Joel Burleson-Davis of Imprivata discusses the future of cybersecurity in healthcare and manufacturing, focusing on third-party threats and innovative solutions.
As cybersecurity becomes an increasingly critical concern for industries with life—and mission-critical operations, the role of companies like Imprivata has never been more vital. Joel Burleson-Davis, Senior Vice President of Worldwide Engineering at Imprivata, discusses the growing challenges facing the healthcare and manufacturing sectors, particularly third-party access. As cyberattacks grow more sophisticated, the need for robust, adaptive security solutions has never been more pressing.
In this interview, Burleson-Davis offers insights into how Imprivata is shaping the future of cybersecurity, leveraging AI, innovation, and strategic partnerships to protect sensitive data and maintain operational integrity.
How will cybersecurity in life- and mission-critical industries evolve in the next 3-5 years, and what are your biggest global challenges?
In recent years, cyberattacks targeting critical US sectors have become more sophisticated and destructive, with healthcare particularly vulnerable, and supply chain or third-party vectors have been increasingly targeted for those cyberattacks. Breaches at organizations like Change Healthcare and Ascension have led to severely disrupted care delivery and steep recovery costs. According to Imprivata’s latest report, “The State of Third-Party Access in Cybersecurity,” 47 percent of organizations suffered a third-party security incident in the past year, underscoring the critical role of cybersecurity in maintaining operational supply chains and critical services.
Over the next few years, third-party threats will continue to be a major challenge facing life and mission-critical industries. The same Imprivata report revealed that 64 percent of respondents believe attacks due to third-party network access will either increase or remain alarmingly high over the next 12 to 24 months. The risks associated with third-party access are too significant to ignore, and organizations will need to implement stricter access controls to monitor third-party activities and prevent data breaches due to too much access.
Also Read: How YugabyteDB Future-Proofs Enterprise Data with Scalability and Resilience
Cloud adoption is accelerating in healthcare. How is Imprivata safeguarding patient data in this increasingly complex environment?
As healthcare organizations increasingly leverage cloud-based applications and manage third-party vendors, implementing and actively maintaining alignment with security and compliance frameworks like SOC 2 (System and Organization Controls), NIST, and the CSM from the Cloud Security Alliance, will be vital for maintaining security practices fit for a cloud-based operating environment. Such frameworks require organizations to incorporate more robust capabilities around security monitoring, third-party vendor risks, and data integrity.
Imprivata enhances security for patient data (whether in the cloud or not) by offering access management solutions that identify users, automate workflows, and secure access. Imprivata helps ensure sensitive patient data is safe and secure as it is accessed across different systems and cloud platforms – working to ensure only the right people have access to the right data securely and efficiently.
How does Imprivata foster innovation within its engineering teams to anticipate emerging cybersecurity threats?
Imprivata supplies diverse solutions for our customers, from frontline worker access to shared workstations and mobile devices to remote third-party access to critical backend services to data analytics to detect if the most sensitive data in our organizations is being misused. While there is a large scope in our access management portfolio, we have one engineering and product organization that we operate on, with the expectation of collaboration and shared learning. As we learn and innovate in one area, we make sure that other teams in other areas have insight into the why, what, and how of that innovation (or threat response).
Beyond the hype, how are AI and machine learning practically integrated into Imprivata’s solutions to enhance threat detection and response?
Organizations are increasingly turning to AI and automation to keep up with the complexity of rising cyber threats; it has been an effective tool for augmenting the work of security and engineering professionals, especially in the face of the skills shortage we find ourselves in. However, while AI helps businesses strengthen their security, it also accelerates the threat environment by offering the same aid or advantage — presenting new opportunities for bad actors to exploit and steal sensitive data. In AI, a pragmatic, effective, and actively maintained security program for sensitive health information is crucial to protect patient privacy, prevent unauthorized access, and ensure HIPAA compliance. Regardless of the source of the attack and whether it was AI-enabled, healthcare organizations suffer from lost business, damaged reputations, and reduced profit margins when privacy and security breaches occur.
Imprivata integrates AI and machine learning into its solutions, such as our Access Compliance suite, which includes Patient Privacy Intelligence and Drug Diversion Intelligence, to detect this mishandling of patient data and controlled substances. Additionally, with Imprivata Enterprise Access and Patient Access, we leverage AI and ML to ensure an accurate facial biometric match to prevent Patient Misidentification or to ensure fast authentication to shared workstations and appropriate controls when prescribing controlled substances.
Also Read: Inside Identity Fraud: Tactics, Tech, and How to Stay Safe
What emerging technologies or trends will most significantly impact the future of healthcare cybersecurity?
Looking ahead, identity security challenges in healthcare are making way for a passwordless future while embracing the continued complexity of the third-party ecosystem. Passwordless technology will enhance data security and improve workflow efficiency across varied user populations by eliminating the need for passwords. Organizations can protect sensitive data, boost operational efficiency, and enhance patient care by adopting passwordless authentication tailored to complex and varied healthcare systems.
Additionally, as mobile devices become more integral to healthcare settings, replacing workstations and desktop computers, the need for identity-centric mobile access and security strategies has never been more critical. Organizations can manage use across various devices and locations by personalizing mobile devices to each user’s digital identity — extending operational capabilities beyond traditional boundaries. In 2025 and beyond, mobile access solutions will be a top priority for healthcare organizations as they look to safeguard access to protected health information (PHI) without disrupting clinical workflows.
What’s Imprivata’s future cybersecurity roadmap, and what advice do you have for aspiring cybersecurity professionals?
Imprivata will continue enhancing mobility, biometrics, and access management solutions to streamline efficiency and security. As mission-critical organizations face increasing pressure from escalating cyber threats, complex regulatory changes, and limited cybersecurity resources, our mission remains to protect sensitive data from internal and external security threats.
The threat to critical infrastructure underscores the need for robust cybersecurity strategies encompassing first- and third-party systems. This balanced approach will be crucial for security leaders across industries like healthcare, finance, and manufacturing to effectively mitigate cyberattack risks, safeguard data, and maintain compliance with industry regulations.
