Employment for IT security professionals is at an all-time high. Information Security Media Group reports on the woes of organizations trying to fill key security roles: Demand is growing, but supply is limited. This shortage is even more apparent for healthcare organizations, as many are undergoing major initiatives to provide digitized healthcare information and processes.
A good indication of this demand is the rise of information security analysts from 44,750 in Q2 2012 to 48,500 in Q3. In addition, a 2012 survey from the College of Healthcare Information Management Executives (CHIME) found that 67% of respondents were experiencing IT staffing shortages. With such pressure to fill information security roles across all verticals, healthcare leaders have indicated that retention of IT staff is a top concern.
The Office of the National Coordinator (ONC) and the Health IT Workforce Development Program were created to supply healthcare organizations with IT workers ready to assist them with the move to EHR systems and digitized healthcare. To-date, the outcome of these programs has not been very successful in providing potential employees with the skill sets that healthcare organizations need. 68% of respondents in the CHIME survey were aware of this program, yet only 12% have hired HIT graduates. This shortage in IT staff is affecting leadership roles as well. Only 59% of organizations have dedicated CISO’s in place, as indicated from the 2012 survey from Health Information Security Today.
So where does this leave healthcare? In short, very exposed.
Not only are healthcare environments the most heterogeneous of any industry, but healthcare IT systems are in constant use and can directly impact the quality of patient care. If these systems become unavailable or compromised, it could mean dire consequences for healthcare organizations and patients alike. Threats, vulnerabilities, risk and compliance concerns specific to the healthcare industry must be addressed, and they can be addressed through an optimized security strategy.
The best method of coping is by focusing on what’s most at risk to optimize security management. This requires more than just antivirus and firewall capabilities within these organizations. IT workers can no longer make careers by only providing traditional security tasks like patching and vulnerability management. In order to advance without burnout, they must utilize advanced security technologies that monitor and measure risk, increasing productivity with limited resources and ultimately making security more meaningful for the organization.
Developing the skills and knowledge needed to be an effective information security analyst takes more than a certificate. Soft skills, like knowing how to align security goals with business objectives and how to make HIPAA compliance sustainable, are equally invaluable. In organizations where staff is short and security leaders are few, optimized security can make a world of difference and help give your current security analysts the right tools for the job. Down the line, organizations that don’t provide might find themselves with even greater staffing woes.
Do you agree? Leave your thoughts on this topic in the comments below, and be sure to follow @IntelSec_Biz on Twitter for the latest updates on industry news and events.