October is Cybersecurity Awareness Month, follow the conversation and do your part #BeCyberSmart.
Follow us this month as we engage our health IT community in cybersecurity awareness.
Week 3 of Cybersecurity Awareness Month will highlight the Cybersecurity Career Awareness Week led by National Initiative for Cybersecurity Education (NICE). This is a week-long campaign that inspires and promotes the exploration of cybersecurity careers. Whether it’s students, veterans, or those seeking a career change, the dynamic field of cybersecurity is rapidly growing and has something for everyone.
Cybersecurity Career Awareness Week is a week-long campaign to call attention to the contributions to society and innovations that cybersecurity practitioners make. It is a time to build awareness about the wide range of cybersecurity job opportunities, how cybersecurity plays a vital role in global society and showcase how building a global workforce enhances each nation’s security and promotes economic prosperity.
We have asked our experts to comment on this week. And remember to check out our Talent Tuesday posts for who is hiring, who has been hired, and career advise.
Information drives everything today – innovation, commerce and industry. Information Governance (IG) is a recently formed field that specifies decision rights and an accountability framework to ensure appropriate behavior in the creation, storage, use, archiving, deletion and valuation of an organization’s information. IG programs educate everyone in the company about the importance of ‘governing’ the information that drives company operations. Telehealth companies, in particular, have a great responsibility to ensure the personal information shared by patients using mobile devices to communicate with healthcare providers stays safe. Healthcare IT professionals have a professional obligation to protect patient data throughout the entire healthcare services workflow. IG programs ensure that patient data is handled responsibly.
David Finn, Vice President, College of Healthcare Information Management Executives (CHIME)
In the United States alone, there is a shortage of 359,000 Cybersecurity professionals, internationally that number climbs to over 3 million. The shortage of workers is just one part of a very serious problem facing the cybersecurity sector. Another factor is “cybersecurity workforce development,” which is just a fancy way of suggesting that skills can be improved. This is all exacerbated in the healthcare sector due to many factors including underspending, understaffing and a general lack of focus on security, which puts security behind other sectors in terms of resources and support for security.
It all boils down to awareness, training and communication. Awareness comes into play because you can’t protect what you can’t see and you can’t defend against attacks you don’t know about. You have to be aware of your current cyber posture to best prepare for and proactively defend against attacks. Training involves being well versed in emerging threats through continuous cybersecurity training. It’s critical in closing the gap between nontechnical users and technical attackers. Thus, continuous reminders and formal training with occasional phishing exercises and other tools to make sure that employees are aware of their individual responsibilities in securing the organization, is paramount. Lastly is communication. Having a rapid response system in place for when security incidents occur is critical, because they’re inevitably going to happen. Security resilience will be measured by how quickly teams respond both to the threat or incident; and how it is communicated to employees and externally impacted audiences.
Cybersecurity requires an ability to balance security with enabling a business to operate. Whether it’s healthcare or any other industry, individuals need to be able to share information, some of which is highly confidential or, in the case of patient data, explicitly protected information. If a provider organization takes a heavy-handed approach to data security, it may inhibit care coordination activities in a way that could endanger the patient. If it’s too lax, however, patient data can be exposed. Cybersecurity is not an easy job, but if one can endure criticism and being second-guessed, it could be an ideal career.
Besides being able to handle pressure, cybersecurity professionals need to understand at the highest level how communication and activities are done in an internet-based world, which speaks to the different protocols for communication as well as network-based applications. They also should understand credentialing in multi-tiered access environments. This is particularly important as healthcare continues to transition toward a value-based care model in which provider and payer organizations will be exchanging data with community-based organizations and other healthcare stakeholders.
There are so many considerations for cybersecurity pros, from the top of the stack to the bottom. They need to understand business processes and workflows, how data is accessed, and the finer points of the technologies being deployed across the network. In addition, cybersecurity pros need to take responsibility for security in their cloud-based environments.
Most healthcare providers have realized the importance of cybersecurity; however, many have yet to commit to educating themselves and building a strategy around protecting their patients’ data – until recently. In fact, from 2020 to 2025, healthcare cybersecurity will grow 15% year-over-year, meaning there is ample room for career growth within the field. Cybersecurity is an industry that heavily relies on diverse individuals coming together to bring innovative ideas to fruition. There is no “one size fits all” mentality because each persons’ unique experiences and creative problem-solving is what drives new solutions each day, which is what we must rely on to help healthcare providers in their ongoing efforts to protect patient data.
Today, we are seeing more cyber threats than ever causing harm to businesses of all types. It is no longer a question of if an attack will happen, but rather how often. Research shows that ransomware attacks are estimated to occur every 11 seconds, costing at least $20B a year. With these numbers escalating and as organizations across industries, especially healthcare, continue their digital transformations, the need for cybersecurity professionals to help detect and respond to these ongoing threats has never been stronger. To put it simply, cybersecurity is an expansive field and full of opportunity to grow, regardless of your point of entry. There are an infinite combination of paths leading to and exploring within cyber. From strategy and visioning to technical design and configuration – these paths are all full of enriching and endless possibilities. As the world continues to digitize – we need more curious and explorative practitioners to help protect it.
The average cost of a data breach today is $4.24M, and the stakes for managing and protecting data is higher than ever, with news about cyber breaches, ransomware, and related threats being a daily occurrence. In fact, every year since 2013, the US Intelligence Community has ranked cybersecurity the number one threat facing the nation in its annual global threat assessment — only in 2021, at the height of a global pandemic, did the flawed state of our collective information security lose its top spot. In addition, with cloud data platforms becoming the most common way for companies to store and access data from anywhere, questions about the cloud’s security have been top of mind for leaders in every industry.
As a result, businesses large and small, as well as the public sector, are working feverishly to guard against cyber threats, and tech careers, particularly in the cyber and data analytics fields, are in greater demand than ever before.
As the need to protect sensitive data and safeguard against cyber threats continues to grow, it creates exciting opportunities to establish and nurture a career in the cybersecurity and data access control industries.
Don’t Miss our Cybersecurity Virtual Panel Discussion on October 26 at 1pm ET
It has been six years since our first panel discussion addressing the growing and alarming rise of cybersecurity threats to healthcare. In the ensuing years, data breaches and ransomware attacks continue to plague the industry. In fact, through double extortion, the two attacks are often combined.
The COVID-19 pandemic and the increased usage of telehealth and connected personal and medical devices have led to an exponential volume of incidents, enticing more malicious actors and more sophisticated attacks. And while technology advancements in Cloud, IoT, and 5G offer organizations the chance to modernize their IT infrastructure, cybersecurity threats are advancing on parallel lines as digital healthcare evolves.
On this year’s panel discussion, our experts from around the industry will discuss the challenges healthcare organizations face, what the future may hold, and what can be done to fortify security protocols and guardrails to minimize risk.
Moderator David Harlow, Esq.
Host of Harlow on Healthcare
- Heather Randall, PhD, Chief Compliance Officer, Sphere
- David Finn, Vice President, College of Healthcare Information Management Executives (CHIME)
- Parham Eftekhari, Founder & Chairman, Institute for Critical Infrastructure Technology (ICIT)
- Vikrant Arora, VP & Chief Information Security Officer, Hospital for Special Surgery