Protecting the privacy & security of your patient’s health information.

BLOG SERIES, PART 5 | We Need More Astronauts: Using Managed Services to Address Cyber Staffing Shortages

Blog Post by Brian Selfridge, Meditology Services IT Risk Management Partner

Just as the U.S. Space Program has dwindled its staff in recent years and partnered with private industry for support, healthcare organizations are also feeling the pinch of not enough qualified IT and Security staff members to navigate the largely uncharted territory of cyberspace.  Is your healthcare organization having a difficult time filling information security and privacy positions?  Perhaps many security projects are slowing down or coming to a complete standstill as your security program initiatives get backed up. 

Don’t worry, you are not alone. According to ISC2, the global information security workforce shortage is expected to hit almost two million by 2022, demonstrating a staggering 20% increase from 2015.

Estimated Global Cybersecurity Staffing Shortage by 2022

When it comes to staffing healthcare organizations specifically, that task becomes even harder. The U.S. Department of Health and Human Services reported in 2017 that almost 75% of health systems are lacking a designated information security representative.

Staff shortages among health providers, health plans, and Business Associates is a multi-faceted issue.  Healthcare organizations are run on tight budgets and lean financial resources. Thus, they often focus their largest investments on improvements in patient care.  Meanwhile, the highly competitive cybersecurity market makes it hard for healthcare organizations to recruit talent.

There is a natural hesitancy to hire full-time cybersecurity resources as many IT Security projects are for a short-term duration.  For example, an Information Security department may be building out a security program or implementing a specific security automation capability as a project that requires specific skill sets.  

For the price of a full-time employee, organizations can hire skilled workers from cybersecurity consulting or managed-services firms that are outside their geographic market area.

Outsourcing these functions makes it more feasible to find the people with the appropriate skills.  As a result, the hiring trend is moving away from relying solely on long-term IT Security staff hires and into engagement of managed services firms.  The goal of managed service relationships is to get the right services at the right price tag for the right period of time. 

Staff Augmentation Services: Your Astronauts for Short-Term Missions

The answer to cybersecurity resource constraints can often be simpler than imagined. Staff augmentation services have become a popular means for organization to source the right skillset for the appropriate timeframe to help start up or even wrap up information security strategies and initiatives.

Subject matter experts can be provided as part-time contractors, contract-to-hire, or full-time contractors for as long or as short a time as needed. Roles may range from entry-level analysts to Chief Information Security Officer and management positions. Staff Augmentation Services offers many options and helps your security organization remain flexible and responsive during uncertain or high-pressure times.

If you work with a healthcare organization facing challenges in starting or completing a similar project, don’t wait.  Just as NASA has partnered with SpaceX for specialized resources and support, you too should reach out to a specialized firm in healthcare cybersecurity to begin setting your facility up for future success.

For more analysis and strategies on staffing and recruiting for healthcare security, download our October 2018 Report: The Ultimate Survival Challenge | IT Staff Shortages in Healthcare.  Learn about staffing trends in our annual trend report: Navigating the Changing Cyberspace | 2018 Healthcare Data Security Outlook

This is PART 5 of a five-part blog series highlighting Healthcare Information Security trends as we pay tribute to the anniversary of the Apollo 11 mission of 1969. 

PART 1 | Mission Control, We Have a Breach Problem

PART 2 | GDPR: Different Galaxy, Different Security & Privacy Rules

PART 3 | Healthcare’s Space Junk: Medical Device & IoT Security

PART 4 | Outer Space and Cyberspace Are Dangerous Places

About the Author
Brian Selfridge leads Meditology’s IT Risk Management Services practice which is dedicated to delivering expertise and leadership in information privacy and security, compliance, and audit, specifically for healthcare. He advises the federal government including OCR and HHS and is a frequent presenter and sought after leader in the healthcare security and compliance industry.  Contact Brian directly at brian.selfridge@meditologyservices.com or follow him on LinkedIn.