CISO Connie Barrera: Don't forget about cybersecurity basics


Having simple protections in place is key to keeping health data safe, says Jackson Health System Chief Information Security Officer Connie Barrera, but often the complexity of cybersecurity can make organizations forget about the basics.

Barrera outlines some of those tried and true policies in a post at They include:

  1. Yearly testing. An outside provider should test systems and programs for vulnerabilities at least once a year, she writes, and can also bring a fresh perspective to the table.
  2. Monthly vulnerability scanning. Having a simple scanning solution to check for issues is an “extremely viable” resource, she says. This will help organizations easily see risks and have the ability to quickly fix them.
  3. Consistent IT employee training. Barrera says often it’s assumed that IT people know how to deal with every kind of issue, but that’s not necessarily true. “The business should not leave competence to chance,” she says. “[O]rganizations can’t send every single person to training, but we need to do a better job in this area.”

Rick Kam, president and cofounder of ID Experts, told FierceHealthIT in May that lax cybersecurity often boils down to the issue of accountability.

Free Daily Newsletter

Like this story? Subscribe to FierceHealthcare!

The healthcare sector remains in flux as policy, regulation, technology and trends shape the market. FierceHealthcare subscribers rely on our suite of newsletters as their must-read source for the latest news, analysis and data impacting their world. Sign up today to get healthcare news and updates delivered to your inbox and read on the go.

“Someone has to take responsibility to make sure risk assessments are done and there has to be follow-through on the appropriate investments to make sure data is secure," he said. "Organizations are making investments, but they seem not to be making them in a way that's reducing the problem."

Suggested Articles

Hospitals are already signaling a legal challenge to a final rule from CMS on price transparency, but the agency is ready.

Aleksandr Pikus, 44, of Brooklyn, was found guilty of one count of conspiracy to commit money laundering and two counts of money laundering.

CMS issued a proposed rule and a final rule aimed at increasing price transparency from hospitals and insurers.