The Role of Cybersecurity in Healthcare and Hospitals
Cybersecurity is one of the most vital concerns for healthcare organizations around the globe. Hospitals and other care facilities are working harder to protect patients’ privacy as cyber attacks and patient data breaches become more common. In 2019, some 510 healthcare data breaches consisting of 500 or more compromised records were reported in the U.S., up 196% from 2018, according to the HIPAA Journal.
If a health organization’s information systems are left unprotected, cyber crimes could endanger patients and create profound operational, financial, and regulatory challenges. The employment of cybersecurity professionals by healthcare organizations is essential to protect against data vulnerabilities.
Students can prepare for careers in the high-demand field of cybersecurity by earning an advanced, concentrated degree such as an online Master of Science in Cybersecurity.
The Importance of Cybersecurity in Healthcare
Cyber attacks can disrupt health professionals’ access to patient data, which could result in serious medical errors or treatment gaps. If care providers can’t maintain regular business operations due to information system issues, they also could experience major financial problems and reputational damage. In one example, a large Maryland health system, MedStar Health, had to shut down its email and records databases for days during a ransomware attack. The system was unable to provide essential services such as radiation for cancer patients, according to TechCrunch.
Information technology (IT) vulnerabilities have increased in the healthcare industry due to the rapid transition to electronic health records (EHRs) over the past decade. Insufficient spending on cybersecurity measures and the high black-market value of stolen patient records has made health providers a big target for hackers, according to TechCrunch. About 75% of health organizations suffered from a major security incident during 2019, according to a recent survey from the Healthcare Information and Management Systems Society (HIMSS). Email phishing attacks, legacy systems, supplier software exposure, inadequate IT staffing, and complacency with security policies are some of the leading healthcare cybersecurity risks.
Healthcare organizations must safeguard information systems to protect patients while complying with government data privacy regulations. Hospitals, clinics, and other care centers in the U.S. face substantial financial penalties for noncompliance with the Health Insurance Portability and Accountability Act (HIPAA) rules regarding patient data privacy. The U.S. Department of Health and Human Services (HHS) resolved more than 225,000 HIPAA complaint investigations between 2003 and 2020, with about 28,000 cases resulting in corrective actions and 75 cases resulting in fines totaling over $116 million.
The Need for Skilled Cybersecurity Professionals in Healthcare
To combat the rise in cyber attacks, healthcare organizations—along with companies in many other industries—are ramping up spending on cybersecurity, which means increased hiring of IT professionals with a background in network security. The role of an information security analyst is one of the top 10 fastest-growing occupations in the U.S., with a projected growth rate of 32% between 2018 and 2028, according to the U.S. Bureau of Labor Statistics (BLS).
Cybersecurity professionals are greatly needed in the healthcare industry to design elements of systems that safeguard patient data, such as improved firewalls, encryption solutions, and segmented networks. Data security professionals know how to test for system vulnerabilities, investigate incidents, replace aging or risky hardware and software, and develop security protocols. Information security employees can also establish a culture of risk awareness by educating employees and motivating the leadership team to ensure network safety.
A number of professional roles exist in cybersecurity in healthcare including:
- The chief information security officer (CISO) who must IT experience as well as leadership, communication, and relationship-building skills to spearhead broad security initiatives.
- An information security analyst who is responsible for identifying problems and planning enhancement solutions for organization networks and systems.
- A cybersecurity engineer that designs secure network solutions as a defense against cyber attacks. Typical responsibilities include programming, installing, testing, and configuring devices and applications.
Professionals in healthcare cybersecurity roles should have advanced technical, analytical, and detail-oriented competencies, as well as leadership and problem-solving skills. Such competencies include the ability to handle:
- Network monitoring.
- System testing, including attack simulations.
- Software programming.
- Hardware, software, and application installation.
- User accounts management.
- Breach investigation and damage reporting.
- Understanding new cybersecurity trends, including new security tools.
- Staying current on technology trends including artificial intelligence and machine learning.
- Development and communication of security protocols and best practices.
- Training of employees on security risks, policies, and procedures.
- Regulatory compliance and reporting.
How Norwich University Prepares Cybersecurity Professionals
Norwich University’s online Master of Science in Cybersecurity can help students advance their knowledge and skills to become effective healthcare cybersecurity leaders. The program’s Critical Infrastructure Protection & Cyber Crime concentration enables individuals to develop the competencies needed to protect healthcare organizations from cyber attacks. Here are some of the courses available through the program:
- Core Courses:
- Foundations and Historical Underpinnings of Information Assurance—explores the history and evolution of cybersecurity, breaking down some of the policies, standards, and regulatory requirements used for cybersecurity.
- Information Assurance Technology—teaches technological defenses against various forms of cyber threats and exploitations, including network security protocols and tools designed to fight spam and malware.
- Human Factors and Managing Risk—discusses the correlation between cybersecurity objectives and varying factors pertaining to business goals and end-user attitudes.
- Information Assurance Management & Analytics—covers strategic and tactical areas of information assurance management, including compliance, management, policy development, and leadership.
- Concentration Courses
- Cyber Crime—focuses on the nature of cyber crime and cyber criminals, including the motives driving the activities and techniques used by criminals and how crime can be combatted.
- Critical Infrastructure Protection—examines protection strategies commonly used to mitigate the threat of cyber crime in vulnerable sectors, such as healthcare.
Explore an Education in Cybersecurity
Cybersecurity professionals work to protect organizations from potential cyber threats. By evaluating data assets and improving the security of key systems, these specialists can help increase the security of organizations in vulnerable industries such as healthcare. Demand for cybersecurity in healthcare is growing rapidly as organizations become more aware of weaknesses and fall prey to a rising number of serious cyber attacks.
Learn more about how Norwich University’s online Master of Science in Cybersecurity program and its Critical Infrastructure Protection & Cyber Crime concentration help students attain a vital role in cybersecurity within healthcare and other at-risk industries.
2019 Healthcare Data Breach Report, HIPAA Journal
Master of Science in Cybersecurity, Norwich University Online
The Healthcare Industry Is in a World of Cybersecurity Hurt, TechCrunch
2019 HIMSS Cybersecurity Survey, Healthcare Information and Management Systems Society
Healthcare Cybersecurity: Emerging Threats to Healthcare Providers, HealthTech
Health Information Privacy, U.S. Department of Health and Human Services
Fastest Growing Occupations, U.S. Bureau of Labor Statistics
Information Security Analysts, U.S. Bureau of Labor Statistics
The Healthcare CISO: An Essential Cyber Guardian, Healthcare Innovation
8 Cyber Security Job Descriptions, G2