HHS: Healthcare Facing an Infosec Staffing Crisis
Talent is in such a short supply when it comes to hiring information security professionals, leaving nearly three out of four hospitals without a designated security person, according to a new report that the U.S. Department of Health and Human Services is expected to release later this month.
The situation gets worse for hospitals in smaller, less desired areas. Many of these hospitals are already facing financial hardships, but also struggle to keep a security person on staff due to their location, said Josh Corman, director of the Atlantic Council’s Cyber Statecraft Initiative.
Corman is part of the HHS’ Health Care Industry Cybersecurity Task Force. Created by the Cybersecurity Information Sharing Act of 2015, the team is tasked with analysing the state of healthcare security. He shared a few startling details contained in the soon-to-be published HHS report.
The problem is not unique to healthcare. Across the board, all sectors are facing a shortage of cybersecurity talent, a recent Information Systems Audit and Control Association report found. More than a quarter of all businesses take six months to fill the security role. The reason? The majority of those applying aren’t qualified.
“The entire industry lacks a talent pool: there just aren’t enough chief information security officers on the planet to fill all of the needed positions,” Corman pointed out. “And it’s just not affordable.”
In fact, small, medium and rural hospitals are often so strapped for funding that some organisations are lacking even a single IT person. And in some instances, nurse practitioners were designated as IT security officers.
“Some of these fill-in IT people were looking for a crash-course,” Corman explained. “Others had employees teaching themselves how to be in the position.”
Some hospital leaders have resorted to pooling resources with neighbouring institutions – i.e., they hire a security officer to share within the region or tap into a virtual CISO who serves multiple health entities.
“There’s a pretty big delta between what we’d expect organisations to have in place and what we’re finding,” Corman added. “Large hospitals tend to have the staff, but we’re trying to determine a healthy ratio of security staff to the size of the organisation.”
Source: Healthcare IT News
Image Credit: Pixabay
Published on : Tue, 23 May 2017