Outsourcing: HIT Talent Shortage

The current infosec staffing crisis has led to hospitals' increasing reliance on service providers to help them with IT and data security operations.

“We’re about 500,000 security professionals short of the needed jobs,” according to Kurt Hagerman, CISO of security firm Armor. “There’s just not enough security professionals to go around.”

Amidst this massive shortage of infosec talent, outsourcing options such as managed security services providers (MSSPs), managed detection and response firms (MDRs), and virtual CISOs have gained a foothold in healthcare.

Like third-party managed services providers that tend to many of the day-to-day tactical details of dealing with IT, MSSPs do the same for data security, taking on responsibility for maintenance and upkeep and doing the monitoring and the tracking of issues as they emerge inside or outside of the organisation they are servicing.

MSSPs act as "security operations centre" for hospital partners. Round the clock, MSSPs are responsible for alerts and the first sign of an intrusion or potential exposure, says Christopher Ensey, chief operating officer at Dunbar Security Solutions, among other things a managed security service provider.

Healthcare has been lagging in IT security, and MSSPs are a way to add that competency quickly, Bill Ho, CEO of Biscom, a secure document and messaging systems company, points out.

The advantages in partnering with MSSPs are personnel steeped in the security space and able to keep abreast of the latest threats and concerns, and services that can be quickly scaled up or down as incidents appear and are resolved rather than adding permanent headcount, which is not only expensive but hard to find, says Ho.

While MSSPs handle cybersecurity broadly, MDR firms specialise in pinpointing security incidents and crafting an appropriate response. MDRs leverage both manual and automatic analysis to give organisations a better chance of defending systems against cyberthreats. Their services are tailored to meet the specific needs of each organisation.

Virtual chief information security officers are also becoming increasingly common in healthcare. The virtual or regional CISO typically brings both experience and certification with a background specific enough that it enables her or him to hit the ground running and make necessary recommendations. And it doesn’t hurt if they are part of a larger organisation.

“Virtual CISOs are assigned to a specific account, but that designated CISO can draw on anyone else in the company with whatever the organisation needs,” says Mac McMillan, CEO of CynergisTek, which offers virtual CISOs for hire. “They basically get the benefit of many CISOs – with just one.”

Source: Healthcare IT News
Image Credit: Pixabay