The shortage of qualified, experienced cybersecurity professionals is a problem that faces all industry verticals, not simply the healthcare industry. However, the increased need for cybersecurity talent to help combat evolving threats (including the rise of wearable healthcare technology) has led to official guidance from the Healthcare and Public Health Sector Coordinating Council (HPH SCC) on how to hire.
On June 17, the HPH SCC released the Healthcare Industry Cybersecurity Workforce Guide to provide guidance on how to hire CISOs and other cybersecurity related roles. The guide encourages leaders in healthcare organizations to hire students, transition existing IT staff into the roles and create development programs to help train up other members of the organization.
Cybersecurity in Healthcare is a Growing Concern
Reports on the state of cybersecurity in the healthcare industry have highlighted the need for improvements. In 2017, the Department of Health and Human Services Health Care Industry Task Force found that 75 percent of hospitals did not have a dedicated security person.
Furthermore, a report from the Ponemon Institute in 2018 found that 79 percent of healthcare organizations struggle when it comes to recruiting cybersecurity staff and almost half of all surveyed organizations did not have a CISO.
Although these reports are from previous years, the state of cybersecurity in healthcare has not changed much. Awareness of the problem is increasing all the time, but it seems solutions are not being adopted at the same rate.
Getting Students into Cybersecurity
An obvious method to overcoming the skills gap in cybersecurity is to start getting young people into the industry as early as possible. Organizations in the healthcare industry are encouraged to hire students into cybersecurity-related roles on an internship or part-time basis to help learn and develop the skills that will help them become full-time cybersecurity professionals.
The benefits of hiring students into these roles are twofold. Firstly, as organizations who have already adopted this method know, many students already possess cybersecurity skills that make them a valuable asset to the team. Secondly, students naturally have a desire to develop their own skills and generally step into their first role with enthusiasm and high work-ethic.
The first step should be to create a list of daily, weekly and monthly tasks required for compliance or general security best practices. You will then be able to decide which of these tasks can likely be undertaken by students to help share the workload amongst the IT team.
Converting IT Professionals into CISOs
Often, healthcare organizations already possess the resources to overcome the skills gap in-house. Existing IT staff within the organization may already have the skills and desire required to step into cybersecurity roles.
There are a number of courses out there that are both affordable and provide well rounded cybersecurity training; CSSP and the healthcare specific HCSSP, two name a few. Both of these courses allow your IT staff to compare their own skills against that of cybersecurity professionals to show how they need to develop to step into the role.
Organizations should make sure that they have a development plan in place for IT staff within the organization that are looking to make the step into cybersecurity. A well-formulated roadmap and potential incentives would both go a long way to ensuring you are getting the most out of your current talent.
Cybersecurity Solutions for Healthcare
The rise in the number of Data Security Platforms on the market is great news for healthcare organizations. It is now more likely than ever that you will be able to find a platform that helps you to meet your needs and falls within your budget.
Data Security Platforms enable you to automate and simplify many of the tasks that would otherwise require you to hire for. IT staff can free up their time by generating pre-set compliance and security reports, instead of having to trawl through raw log data, for example.
Several Data Security Platforms cater specifically for the healthcare industry, with reports tailored to meet HIPAA compliance. Such solutions are vital when it comes to getting better visibility into the state of your security without having to hire externally.