader. She then started auditing access to patients’ charts and finding other ways to protect others’ personal information.
Soon Owensboro acquired another hospital, and the FBI arrived again to share that there was an even more significant security breach from a malicious outsider. Since this breach was inherited from the newly merged hospital, Jackie had to work through their systems and determine how to handle the issue.
Money and Momentum (39:47)
Steve presses Jackie on how she handled having money and momentum in the security space. Jackie began putting inscriptions in place and building a security team who could help them with the organization’s overall mission.
Getting Involved Early (43:27)
After getting involved with another acquisition, Jackie explains how much easier that process was since they were brought on early. They were able to do their due diligence more effectively using their own products.
The New CISO (46:01)
To Jackie, being a CISO in healthcare is rewarding because you protect patients and their data.