Security in Healthcare Information Systems

The Dire Need for Cybersecurity in Healthcare

In December 2017, officials at the University of Virginia Health System (UVA Health) discovered an alarming problem: Their medical records had been hacked, and nearly 2,000 patients' records were exposed via physician devices that were infected with malware. The good news? They discovered the breach. The bad news? The breach had actually taken place in May 2015, meaning the hackers had access to data including patient names, addresses, diagnoses and treatments for 19 months.¹

A Health Information Security Epidemic

UVA Health is not alone. A 2017 study by the Health Care Industry Cybersecurity Task Force, which was established in 2016 by the U.S. Department of Health and Human Services (HHS), found multiple instances of severely flawed cybersecurity inside many healthcare organizations.² But this isn't just terrible news for patients, who should be able to trust that the sensitive data surrounding their health is protected; because patient privacy is a key component of compliance with the Healthcare Insurance Portability and Accountability Act of 1996 (HIPAA), a lack of effective cybersecurity also means that hospitals are at risk of breaking the law.³

To make matters seemingly worse, the average size of data breaches is ballooning and reached 24,000 records in 2017. With the average cost of a data breach reaching $3.62 million in 2017⁴, taking advanced measures to protect medical data just makes good business sense.

Six Imperatives for Healthcare Cybersecurity

Perhaps the most alarming finding by the HHS cybersecurity task force turned out to also be one of the easiest to fix: Three out of four hospitals do not have a designated employee to deal with cybersecurity issues. In addition to raising the alarm about staffing needs, the task force organized their findings around six key imperatives for the future:⁵

1. Define and streamline leadership, governance and expectations for healthcare cybersecurity
2. Improve medical device and health IT security and resilience
3. Develop the necessary healthcare workforce capacity to prioritize and ensure cybersecurity awareness and technical capabilities
4. Increase industry readiness with better cybersecurity awareness and education
5. Identify mechanisms to protect research and development efforts and intellectual property from attacks and exposures
6. Improve data sharing of industry threats, risks and mitigation

Within these six imperatives, the task force made over 100 specific recommendations for improvement, one of which was a call for a healthcare-specific security framework. After all, healthcare experienced more breaches due to cyberattacks than any other industry in 2015, and the industry expects to continue increasing their spending on cyber attack prevention.⁶

The Upside of Healthcare's Data Insecurity

Taken together, the facts of the healthcare industry's projected spending and the lack of specialized cybersecurity experts in U.S. hospitals suggest that now is a prime time to get into the business of securing healthcare data. Already, cybersecurity professionals command a nine percent salary premium over other IT experts,7 and with demand increasing, it's worth learning the job titles to look out for when you have expertise in healthcare informatics.

Specialty Jobs for Technology Professionals in Healthcare Informatics

1. Information Security Analysts
Information security analysts across industries earn a median pay of $92,600 per year with less than five years experience. There were already 100,000 of these jobs in 2016, and that number is projected to grow at a rate of 28 percent year over year, a rate much faster than most other jobs.⁸

2. Healthcare Information Systems Manager
Systems managers plan, coordinate, and direct computer-related activities in an organization. Across industries, they earned a median pay of $135,800 annually in 2016. There are nearly 400,000 such jobs in the U.S. and the job title is expected to grow at a rate of 12 percent year over year.⁹

3. Health Information Technology (HIT) Jobs
Depending on which region of the U.S. you live in, you can expect to earn between $101,000 and $127,000 per year in an HIT career. Even starting out as an associate staff member, you can expect to earn more than $60,000 per year. Not only that, but no matter whether you work in a for-profit private company, a nonprofit or the government, you can still expect to make a six-figure salary. When demand is this high, it's a great environment for job-seekers.¹⁰

Medical Data Breaches Have Real-world Consequences

The hype and bureaucracy surrounding healthcare IT can muddy the big-picture view, but it's important to remember that the data in this discussion isn't just 1's and 0's. It's people's lives. If clinicians don't have access to the right data because of malware, or if data has been compromised, it can really mean life or death for a patient. That's why healthcare informatics isn't just about cybersecurity and data management. It's about people.

Take advantage of your opportunity to lead the way in healthcare cybersecurity. Explore the online master’s degree and certificate programs for health informatics from Kent State University, and take your first step toward safeguarding the future.