Skip to main content
Sister Publication Links
  • ESG: THE NEW IMPERATIVE
Subscribe
  • My Account
  • Login
  • Subscribe
  • News
    • Current News
    • COVID-19
    • Providers
    • Insurance
    • Government
    • Finance
    • Technology
    • Safety & Quality
    • Transformation
    • People
    • Regional News
    • Digital Edition (Web Version)
    • Patients
    • Operations
    • Care Delivery
    • Payment
    • Midwest
    • Northeast
    • South
    • West
  • Digital Health
  • Insights
    • ACA 10 Years After
    • Best Practices
    • Special Reports
    • Innovations
  • Data/Lists
    • Rankings/Lists
    • Interactive Databases
    • Data Points
  • Op-Ed
    • Bold Moves
    • Breaking Bias
    • Commentaries
    • Letters
    • Vital Signs Blog
    • From the Editor
  • Awards
    • Nominate/Eligibility
    • 100 Most Influential People
    • 50 Most Influential Clinical Executives
    • Best Places to Work in Healthcare
    • Excellence in Governance
    • Health Care Hall of Fame
    • Healthcare Marketing Impact Awards
    • Top 25 Emerging Leaders
    • Top 25 Innovators
    • Diversity in Healthcare
    • Women in Healthcare
    • - Luminaries
    • - Top 25 Diversity Leaders
    • - Leaders to Watch
    • - Luminaries
    • - Top 25 Women Leaders
    • - Women to Watch
  • Events
    • Conferences
    • Galas
    • Virtual Briefings
    • Webinars
    • Custom Media Event: ESG Summit
    • Transformation Summit
    • Women Leaders in Healthcare Conference
    • Social Determinants of Health Symposium
    • Leadership Symposium
    • Health Care Hall of Fame Gala
    • Top 25 Women Leaders Gala
    • Best Places to Work Awards Gala
    • Top 25 Diversity Leaders Gala
    • - Hospital of the Future
    • - Value Based Care
    • - Supply Chain Revenue Cycle
    • - Hospital at Home
    • - Workplace of the Future
    • - Strategic Marketing
    • - Virtual Health
  • Listen
    • Podcast - Next Up
    • Podcast - Beyond the Byline
    • Sponsored Podcast - Healthcare Insider
    • Video Series - The Check Up
    • Sponsored Video Series - One on One
  • MORE +
    • Advertise
    • Media Kit
    • Newsletters
    • Jobs
    • People on the Move
    • Reprints & Licensing
MENU
Breadcrumb
  1. Home
  2. Technology
October 24, 2015 01:00 AM

Healthcare struggles to recruit top cybersecurity pros

Joseph Conn
  • Tweet
  • Share
  • Share
  • Email
  • More
    Reprints Print

    Michael Minear, chief information officer of UC Davis Medical Center in Sacramento, Calif., has a talented security staff, and as a result, has suffered some consequences.

    “We had a team of five, and two of them got poached,” Minear said. “It took a year and a half to replace those two.” That's not an unusual experience.

    The market for cybersecurity workers is red hot and that's putting heat on the healthcare industry, which has lagged other industries in information-technology spending.

    But after a spate of massive cybersecurity attacks this year, the industry is scrambling to shore up its defenses. Its efforts, however, are hampered by stiffening competition for experienced cybersecurity professionals.

    “There is infinite demand” for experienced cybersecurity workers across many industries, said Dan Inbar, chairman of Homeland Security Research Corp., a Washington, D.C., consulting firm. “The supply is 10% of the demand—from the Defense Department to banks to cybersecurity companies.”

    Minear

    As a result, cybersecurity professionals are fetching a 9% pay premium over other IT workers, according to Burning Glass Technologies, a Boston-based human resources technology and support services provider.

    According to Burning Glass, there were nearly 50,000 job postings in 2014 for workers with a Certified Information Systems Security Profession (CISSP) designation, the primary credential in cybersecurity work, which requires a minimum of four to five years of field experience. But the number of openings represents three-fourths of all cyber pros with a CISSP designation, even though globally the number of CISSP designees has nearly doubled since 2010.

    “Saying you're going to fill those 50,000 jobs playing musical chairs with 65,000 people doesn't really work,” said Burning Glass CEO Matt Sigelman. Those CISSP jobs pay an average of $93,000 a year and carry an $18,000 premium over entry-level security positions that require the basic credential, Sigelman said. Healthcare cybersecurity specialists need to be familiar with technology as well as the federal Health Insurance Portability and Accountability Act, making an already-rare set of job skills even more scarce, Sigelman said.

    MH Takeaways

    The healthcare industry is creating ways to keep an eye on valuable personal and medical records as it struggles to hire cybersecurity personnel.

    Cybersecurity job postings are up 91% since 2010, with 238,000 such jobs listed in 2014, including 7,915 in healthcare and social assistance organizations, such as drug and alcohol abuse clinics, Sigelman said.

    Healthcare is one of the industries showing the greatest growth in cybersecurity job openings. (See chart.)

    The demand is, in part, a reaction. According to the official “wall of shame” federal website, since September 2009, there have been 1,345 breaches reported in which 500 or more patient records were involved. A total of 153.9 million health records have been exposed. That number approaches half of the U.S. population.

    Four out of the five largest breaches on the list were hacks, all of which occurred in 2015, accounting for 75% of all records exposed. The largest hack was reported by Anthem and involved a whopping 78 million records that affected not only members, but through reciprocal payment agreements, some members of every other Blues plan in the country as well.

    For educators and trainers in cybersecurity, that means business is booming.

    Publicly funded University of Maryland University College, an outgrowth of the University of Maryland, claims more than 8,000 students have enrolled in its 13 cybersecurity programs at the certificate, undergraduate and master's degree levels. Of those, 4,500 students have graduated since the program started in 2011, said Robert Ludwig, assistant vice president of media relations for the college.

    Last year was the first year they've actually seen graduates go out in the market, Ludwig said, but it's been tricky keeping track of where they're headed. He said an alumni roster of 2,000 graduates shows only about 2% seem to be employed in jobs that are clearly healthcare-related.

    Minear says the breaches have upped the ante.

    “I work in healthcare, but now I feel I work at the NSA,” he joked, referring to the National Security Agency, the top-secret Defense Department agency that specializes in cracking codes and electronic spying.

    After reading a 2008 article about a breach involving unencrypted backup tapes of records at another university healthcare organization with “a very good CIO,” Minear started on a path to “encrypt everything,” from data in motion to data at rest.

    “We've invested about $11 million in security technology over that six or seven years, and in our security plan, we have to spend $4 million to $8 million more,” Minear said.

    That funding will include combining cybersecurity monitoring operations at UC Davis and other UC Health campuses. The plan is to create a security operations center.

    SOCs, as they are called, enable cybersecurity personnel to watch over a number of organizations, just as teleradiology allows a single radiologist to perform imaging reads for multiple hospitals. This cuts costs and creates efficiencies, security experts say.

    Matt Eversole, chief operating officer of information technology at 23-hospital Mercy Health, said his health system is exploring a SOC.

    He expects in the next two years the system will need to double its cybersecurity workforce from 17 to 34.

    Eversole said his system, based in Cincinnati, recently lost its chief information security officer, who resigned to become a consultant.

    “It took me three months to recruit a replacement,” but that was about the time expected for a position of that level, he said. And the pay was within range.

    “We did pay higher, but not much higher,” he said.

    Letter
    to the
    Editor

    Send us a letter

    Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.

    Recommended for You
    data centers  - Microsoft - technology
    Hospitals retrain data center employees amid shift to the cloud
    hospital staffing-main_i.png
    Hospitals are suffering from worker shortages. Can technology fill the gaps?
    Sponsored Content
    Health IT Strategist (HITS) Newsletter: Sign up for the latest IT and medical technology news delivered 3 days a week (M, W, F).
     
    Get Newsletters

    Sign up for enewsletters and alerts to receive breaking news and in-depth coverage of healthcare events and trends, as they happen, right to your inbox.

    Subscribe Today
    MH Magazine Cover

    MH magazine offers content that sheds light on healthcare leaders’ complex choices and touch points—from strategy, governance, leadership development and finance to operations, clinical care, and marketing.

    Subscribe
    Connect with Us
    • LinkedIn
    • Twitter
    • Facebook
    • RSS

    Our Mission

    Modern Healthcare empowers industry leaders to succeed by providing unbiased reporting of the news, insights, analysis and data.

    Contact Us

    (877) 812-1581

    Email us

     

    Resources
    • Contact Us
    • Advertise with Us
    • Ad Choices Ad Choices
    • Sitemap
    Editorial Dept
    • Submission Guidelines
    • Code of Ethics
    • Awards
    • About Us
    Legal
    • Terms and Conditions
    • Privacy Policy
    • Privacy Request
    Modern Healthcare
    Copyright © 1996-2022. Crain Communications, Inc. All Rights Reserved.
    • News
      • Current News
      • COVID-19
      • Providers
      • Insurance
      • Government
      • Finance
      • Technology
      • Safety & Quality
      • Transformation
        • Patients
        • Operations
        • Care Delivery
        • Payment
      • People
      • Regional News
        • Midwest
        • Northeast
        • South
        • West
      • Digital Edition (Web Version)
    • Digital Health
    • Insights
      • ACA 10 Years After
      • Best Practices
      • Special Reports
      • Innovations
    • Data/Lists
      • Rankings/Lists
      • Interactive Databases
      • Data Points
    • Op-Ed
      • Bold Moves
      • Breaking Bias
      • Commentaries
      • Letters
      • Vital Signs Blog
      • From the Editor
    • Awards
      • Nominate/Eligibility
      • 100 Most Influential People
      • 50 Most Influential Clinical Executives
      • Best Places to Work in Healthcare
      • Excellence in Governance
      • Health Care Hall of Fame
      • Healthcare Marketing Impact Awards
      • Top 25 Emerging Leaders
      • Top 25 Innovators
      • Diversity in Healthcare
        • - Luminaries
        • - Top 25 Diversity Leaders
        • - Leaders to Watch
      • Women in Healthcare
        • - Luminaries
        • - Top 25 Women Leaders
        • - Women to Watch
    • Events
      • Conferences
        • Transformation Summit
        • Women Leaders in Healthcare Conference
        • Social Determinants of Health Symposium
        • Leadership Symposium
      • Galas
        • Health Care Hall of Fame Gala
        • Top 25 Women Leaders Gala
        • Best Places to Work Awards Gala
        • Top 25 Diversity Leaders Gala
      • Virtual Briefings
        • - Hospital of the Future
        • - Value Based Care
        • - Supply Chain Revenue Cycle
        • - Hospital at Home
        • - Workplace of the Future
        • - Strategic Marketing
        • - Virtual Health
      • Webinars
      • Custom Media Event: ESG Summit
    • Listen
      • Podcast - Next Up
      • Podcast - Beyond the Byline
      • Sponsored Podcast - Healthcare Insider
      • Video Series - The Check Up
      • Sponsored Video Series - One on One
    • MORE +
      • Advertise
      • Media Kit
      • Newsletters
      • Jobs
      • People on the Move
      • Reprints & Licensing