Hospitals lack staff needed to combat cyber attacks

Healthcare is the most cyber-attacked industry, and it needs to hire up.

electronic medical records doctor tablet stockimage
Credit: Wavebreakmedia / iStock

The cybersecurity workforce shortage -- which has 1 million job openings in 2016, and is projected to reach 1.5 million by 2019 -- is especially acute at hospitals and healthcare providers, according to one industry expert.

"Healthcare IT projects are being consumed with runaway EHR (electronic healthcare records) projects" says Bob Chaput, a healthcare information risk management and compliance expert, explaining the main reason he sees for the lack of qualified cyber staff at hospitals. "Secondarily, healthcare leadership has been slow to prioritize and fund cyber programs" adds Chaput, who is CEO at Clearwater Compliance, a cybersecurity firm with a specialty practice geared to helping healthcare CIOs and CISOs.

[ ALSO ON CSO: How identity management helps protect what ails patients ]

These assertions are particularly worrisome given that healthcare has become the most cyber attacked industry. "Healthcare information is more visible than ever, more valuable than ever, and simultaneously more vulnerable than any other type of sensitive information," says Chaput. As an industry we must move rapidly from treating the issue as a compliance issue and move to treating it as the patient safety issue it has become."

Ransomware plagued unprepared hospitals in 2016, and there's no sign of it slowing down. "Ransomware should serve to underscore that cyber risk management programs must transcend current specific technologies, threats, vulnerabilities and controls" says Chaput. "It's all about building and maturing a cyber risk management program."

Is there evidence that hospitals don't have enough personnel to evolve their cyber defenses to a higher level? "Our aggregated data from risk analyses of over a half-million healthcare organization risks in our work with over 400 organizations shows that basic administrative controls (e.g., dormant accounts and excessive user permissions) and basic technical controls (e.g., encryption and honeypots) are still missing in many healthcare organizations" says Chaput.

Will healthcare hacking become an epidemic in 2017? If hospitals don't get their cyber act together and staff up to the growing threatscape, then it surely will.

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Insider: Hacking the elections: myths and realities
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.