Healthcare: Getting Security Right This TimeCISO of Sentara Healthcare on Implementing Best Practices at a Time of Transition
As the healthcare sector implements a variety of new applications and increasingly moves to the cloud, it has a fresh opportunity to address security, says Daniel Bowden, CISO at Sentara Healthcare, an integrated delivery system serving Virginia and North Carolina.
Although some healthcare organizations rushed into adopting certain technologies, they're now better positioned to implement best practices when moving to the cloud, he says in an interview with Information Security Media Group.
"Now as we look at evolution into new technologies and moving into the cloud, we have a different challenge and a different opportunity," Bowden says.
Getting It Right This Time
One key step, Bowden says, is to make sure security is addressed early in the software lifecycle development process and at the outset of other projects.
"There is more awareness of people in leadership that want [new technology] to work, but they also don't want a security incident or breach from it," he says. "They will go to the organization and ask for security's involvement."
In this interview (see audio link below photo), Bowden also discusses:
- Tips for working with development teams during the software development life cycle;
- Questions CISOs should ask before moving sensitive healthcare information to new platforms, such as the cloud;
- Lessons to learn from past missteps in rushing to implement new technologies.
Bowden is vice president and CISO at Sentara Healthcare. He is responsible for coordinating Sentara's compliance with all security rules, as well as leading information security risk management framework, risk analysis process and risk assessments for critical data and systems. Previously, he served as CISO for the University of Utah.