Dan Bart has joined cloud-based health care technology startup Virtual Health in the newly-created role of executive vice president of information security and implementation, reporting to CEO Adam Sabloff.
This role is Bart's first foray into the private sector, and he will be responsible for leading all of Virtual Health’s information security efforts, overseeing cybersecurity policies and procedures, as well as optimizing the implementation of the company’s solutions to best support client needs and protect sensitive client data.
Prior to joining Virtual Health, Bart served more than 13 years at the Defense Information Systems Agency where he was was responsible for the implementation and operation of information systems designed to defend the DoD information network and protect classified data of critical value to national security. He held numerous management positions at DISA overseeing and optimizing cyber situational awareness systems, field communications, NetOps, secure configuration management systems and other critical infrastructure for the Defense Information Systems Agency.
CSO caught up with Bart to learn more about his new role and the challenges that lie ahead.
What attracted you to this opportunity?
Moving from a public service career, I wanted to find a place where I was still working to make a difference. Virtual Health’s revolutionary model is redefining healthcare and making value-based care a reality, making it possible for millions of people now and in the future to receive proactive care and materially improving their quality of life. This a truly inspiring mission and I hope to be part of the next chapter, bringing Virtual Health’s technology to the next level.
At the end of your first 3 months, what does success look like?
Knowing the industry and the product, and establishing a plan for improving the security and capabilities of our client deployments.
When it comes to securing patient data, where does Virtual Health’s responsibility leave off and your clients’ responsibility begin?
Securing the product, securing the operating environment and securing the data will always be our top priorities. Our clients’ procedures and protocols are an important part of ensuring patient data remains secured. A united front, incorporating training, communications, and operations support will ensure both our company and our clients adhere to best practices.
Is establishing who bears responsibility for data security part of the policy and procedure work you will be doing?
Very much so. Security is not something that you can set and forget. Security is a continuous process that must underlie every facet of our business. Virtual Health already has excellent security policies and procedures in place. My goal is to review the current stance, identify additional opportunities for improvement, and ensure that we remain at the forefront of the industry in this critical respect.
Enterprises have long been wary about security of cloud services — even when those offering have been shown to be as secure as, if not more secure than, on-premise solutions — and I imagine health care organizations might be even more wary. How can you allay those fears for your clients and customers?
The reality is that cloud and on premise solutions are not necessarily much different when it comes to information security. In fact, cloud-based solutions can be more secure because they are housed in state-of-the-art data centers rather than homegrown facilities. It is in the cloud service providers’ business interest to ensure a highly secure environment. In addition, cloud solutions can be set up so that we can directly secure, monitor, and protect the data.