The healthcare industry is in need of IT security experts to help manage the fast-paced growth of technology in the field. With the implementation of electronic medical records (EMRs) and electronic health records (EHR), data analytics, wearables, and health-monitoring devices, healthcare facilities are scrambling to catch up with the demand for staff to manage and support these technological advances.
While technology is delivering more effective and streamlined healthcare, it also increases the need to focus on privacy and security.
[ ALSO ON CSO: Healthcare breaches need a cure for human errors ]
"EMR installations at U.S. hospitals, fueled by federal incentives, have been a major catalyst for IT job growth in healthcare. Many of our hospital and health system clients have seen their IT departments grow by 50 percent in the past few years," says Brad Elster, president of Healthcare IT Leaders.
The growing need for IT security in healthcare
As healthcare quickly adopts emerging technology, the need for employees to help manage the systems, software, and security has understandably grown. And after the string of high profile data breaches from the likes of Sony, Home Depot, and Target, businesses and healthcare facilities are starting to understand the importance of preventative security measures.
This is especially true as our health records move online and EMRs become the standard across healthcare facilities. Not to mention the increased number of third party vendors that have responded to the technological boom by creating applications, systems, and hardware to help hospitals manage the new technology, according to Elster.
Technology changes industries fast, and in healthcare, technology is changing it faster than workers can update their skillsets. "We're seeing a lot more medical devices being connected to the network, whether for maintenance reasons or for collecting data remotely, the networks becoming much more complicated than it was even 3 or 4 years ago," says Heather Roszkowski, MSIA, CISSP, Chief Information Security Officer at the University of Vermont Medical Center.
Privacy and security are important even with our standard messaging and email apps, but when it comes to our healthcare, patients expect it to be taken seriously. In order to avoid any security breaches or data leaks, hospitals need to start implementing preventative measures, rather than waiting for something to happen and then responding. But it's difficult considering the shortage of security professionals in healthcare, especially as healthcare facilities begin to understand the security needs of its own department outside of the umbrella of IT.
"Up until recent times we've primarily had that CISO role that has been the focus. Because when they first came out with the HIPAA security rule, somebody thought that information security only meant technical, and it didn't address it across the board," says Mac McMillan, CEO of CynergisTek, and current chair of the HIMSS Privacy and Security Policy Task Force, "they're just now getting around to the realization that just having good technical controls isn't going to protect you from having breaches."
Where are the IT security pros?
But there is a skills gap when it comes to finding IT and security professionals that are well versed and have the right background and experience, and healthcare isn't the only industry feeling the security pressure.
"It's a big need across all industries right now, and there's an absolute shortage of individuals that have the requisite skills and experience to contribute, and we see it in finance, retail, energy and healthcare," says McMillian.