BLOG

Blog Post by Kevin Henry, Meditology Services IT Risk Management Manager

---

Are you part of a health care organization that is having a difficult time filling information security positions needed? Perhaps many security projects are slowing down to a trickle or coming to a complete standstill as your security program initiatives get backed up. Don’t worry, you are not alone. According to ISC2, the global information security workforce shortage is expected to hit almost two million by 2022, demonstrating a staggering 20% increase from 2015.

When it comes to staffing healthcare organizations specifically, that task becomes even harder. The U.S. Department of Health and Human Services reported in 2017 that almost 75% of health systems are lacking a designated information security representative.

Despite Staffing Issues, Security Work Keeps Coming

Even with the significant information security talent shortage, unfortunately, risk management activities can not slow down without an impact to security. In fact, information security risks facing healthcare are on track to exceed those witnessed in 2017, with high-profile attacks hitting national news outlets consistently.

Without the proper skill sets in place, healthcare organizations ranging from hospital systems-to-payors-to-business associates are all feeling the pressure. The results are slow response times to implement and execute security measures.

Mergers and acquisitions are one of the most common causes for security work to slow down due to staffing shortages and changes in personnel. In today’s environment, healthcare system mergers and acquisitions are occurring left and right. While this can benefit both parties involved in these transactions, it certainly also brings with it security concerns.

For example, new security risks and gaps are often created when bringing one organization onto another’s network. It can often take 6 months or longer to successfully vet and hire an appropriate candidate. Meanwhile, projects are continually getting backed up. It begs the question: what’s a healthcare organization to do?

Staff Augmentation Services: Releasing the Workflow

The answer can often be simpler than imagined. Staff augmentation services have become a popular means for organization to source the right skillset for the appropriate timeframe to help start up or even wrap up information security strategies and initiatives.

Staff resources can be provided as part-time contractors, contract-to-hire, or full-time contractors for as long or as short a time as needed. Roles may range from entry-level analysts to Chief Information Security Officer positions. Staff Augmentation Services offers many options and helps your security organization remain flexible and responsive during uncertain or high-pressure times.

A variety of security initiatives can run effectively by utilizing Staff Augmentation Services, such as:

• Board / executive leadership presentations
• Information Security and Privacy Risk Assessments
• Policy and procedure development
• Education, training, and awareness content development and delivery
• Corrective action plan development and tracking
• Risk register management
• Routine penetration testing (Internal, external, wireless, phishing, social engineering, & web application assessments)
• Managed vendor security risk
• Incident response plan development
• Incident response testing and table top exercises
• BC/DR table top exercises
• Quarterly leadership updates
• Building and managing a world-class medical device security program tailored for your organization

If you work with a healthcare organization facing challenges in starting or completing a similar project, don’t wait. Reach out to a specialized firm within the healthcare information security field to begin setting your facility up for success now!

Learn about staffing trends in our annual trend report: Navigating Through A Changing Cyberspace: 2018 Healthcare Data Security Outlook.