Healthcare has undergone a radical transformation to digitalization and interoperability but has yet to secure or staff its new delivery model.
The evolution of healthcare over the past 100 years from providing palliative care for the sick and the dying, to today’s technology-intensive preventative model of health interventions, has vastly improved the human condition, enabling us to beat diseases that used to ravage families and communities and to live longer and better than ever before. But digitalization has come at a cost, as electronic health records (PHI), PII, and medical research IP, is easily stolen by perpetrators from around the world.
Healthcare is under attack, principally from well-funded and highly motivated outlaw nation states and organized criminal gangs who outnumber cyber defenders 5 to 1. "Its a big change from the script kiddies and hacktivists that we used to have to defend against ten or fifteen years ago," claimed Richard Staynings, Chief Security Strategist with Cylera, who opened the event. "These are extremely well funded and equipped adversaries with military precision, intent on the theft of everything from western cancer research and clinical trials of new pharmaceuticals and medical procedures, to the PII and medical records of key individuals like VIPs, Presidents and Prime Ministers."
Dr. Leanne Field from The University of Texas at Austin who also presented at the event, went on to describe how there is now a major mismatch between supply and demand for healthcare cybersecurity staff. Most hospitals and other health delivery systems are scrambling to attract and retain top cybersecurity talent. The trouble is, that healthcare cannot afford to pay the sort of salaries, stock, and bonuses that other industries like financial services can, and so is at a competitive disadvantage. Protecting healthcare also requires a different skill set from other industries because it is highly regulated and because of the life-threatening patient safety implications of poor cybersecurity in hospitals.
Highlighting the 2019 HIMSS Cybersecurity Survey, Dr. Field outlined the top barriers faced by hospitals to mitigate and remediate security incidents. These include too many emerging and new threats, a lack of personnel with the appropriate cybersecurity knowledge and expertise, and lack of financial resources. In fact, until very recently, cybersecurity was not a priority for healthcare delivery organizations and so there is huge gap between current capabilities and where the industry should be, with a lot of catch-up and investment needed to bring security up to par.
However, according to the the Frost and Sullivan and (ISC)2 2017 Global Information Security Workforce Study by 2022 there will be approximately 1.8m unfilled cybersecurity positions globally. This looks particularly challenging for healthcare which badly needs to boost its cybersecurity ranks. In fact, the US Senate Cybersecurity Caucus led by Sen. Mark Warner (D. VA) recently expressed deep concern over healthcare cybersecurity workforce resource and sills shortages in a letter to all US health leaders, according to Dr. Field.
Emerging education programs at The University of Texas at Austin that focus specifically on healthcare cybersecurity may eventually help to address the skills imbalance, but with a steady escalation of attacks against the industry, the current gap between defenders and attackers is getting wider each year.
"We are at a crossroads today in healthcare," said Staynings, "between old and new models of care but have yet to adjust to the reality of our new digital-integrated health model and what that means for patient safety and cybersecurity." The pieces are slowly coming together but delays and difficulties in protecting our patients and healthcare institutions introduce massive levels of risk to 'life and limb' and to our healthcare provider businesses. Risks that the industry cannot afford to take.
For more information on how to protect and secure your healthcare environment please contact us.
More information on graduate level healthcare cybersecurity programs at The University of Texas at Austin can be found at https://www.mccombs.utexas.edu/Digital-Healthcare/Healthcare-Privacy-and-Security. For questions please contact Dr. Leanne Field directly via Linkedin at https://www.linkedin.com/in/dr-leanne-field-87783023.