IT professionals in healthcare can face many unique challenges, below are the three biggest challenges of cybersecurity in healthcare.
Cybersecurity in healthcare IT is more difficult than other sectors. It requires a lot of data sharing with a lot of different people, more so than in other sectors. It exists on more different devices in more dispersed settings. The complexity and breadth of health IT systems have increased. There are complex and ever-evolving government standards that can be hard to understand, but must be complied with, and the data being dealt with has a high market value and a high negative impact on individuals if it becomes compromised.
All of these factors make healthcare cybersecurity more difficult. Health IT systems need to be flexible enough that all doctors, nurses, and other personnel have access to the data they need with minimal obstacles, but secure enough that the data does not get into the wrong hands.
The supply of skilled cybersecurity professionals has not kept pace with demand. Although the gap is present across all sectors, healthcare organizations have been hit harder by this gap. The demands of health IT are higher and meaningful use incentives have resulted in many healthcare organizations acquiring EHRs quickly, accelerating the demand for HIT professionals. Some healthcare organization’s locations are less than appealing since medical care is needed in all areas, even very rural ones. Health organizations often come up short salary-wise when they compete with hedge funds, technology companies, and consultants for IT professionals.
This gap in cybersecurity skills undermines security. Direct and measurable damage due to cybersecurity under-hiring could exceed 71%. The inability to fill IT positions can also cause medical organizations to leave IT projects on hold or scale back projects.
“A shortage of people with cybersecurity skills results in direct damage to companies, including the loss of proprietary data and intellectual property,” according to James Lewis at Intel.
Cybercrime attacks have gone up. Levels of cyber-criminal activity have risen independently, but impact healthcare more since the data is richer, so criminals can use it for more things, making it a sought after target. Most healthcare organizations experience monthly cyberattacks and about half experience an incident involving the loss or exposure of patient information every year. The most common security incidents are the exploitation of existing software vulnerabilities greater than three months old and web-borne malware attacks.
What can be done?
These three challenges do not exist in isolation. Each one of these challenges affects the others. If a healthcare organization has an understaffed IT department, maintaining a robust security system may be impossible. The increase in cybercrime means HIT systems must stay up-to-date to stay a step ahead of attackers.
Instead of luring IT professionals with higher salaries, some healthcare organizations instead try to recruit people seeking more socially meaningful work and drawing professionals who want more freedom in how they solve problems. They appeal to IT professionals by fostering an amiable workplace culture where workers are engaged and encouraged to contribute. Many healthcare organizations also look for medical professionals in-house who have an interest in IT and training them. These clinicians usually function in a help-desk functionality to help other users. However, most healthcare organizations do not have formal in-house training programs and clinicians who take on IT roles often do not have all of the required competencies.
If your healthcare organization is facing one of these challenges, CyberStreams can help. We are experienced professionals who have worked with other healthcare organizations and can help ensure your security is strong and HIPAA compliant.
Call (425) 274-1121 or email firstname.lastname@example.org today.