A Healthcare Security Mismatch

Healthcare has undergone a radical transformation to digitalization and interoperability but has yet to secure or staff its new delivery model.

Richard Staynings keynotes the Healthcare Innovation Cybersecurity Round Table in Houston 2019
Richard Staynings, Chief Security Strategist with Cylera kicks off the Southwest Executive Security Round-Table in Houston with a morning keynote on ‘Patient Safety in the Era of Healthcare IoT’. Photo: Stephen McCollum.

The evolution of healthcare over the past 100 years from providing palliative care for the sick and the dying to today’s technology-intensive preventative model of health interventions has vastly improved the human condition, enabling us to beat diseases that used to ravage families and communities and to live longer and better than ever before. But digitalization has come at a cost as electronic health records (PHI), PII, and medical research IP, is easily stolen by perpetrators from around the world.

Healthcare is under attack, principally from well-funded and highly motivated outlaw nation states and organized criminal gangs who outnumber cyber defenders 5 to 1. "Its a big change from the script kiddies and hacktivists that we used to have to defend against ten or fifteen years ago," claimed Richard Staynings, who opened the day's events in Houston. "These are extremely well funded and equipped adversaries with military precision, intent on the theft of everything from western cancer research and clinical trials of new pharmaceuticals and medical procedures, to the PII and medical records of key individuals like VIPs, Presidents, and Prime Ministers."

Dr. Leanne Field from The University of Texas at Austin who also presented at the event, went on to describe how there is now a major mismatch between supply and demand for healthcare cybersecurity staff. Most hospitals and other health delivery systems are scrambling to attract and retain top cybersecurity talent. The trouble is, that healthcare cannot afford to pay the sort of salaries, stock, and bonuses that other industries like financial services can, and so is at a competitive disadvantage. Protecting healthcare also requires a different skill set from other industries because it is highly regulated and because of the life-threatening patient safety implications of poor cybersecurity in hospitals.

Highlighting the 2019 HIMSS Cybersecurity Survey Dr. Field outlined the top barriers faced by hospitals to mitigate and remediate security incidents. These include too many emerging and new threats, a lack of personnel with the appropriate cybersecurity knowledge and expertise, and lack of financial resources. In fact, until very recently, cybersecurity was not a priority for healthcare delivery organizations and so there is huge gap between current capabilities and where the industry should be, with a lot of catch-up and investment needed to bring security up to par.

However, according to the the Frost and Sullivan and (ISC)2 2017 Global Information Security Workforce Study by 2022 there will be approximately 1.8m unfilled cybersecurity positions globally. This looks particularly challenging for healthcare which badly needs to boost its cybersecurity ranks. In fact, the US Senate Cybersecurity Caucus led by Sen. Mark Warner (D. VA) recently expressed deep concern over healthcare cybersecurity workforce resource and sills shortages in a letter to all US health leaders, according to Dr. Field.

Emerging education programs at The University of Texas at Austin that focus specifically on healthcare cybersecurity may eventually help to address the skills imbalance, but with a steady escalation of attacks against the industry, the current gap between defenders and attackers is getting wider each year.

healthcare is at a crossroads
Healthcare is at a crossroads. Photo: Vladislav Babienko

"We are at a crossroads today in healthcare," said Staynings, "between old and new models of care but have yet to adjust to the reality of our new digital-integrated health model and what that means for patient safety and cybersecurity." The pieces are slowly conning together but delays and difficulties in protecting our patients and healthcare institutions introduce massive levels of risk. Risks that the industry cannot afford to take.

More information can be found here on graduate level healthcare cybersecurity programs at The University of Texas at Austin, or Dr. Leanne Field can be contacted via LinkedIn for questions https://www.linkedin.com/in/dr-leanne-field-87783023 or via The University of Texas at Austin at https://www.utexas.edu/

Subscribe to our periodic posts via email to periodic new posts so you don't miss them.

Original stories and articles may be republished without charge provided that attribution is provided to the source and author. Articles written for, and published first elsewhere, are subject to the republishing terms and conditions of the host site.