The lack of qualified cybersecurity professionals is still on ongoing problem for many companies. For 55% of businesses, it takes over three months to fill a cybersecurity position and as many as a quarter of cybersecurity positions remain unfulfilled. Only 33% of open security positions get over 10 applicants, often with only a quarter of the applicants actually being qualified for the job.
Although this cybersecurity gap is present across all sectors, healthcare organizations are arguably hit the hardest. Health IT jobs are projected to increase from 15% to 37% by 2020. Cybersecurity jobs already require significant education and experience, but the demands of health IT jobs go beyond that since knowledge of ever-evolving standards like HIPAA, the HITECH Act, and PCI DSS are often also required. The demands of health IT are higher and health IT systems are more complex.
Meanwhile, the demand for HIT professionals in health organizations has accelerated quickly due to the government’s meaningful use incentives and increased financial penalties on healthcare organizations in breach of HIPAA. Many healthcare organizations acquired EHRs in a short amount of time and they need cybersecurity professionals to keep them running smoothly.
Competing for cybersecurity professionals can be difficult for healthcare organizations as well. Healthcare organizations, especially smaller ones or non-profits, often come up short salary-wise when they compete with hedge funds, technology companies, and consultants for IT professionals. For IT directors, the gap between a job in healthcare versus other industries can range from $12,000 to $31,000. Cybersecurity professionals also tend to congregate in more urban areas of the country, but medical care is needed in all areas, even very rural ones, which can make some healthcare organizations’ jobs less than appealing.
“Healthcare’s not going to win a bidding war with anybody,” said Dr. Nicholas Marko, the chief data officer at Geisinger Health System.
Ultimately, this gap in cybersecurity skills undermines security. Direct and measurable damage due to cybersecurity under hiring could exceed 71%. The inability to fill IT positions can also cause medical organizations to leave IT projects on hold or scale back projects. Healthcare organizations are sought after targets for cyber-criminals since the most valuable kind of information on black markets is medical information, so it is even more important for them to have robust and up-to-date security systems in place. Cyberattacks are becoming so common that organizations can no longer expect to prevent every attack, they must be ready to endure and continue operations. “A shortage of people with cybersecurity skills results in direct damage to companies, including the loss of proprietary data and intellectual property,” said James Lewis at Intel.
What can be done?
Instead of luring IT professionals with higher salaries, some healthcare organizations instead try to recruit people seeking more socially meaningful work by appealing to their desire to help people. Recruiting professionals who want more freedom in how they solve problems can help healthcare organizations compete since some people may feel constrained by more limited, technical work at larger companies. They appeal to IT professionals by fostering an amiable workplace culture where workers are engaged and encouraged to contribute.
Many healthcare organizations also look to train medical professionals in-house who have an interest in IT. These clinicians usually function in a help-desk functionality to help other users. However, most healthcare organizations do not have formal in-house training programs and clinicians who take on IT roles often do not have all of the required competencies. More could be done to expand opportunities for career development and advancement in health IT and train IT workers from outside of healthcare for jobs in the healthcare industry.
The National Initiative for Cybersecurity Education (NICE), a partnership between government, academia, and the private sector, is working on bridging the gap between the lack of cybersecurity professionals and jobs across all sectors. The cybersecurity field contains a wide range of jobs, not all of which require four or even two-year degrees. They are working on building high quality, sub-baccalaureate certificates of one year or more that will train people for the specific, hands-on technical skills needed for some cybersecurity jobs. More certificates like this can get the people with the cybersecurity skills needed into the job market without them having to devote as much time or resources as to a two or four-year degree. NICE is endeavoring to accelerate the availability of educational and training resources to improve cyber behavior, skills, and knowledge.
If your healthcare organization is facing a lack of cybersecurity professionals, CyberStreams can help. We are experienced professionals who have worked with other healthcare organizations and can help ensure your security is strong and HIPAA compliant. Call (425) 274-1121 or email firstname.lastname@example.org today.