Q&A with CISO Dan Bowden, Part 2: “You Learn to Pick Your Battles.”

“As a CISO, you need to think about what’s in it for the business.”

With that statement, Daniel Bowden confirmed what many industry experts have already recognized: that the CISO position – much like the CIO – has evolved significantly in recent years. It’s no longer just about keeping information secure (and, consequently, keeping patients safe); it’s about introducing solutions in a way that can help enable the business without interrupting clinical workflow.

During a recent interview, Bowden talked about the unique challenges facing information security leaders as health systems battle Covid-19, the opportunities that exist to create better relationships with users, and what he believes are the keys to maintaining a solid security strategy. He also talks about the valuable lessons he learned while serving in the US Air Force, why he believes mentoring is so critical, and what he believes sets Sentara apart from other organizations.

LISTEN HERE USING THE PLAYER BELOW OR SUBSCRIBE THROUGH YOUR FAVORITE PODCASTING SERVICE. 



Key Takeaways



* With the right approach, solutions like identity proofing can be sold not just as offering security benefits, but also helping to bring in revenue.

* For Bowden, spending time in academics before coming to Sentara helped him learn “to work in a world of managing assets security-wise, where there wasn’t nearly as much homogeneity.”

* For cybersecurity in healthcare, perhaps the biggest game-changer from a policy standpoint was reporting of breaches being assigned to the Office for Civil Rights.

* One of the biggest benefits of serving in the military was the “continual leadership and mentorship training” often missing in the civilian world.





Q&A with Dan Bowden, Part 2 [Click here to view Part 1]

Gamble:  So it’s really important for an organization to have that foundation.

Bowden:  Exactly. When you put that together, then you’ve got two-factor authentication and privileged access management on devices — in terms of security, all of a sudden, you’re pretty hard to beat. If you’re doing a good job blocking exposure to your software vulnerabilities — if not patching them out right, you now have become a pretty challenging target, and I think a lot of bad actors will look elsewhere. That’s one of the big ones I’m focused on, not just for Sentara but for all of healthcare.

Gamble:  When you talk about making a case or tying these things to the overall business goals, it seems like that has become a key part of the CISO strategy.

Bowden:  It absolutely is. With identify proofing, I can describe a way to improve your experience, but we have physicians who bounce through different parts of our hospital, or go from hospital to hospital. We have 12 now; we’ll soon be part of a health system with 18 hospitals; they have a lot of authentication and identity friction. Maybe with a solution, I can, if not eliminate it, reduce by 80 or 90 percent. That’s a business enabler. It’s managing the provider directory and the credentialing process for physicians, and taking the friction out so that when we bring on a new physician, we reduce the credentialing process down to where they are now helping us bring in revenue much quicker than normal.

With patients, it’s managing our master patient index more accurately, which helps improve efficiency on billing and accuracy in charting. But you’re right, as a CISO, you need to think about what’s in it for the business.