The healthcare industry is in need of IT security experts to help manage the fast-paced growth of technology in the field. With the implementation of electronic medical records (EMRs) and electronic health records (EHR), data analytics, wearables, and health-monitoring devices, healthcare facilities are scrambling to catch up with the demand for staff to manage and support these technological advances.
While technology is delivering more effective and streamlined healthcare, it also increases the need to focus on privacy and security.
"EMR installations at U.S. hospitals, fueled by federal incentives, have been a major catalyst for IT job growth in healthcare. Many of our hospital and health system clients have seen their IT departments grow by 50 percent in the past few years," says Brad Elster, president of Healthcare IT Leaders.
The growing need for IT security in healthcare
As healthcare quickly adopts emerging technology, the need for employees to help manage the systems, software, and security has understandably grown. And after the string of high profile data breaches from the likes of Sony, Home Depot, and Target, businesses and healthcare facilities are starting to understand the importance of preventative security measures.
This is especially true as our health records move online and EMRs become the standard across healthcare facilities. Not to mention the increased number of third party vendors that have responded to the technological boom by creating applications, systems, and hardware to help hospitals manage the new technology, according to Elster.
Technology changes industries fast, and in healthcare, technology is changing it faster than workers can update their skillsets. "We're seeing a lot more medical devices being connected to the network, whether for maintenance reasons or for collecting data remotely, the networks becoming much more complicated than it was even 3 or 4 years ago," says Heather Roszkowski, MSIA, CISSP, Chief Information Security Officer at the University of Vermont Medical Center.
Privacy and security are important even with our standard messaging and email apps, but when it comes to our healthcare, patients expect it to be taken seriously. In order to avoid any security breaches or data leaks, hospitals need to start implementing preventative measures, rather than waiting for something to happen and then responding. But it's difficult considering the shortage of security professionals in healthcare, especially as healthcare facilities begin to understand the security needs of its own department outside of the umbrella of IT.
"Up until recent times we've primarily had that CISO role that has been the focus. Because when they first came out with the HIPAA security rule, somebody thought that information security only meant technical, and it didn't address it across the board," says Mac McMillan, CEO of CynergisTek, and current chair of the HIMSS Privacy and Security Policy Task Force, "they're just now getting around to the realization that just having good technical controls isn't going to protect you from having breaches."
Where are the IT security pros?
But there is a skills gap when it comes to finding IT and security professionals that are well versed and have the right background and experience, and healthcare isn't the only industry feeling the security pressure.
"It's a big need across all industries right now, and there's an absolute shortage of individuals that have the requisite skills and experience to contribute, and we see it in finance, retail, energy and healthcare," says McMillian.
One major issue is that the technology moves faster than we can educate and prepare workers for the changes. McMillian points out that healthcare technology has moved into people's homes, it's not just in healthcare facilities. Patients have personal healthcare wearables, or healthcare devices to help manage everything from basic lifestyle changes to diseases.
And for much of this technology, we just don't have a clear picture of how to manage potential threats yet. Therefore, says McMillian, not only do current IT security professionals need to figure out solid solutions to help protect patients and data, they then need to teach it to new members of the staff.
And while colleges and universities have stepped up and started diversifying their technology degrees to include more specialized fields, it isn't an instant fix by any means. Roszkowski sits on the board for colleges and universities in her area, and has seen how it can take a while for changes in education to reap real world benefits. "One of the challenges that [colleges and universities] are experiencing is that it takes three years to change the curriculum, so they can identify changes now but they typically have to implement it for the next incoming freshman class," says Roszkowski.
How can you expand your IT security experience?
Even though there are more specialized degree programs popping up that help prepare the next generation of IT professionals for a focused career path, hospitals still need to wait for them to gain the right experience. That is one thing each expert emphasizes, that it's not so much about having a background in healthcare, but you need a willingness to gain the experience necessary to succeed as an IT security professional in this industry.
"The jobs are definitely there if grads are willing to take entry-level positions with employers who can give them healthcare industry experience and additional training," says Elster.
Roszkowski notes the importance of internships and gaining real world experience, especially while you are in school. And if you're out of school, try taking on side projects or expanding your experience at work. However, you don't necessarily need the healthcare background to get into healthcare security.
Elster also emphasizes that the best thing you can do if you want to move into healthcare as an IT security professional is keep your skills current, network, cultivate powerful references, and demonstrate a proven successful track record.
One thing is for sure, if you do decide to move into IT security in healthcare -- or any industry it seems -- you will not find a shortage of available jobs. "If you're in IT security today, or if you want to get into it security today, you're not going to have to worry about a job probably for the next three decades as long as you're good at what you do," says McMillian.