It is widely known within the cybersecurity field that there is a severe talent shortage. Organizations across all industries are facing major challenges in staffing their security teams to protect themselves from cyber threats. Healthcare, along with finance and retail, is one of the most commonly-targeted industries by cybercriminals.
As the (ISC)2 Cybersecurity Workforce Study revealed, the deficit of cybersecurity professionals has reached critical levels, at nearly 3 million worldwide. According to the March 2018 McAfee Labs Threat Report, healthcare is the most targeted of any sector for cybersecurity attacks. Ransomware attacks, specifically in the healthcare sector, increased by 210 percent between 2016 and 2017.
Several academic programs have begun to address filling the workforce pipeline issue. Through its International Academic Program, (ISC)² works with academic and higher education institutions around the world to support their cybersecurity curriculum development, teaching and course creation initiatives for cyber, information, infrastructure and software security. Developed to equip graduates and academic staff with much-needed cybersecurity skills, this program provides access to the professional knowledge maintained by (ISC)²’s certified membership of practicing professionals.
This month, the University of Texas McCombs School of Business announced its Leadership in Health Care Privacy and Security Risk Management certificate, believed to be the first of its kind in higher education. The program aims to “enhance healthcare response and recovery capabilities.”
UT’s certification involves an eight-week class, and the first 16 students completed the coursework in August, according to a news release from the school. Its focus on healthcare aims to create a pipeline for much-needed cybersecurity expertise in one of the industries that needs it most.
The program will be offered again in the spring of 2020, giving students the option of attending classes in person, remotely or a combination of both. These prepared graduates will be on the front-line of defense securing the systems that deliver life-saving services and protect patient healthcare data.
One way experienced cybersecurity professionals working in healthcare continue to grow their careers and validate their expertise is by obtaining the HCISPP certification from (ISC)2, which has been a mark of healthcare security and privacy proficiency since 2013.
In addition to academia, it will take a concerted effort by the healthcare industry and the government to effectively address increasing the pipeline of skilled workers.
In New America’s research paper Do No Harm 2.0, 17 actionable suggestions are proposed to solve the problems facing cybersecurity in the healthcare industry. The research paper suggests that cybersecurity measures be implemented at all levels. Government mandates, tax incentives and college scholarships will increase the pipeline of talented professionals into the industry. Holding hospital boards responsible for privacy and security will help to direct budget toward cybersecurity, enabling human resources departments to prioritize recruiting and retaining skilled hires.
As the industry continues to progress, (ISC)2 refreshed its own healthcare-focused cybersecurity certification, the HCISPP, on September 1. Enhancements made to the exam followed a rigorous methodical process to ensure its relevance to current cybersecurity needs and regulations in securing healthcare environments and data.
The bottom line is that the healthcare industry needs more cybersecurity professionals to protect patient healthcare data and privacy in this growing industry and many organizations are working to help make this a priority.