Protecting the privacy & security of your patient’s health information.

BLOG POST: No More Staffing Bottlenecks! | Addressing IT Security Staff Shortages

Blog Post by Kevin Henry, Meditology Services IT Risk Management Manager

Are you part of a health care organization that is having a difficult time filling information security positions needed?  Perhaps many security projects are slowing down to a trickle or coming to a complete standstill as your security program initiatives get backed up. 

Don’t worry, you are not alone. According to ISC2, the global information security workforce shortage is expected to hit almost two million by 2022, demonstrating a staggering 20% increase from 2015.

When it comes to staffing healthcare organizations specifically, that task becomes even harder. The U.S. Department of Health and Human Services reported in 2017 that almost 75% of health systems are lacking a designated information security representative.

Estimated Global Cybersecurity Staffing Shortage by 2022

Despite Staffing Issues, Security Work Keeps Coming

Even with the significant information security talent shortage, unfortunately risk management activities can not slowdown without an impact to security. In fact, information security risks facing healthcare are on track to exceed those witnessed in 2017, with high profile attacks hitting national news outlets consistently.

Without the proper skill sets in place, healthcare organizations ranging from hospital systems-to-payors-to-business associates are all feeling the pressure.  The results are slow response times to implement and execute security measures.

Mergers and acquisitions are one of the most common causes for security work to slow down due to staffing shortages and changes in personnel. In today’s environment, healthcare system mergers and acquisitions are occurring left and right. While this can benefit both parties involved in these transactions, it certainly also brings with it security concerns.  

For example, new security risks and gaps are often created when bringing one organization onto another’s network. It can often take 6 months or longer to successfully vet and hire an appropriate candidate. Meanwhile, projects are continually getting backed up. It begs the question: what’s a healthcare organization to do?

Staff Augmentation Services: Releasing the Workflow

The answer can often be simpler than imagined. Staff augmentation services have become a popular means for organization to source the right skillset for the appropriate timeframe to help start up or even wrap up information security strategies and initiatives.

Staff resources can be provided as part-time contractors, contract-to-hire, or full-time contractors for as long or as short a time as needed. Roles may range from entry-level analysts to Chief Information Security Officer positions. Staff Augmentation Services offers many options and helps your security organization remain flexible and responsive during uncertain or high-pressure times.

A variety of security initiatives can run effectively by utilizing Staff Augmentation Services, such as:

  • Board / executive leadership presentations
  • Information Security and Privacy Risk Assessments
  • Policy and procedure development
  • Education, training, and awareness content development and delivery
  • Corrective action plan development and tracking
  • Risk register management
  • Routine penetration testing (Internal, external, wireless, phishing, social engineering, & web application assessments)
  • Managed vendor security risk
  • Incident response plan development
  • Incident response testing and table top exercises
  • BC/DR table top exercises
  • Quarterly leadership updates
  • Building and managing a world-class medical device security program tailored for your organization

If you work with a healthcare organization facing challenges in starting or completing a similar project, don’t wait.  Reach out to a specialized firm within the healthcare information security field to begin setting your facility up for success now!

For more analysis and strategies on staffing and recruiting for healthcare security, download our October 2018 Report: The Ultimate Survival Challenge | IT Staff Shortages in Healthcare. Learn about staffing trends in our annual trend report: Navigating Through A Changing Cyberspace: 2018 Healthcare Data Security Outlook

About the Author
Kevin Henry is a Manager with Meditology Services consulting with healthcare clients on security and privacy initiatives. His experience includes HIPAA security and privacy assessments, HITRUST certifications, and security remediation planning and project management. Prior to joining Meditology, Kevin assisted healthcare organizations in medical technology project planning. He also served alongside senior leaders at a Philadelphia-based health system on operational improvement. Kevin maintains CISSP, HCISPP, and HITRUST certifications and holds a Masters of Business Administration with a concentration in Health and Medical Services Administration.  Kevin can be contacted at or on LinkedIn.