It was on the battlefields of Iraq that Heather Roszkowski truly learned the importance of information security.
In 2005, she became the information assurance manager for the U.S. Army's 25th Infantry Division, based in Hawaii. There, she built a team and, following deployment to a base north of Baghdad, stood up a complete information security system. Throughout her 12-month deployment, she was responsible for the information assurance and computer network defense programs.
What made Ms. Roszkowski want a career in information security after her time in the military was being able to clearly see the benefit of her work.
"When you're in a combat environment, you're putting in place tools that protect data about where soldiers were, where they're going, what equipment they have," she says. "It's obvious, the importance of protecting data like that."
She took lessons learned in Iraq to her current position as Fletcher Allen Health Care's chief information security officer.
As the Burlington, Vt.-based organization's CISO, Ms. Roszkowski is in charge of protecting all sensitive data, including patients' protected health information, financial information and demographic and other personally identifiable information. Working with an IT analyst and engineer, she vets new hardware and software to ensure it meets the organization's data security standards and researches and implements new data security tools.
Her goal is to ensure all Fletcher Allen's sensitive data, like the Army communications she once handled, is confidential, available and trustworthy.
"It needs to be confidential, but you can't treat a patient unless you have access to it," she says. "And I never want a physician questioning whether [patient] information is accurate, or worse, hacked."
In addition to her Army training, Ms. Roszkowski says the level of support she has received from Fletcher Allen has been crucial to her success. "I could have all these great ideas or do the research for new products, but if the organization wouldn't support my analysis or purchase what is needed, it would make my job extremely difficult," she says. "But at Fletcher Allen, I have been able to put into place the tools necessary and I feel I have the support of the organization to do what I need to do."
Ms. Roszkowski is Fletcher Allen's first CISO. Before January 2012, the health system, like many across the country, did not have a dedicated information security executive. At Fletcher Allen, what are now her responsibilities were tacked on to another IT executive's duties. After more than two years in the position, Ms. Roszkowski has come to see the value in a CISO.
"This job is huge," she says. "No one can do it justice, no matter how good you are, if you're part time."
She adds, "You'd be constantly battling with yourself about priorities, and [to successfully protect data], your priority has to be data security."
More Articles on Information Security:
5 Steps For Protecting Patient Data When Dealing With Vendors
Texting Just the Beginning of Communication Security Concerns for Healthcare Providers
Hospital Equipment Can Be Very Easily Hacked, Says Essentia Health Leader