A Healthcare Security Mismatch

A Healthcare Security Mismatch

Richard Staynings
By Richard Staynings, Chief Security Strategist and Cybersecurity Evangelist

Healthcare has undergone a radical transformation to digitalization and interoperability but has yet to secure or staff its new delivery model.

Richard Staynings, Chief Security Strategist with Cylera kicks off the Southwest Executive Security Round-Table in Houston with a morning keynote on ‘Patient Safety in the Era of Healthcare IoT’. Photo: Stephen McCollum.

Healthcare has evolved over the past 100 years from providing palliative care for the sick and the dying, to today’s technology-intensive preventative model of health interventions. This evolution has vastly improved the human condition, enabling us to beat diseases that used to ravage families and communities leading to longer lives and better quality of life. But digitalization comes at a cost; electronic health records (PHI), PII, and medical research IP, is easily stolen by perpetrators from around the world.

Healthcare is under attack, principally from well-funded and highly motivated outlaw nation states and organized criminal gangs who outnumber cyber defenders 5 to 1.

"Its a big change from the script kiddies and hacktivists that we used to have to defend against ten or fifteen years ago," claimed Richard Staynings, Chief Security Strategist with Cylera, who opened the event.

"These are extremely well funded and equipped adversaries with military precision, intent on the theft of everything from western cancer research and clinical trials of new pharmaceuticals and medical procedures, to the PII and medical records of key individuals like VIPs, Presidents and Prime Ministers."

Challenges for the Healthcare Industry

Another presenter at the event, Dr. Leanne Field from The University of Texas at Austin, highlighted the 2019 HIMSS Cybersecurity Survey, and outlined the top barriers faced by hospitals to mitigate and remediate security incidents. These include too many emerging and new threats, a lack of personnel with the appropriate cybersecurity knowledge and expertise, and lack of financial resources. In fact, until very recently, cybersecurity was not a priority for healthcare delivery organizations. As a result, there is huge gap between current capabilities and where the industry should be, with a lot of catch-up and investment needed to bring security up to par.

Dr. Field went on to explain how there is now a major mismatch between supply and demand for healthcare cybersecurity staff. Most hospitals and other health delivery systems are scrambling to attract and retain top cybersecurity talent. The trouble is, healthcare cannot afford to pay the sort of salaries, stock, and bonuses that other industries like financial services can, and so it is at a competitive disadvantage. Protecting healthcare also requires a different skill set from other industries because of its highly regulated environment. This is in addition to the literal life-threatening consequences of poor cybersecurity in hospitals.

However, according to the the Frost and Sullivan and (ISC)2 2017 Global Information Security Workforce Study, there will be approximately 1.8m unfilled cybersecurity positions globally by 2022. This new landscape will be particularly challenging for healthcare to accommodate as the industry badly needs to boost its cybersecurity ranks with qualified individuals. In fact, the US Senate Cybersecurity Caucus led by Sen. Mark Warner (D. VA) recently expressed deep concern over healthcare cybersecurity workforce resource and skills shortages in a letter to all US health leaders, according to Dr. Field.

Emerging education programs at The University of Texas at Austin that focus specifically on healthcare cybersecurity are a start for addressing the skills imbalance, but with a steady escalation of attacks against the industry, the current gap between defenders and attackers is becoming ever wider.

Photo: Vladislav Babienko

"We are at a crossroads today in healthcare," said Staynings, "between old and new models of care but have yet to adjust to the reality of our new digital-integrated health model and what that means for patient safety and cybersecurity."

The pieces are slowly coming together but delays and difficulties in protecting our patients and healthcare institutions introduce massive levels of risk to 'life and limb' and to our healthcare provider businesses. These are risks that the industry cannot afford to take.

More information on graduate level healthcare cybersecurity programs at The University of Texas at Austin can be found at https://www.mccombs.utexas.edu/Digital-Healthcare/Healthcare-Privacy-and-Security.

For other questions, please contact Dr. Leanne Field directly via LinkedIn at https://www.linkedin.com/in/dr-leanne-field-87783023.

Read more blog articles from Cylera.


Get Updates

Sign up to receive the
latest news from Cylera.

window.lintrk('track', { conversion_id: 14567298 });