Finding and retaining cybersecurity talent are the two greatest barriers facing healthcare companies looking to improve their organization’s cybersecurity preparedness, according to the 2022 HIMSS Healthcare Cybersecurity Survey. Nearly 84% of respondents said recruiting qualified staff is their greatest cybersecurity challenge.
That equates into actual shortages of qualified workers. More than 3 in 5 (61%) of healthcare respondents said a lack of cybersecurity staff was their No. 1 challenge in achieving a robust cybersecurity program. Survey results were presented at the organization’s annual conference in April.
Most of the 159 respondents taking part in the 14th annual healthcare cybersecurity survey had primary responsibility over the cybersecurity programs at their organizations.
In addition to issues in recruiting staff, the report found that more than 66% cybersecurity staff retention is a significant challenge.
“Indeed, cybersecurity staff tends to be precious commodities for healthcare organizations,” report authors wrote. “Many respondents agreed that there is a lack of qualified candidates by the numbers (45%), as well as a lack of healthcare-related experience (38%) and cybersecurity-related experience (34%),” report authors said.
Training — specifically lack of it for this specialized workforce — also was identified as a major concern. Not only is there infrequent training of cybersecurity staff, there is also a lack of training for administrative staff and clinicians who may be more vulnerable to potential phishing or malicious attacks, report authors pointed out.
“Although this is not the case at every healthcare organization, clinicians and legal staff are not necessarily included in security awareness training,” the report states. “Not including these critical stakeholders in security awareness training means that these professionals may be more vulnerable to phishing and other social engineering attacks.”
On the positive side, the number of ransomware attacks across industries dropped in 2022, according to US officials and experts. Only about 1 in 8 (12.6%) of healthcare stakeholders reported experiencing a ransomware attack in the past year and nearly 78% said their organization did not experience a ransomware attack in the past year.
Still, providers and their vendors remain vulnerable to sophisticated cyberattacks. On Sept. 2, 2022, for example, hackers confiscated vital data of more than 4.2 million patients managed by Florida-based Independent Living Systems, a vendor of clinical and third-party administrative services to managed care organizations serving elderly and disabled individuals.
