Bringing identity and access management to the next level and investigating the potential that blockchain offers to improve the management of device IDs are among the priority security projects at Sentara Healthcare, an integrated delivery system serving Virginia and North Carolina, says CISO Daniel Bowden.
When it comes to ID and access management, "we're trying to uplift what we have," Bowden says in an interview with Information Security Media Group at the HIMSS18 conference, where he made a prsentation on critical cyber lessons.
"In 2017, we did a large two-factor authentication implementation that was very successful. Now we want to uplift things like privileged access management on critical IT assets and we also want to get better reporting and auditing of activity in all our clinical systems," he says.
"It's really taking things to another level, because once you start doing that through user behavioral analytics tools that can show you a view of activity you haven't seen before, that gives you more data to refer to and more events to investigate."
Blockchain's potential in healthcare is being explored in different ways by various organizations in the sector, and Sentara is also looking for innovative ways the technology might improve device identity management, Bowden says.
"We've been talking to some very smart researchers - and one has patented and commercialized a blockchain solution in the past - and we're going to be working together ... to develop [a solution] on our network a platform that will help us manage the identity of devices and state," he says.
In the interview (see audio link below photo), Bowden also discusses:
- Other ways blockchain might be applied to improve cybersecurity in healthcare;
- Approaches to cyber threat hunting;
- Cyber challenges of larger healthcare entities versus smaller organizations;
- The most concerning emerging cyber threats facing the healthcare sector.
As CISO at Sentara Healthcare, Bowden is responsible for coordinating compliance with all security rules, as well as leading the information security risk management framework, risk analysis process and risk assessments for critical data and systems. Previously, he served as CISO for the University of Utah.