In this episode of The New CISO, Steve is joined by Jackie Mattingly of Owensboro Health.With a passion for technology since childhood, Jackie first began her career in IT. Today, she shares how an experience with a malicious insider transitioned her into a career in information security. Listen to the episode to learn more about Jackie’s career journey, navigating company acquisitions, and protecting patients’ data.Listen to Steve and Jackie discuss the unique challenges of working as a healthcare CISO and handling security breaches:Meet Jackie (1:51)Host Steve Moore introduces our guest today, Jackie Mattingly. Jackie is the CISO for Owensboro Health, a three-hospital system in Kentucky serving eighteen counties and two states.Jackie knew she wanted to work in technology since she was a little girl, first sparked by the game Oregon Trail. Getting her degree in computer programming, Jackie reflects on how she gained the work experience needed to have the career she wanted.News Days (7:04)Steve asks Jackie about her time working at a local news publication and if she has met anyone interesting while there. Jackie shares that she mainly worked alone at night, loading the news articles to the website.The Radiology Center (8:41)Jackie’s next move into information technology was at a radiology imaging center, whose owner understood the importance of keeping up with technology. In one of the first radiology centers with an MRI machine, Jackie reflects on connecting the other radiology systems to that machine and what you should consider when working with a new device.Transitioning Through Acquisitions (13:18)When Owensboro Health acquired the radiology center, Jackie’s lifestyle changed. Now at a much larger organization with never-ending hours, Jackie had to meet the challenges of serving a 24-hour operation. Preventing Burnout (17:17)To prevent her staff from burnout, Jackie rotated calls and cross-trained each person so no matter what, people could take on each other’s roles during their on-call shift.Jackie would also be available to dive into on-call sessions because she likes to help and get into the weeds of technology. Leveraging The Team (20:30)Jackie has tested new technology for her companies throughout her career. Now managing the information technology for a hospital, Jackie recognized the difficulty of getting advanced technology for a larger company.While it is understandable that the hospital focuses more on patient care than tech, Jackie shares how she and her staff were leveraged to get the hospital’s systems up to par.Updating The Voice Network (25:43)Steve presses Jackie on her role in upgrading the hospital’s voice network. With so many providers’ offices and clinics to service, Jackie did have to hire a consulting company to help with the project.Although Jackie does not have a project management certificate, she does believe that training is valuable.Phasing Into Information Security (29:32)One day the FBI showed up at the hospital to state that an employee was stealing patients’ identities through their systems. Still, in her IT management role, Jackie was less information security-minded at the time.Jackie was brought on to navigate this investigation and fell in love with the security world, leading to the next phase of her career. During this time, Jackie learned that she couldn’t quit obsessing over this breach and had the drive to solve security problems.Becoming The CISO (34:22)In 2013, Jackie moved from being the IT leader to officially the security leader. She then started auditing access to patients’ charts and...