By Nam Nguyen, Vice Chair
EHRA Privacy & Security Workgroup

October is Cybersecurity Awareness Month, and the Electronic Health Record Association (EHRA) will use this opportunity to share helpful reminders of cybersecurity fundamentals throughout the month. 

The 2020 HIMSS Cybersecurity Survey provides a look into cybersecurity issues facing US healthcare organizations. Based upon the feedback from 168 US-based healthcare cybersecurity professionals, “Cybersecurity budgets are still lacking with typically 6% or less of the information technology budget allocated for this purpose. A large attack surface exists within many healthcare organizations due to the profound lack of resources.”

Even as cyberattacks are increasing exponentially, businesses including healthcare organizations are facing another significant risk –  a shortage of available, qualified cybersecurity professionals. 

According to the fifth annual global study of cybersecurity professionals by the Information Systems Security Association (ISSA), more than 57% of organizations have been negatively impacted by the “cybersecurity skills crisis.” Of the professionals surveyed by ISSA, 95% indicated the skills shortage has not improved in recent years and 44% say it has worsened. 

Unmanageable workloads and daily demands deter potential recruits. Survey respondents cite a number of needs to make cybersecurity teams feel more valued: fair and competitive compensation, allocated time and funding made available for training, and alignment between executive and cybersecurity teams. Forbes notes that companies should be hiring for an around-the-clock, 24x7x365 cybersecurity team – as cybercriminals do not take holidays off. 

IT Security Guru published a series of suggested solutions to minimize the challenges of professional burnout and decrease turnover in the cybersecurity industry. They recommend offering access to mental health resources for coping with stress, increasing recruiting efforts, considering an outsourced backup team, and automating more mundane tasks. 

The U. S. Department of Commerce’s National Institute of Standards and Technology (NIST) established Cybersecurity Career Awareness Week (October 18 – 23, 2021) as a national initiative to raise public awareness and strengthen the cybersecurity workforce. This campaign is designed to acknowledge the vital services of cybersecurity practitioners as they “enhance each nation’s security and promote economic prosperity.”

What can you do?

• Thank a cybersecurity professional today
• Review the EHRA blogs on the importance of cybersecurity on an executive level and recruiting healthcare cybersecurity staff
• Encourage your cybersecurity team or colleagues to sign up for trainings or compete in a Capture The Flag (CTF) competition 
• Download the NIST overview of Cybersecurity Career Awareness Week for more details