The Healthcare Industry Needs Cybersecurity Pros STAT

Being a member of the healthcare cybersecurity profession isn’t only about business. It’s being part of a team that saves human lives, protects the patients, and ensures life-saving services.

As the healthcare industry relies more on technology to provide high-level services, the medical staff must know they can safely use the technology to save human lives. The secure operation of technology is of the utmost importance for keeping organizations healthy.

Read this article to find out how a career in cybersecurity can help you safeguard the healthcare industry and join a dynamic sector.

Table of contents

How a career in cybersecurity can help you safeguard the healthcare industry
Do you have the skills?
Hard skills
Soft skills
Why is it important to see the big picture?
What are the benefits of a security and privacy certification qualification in healthcare?
Which areas of knowledge should healthcare security and privacy certification cover?
Privacy and Security Controls Implement the Healthcare Security Policy
Why the HealthCare Information Security and Privacy Practitioner (HCISPP) is the right certification for you
Conclusion: Not all lifesavers wear white coats

How a career in cybersecurity can help you safeguard the healthcare industry

The healthcare industry is undergoing a major technological transformation and needs cybersecurity professionals to help care for and protect it. The future of emerging technologies in healthcare looks exciting and promising. Rapid advances over the next few years may help humanity solve some of the biggest challenges, like our ability to cure illnesses and improve patient care.

The use of technology enhances patient care, such as RFID (radio-frequency identification) by providing information about the patient’s vital signs and temperature. 3D printing is now used to create prosthetics, customized dental devices, and even hearing aids. Virtual reality devices and apps help ease depression and anxiety symptoms in older people and patients with mental illnesses and help people with their postoperative recovery process. Augmented reality helps surgeons and their teams perform complex operations. With the availability of procedures like robotic knee replacement and gene therapy in cancer treatment, it is evident that the role of technology in healthcare is bound to grow exponentially in the future. And you can be part of this exciting new world.

Despite the obvious benefits technology brings, new security and privacy challenges arise. Criminals leverage this new technology to succeed in their malevolent causes by either stealing protected health information (PHI) and other sensitive data or disrupting healthcare entities and providers’ operations. However, healthcare cybersecurity differs from all other sectors. While a security incident in other sectors may entail temporary business disruption, penalties, and damaged reputation – things that can be restored over time – security incidents in the healthcare industry are closely related to human lives. When healthcare providers fail to mitigate risks, security incidents have real life and death implications.

Being a member of the healthcare cybersecurity profession is not only about business. It is being part of a team that saves human lives and protecting the patients we serve and ensures the delivery of life-saving services. Due to the rapid expansion of technology use in healthcare, cybersecurity job opportunities are unlimited: information governance, regulatory compliance, IT security, PHI protection, risk management, third party management. Joining healthcare cybersecurity means that you are involved in caring for and supporting human life. You can make an impact by enhancing patient safety.

Healthcare cybersecurity is a booming sector. Defending the healthcare providers from cyber offensive operations drive increased investment into cybersecurity. It is estimated that the healthcare industry will spend more than $65 billion cumulatively on cybersecurity products and services over the five-year period from 2017 to 2021. While all other technology sectors are driven by reducing inefficiencies and increasing productivity, cybersecurity spending is driven by cybercrime. The unprecedented cybercriminal activity is generating more and more spending on security.

Despite the promising financial statistics, the healthcare cybersecurity sector suffers from a lack of skilled personnel. According to a recent survey, one in four U.S. healthcare workers has never received cybersecurity training from their employer. The US Health Care Industry Cybersecurity Task Force revealed that three in four hospitals have no dedicated cybersecurity professional, while another report showed that 49% of hospitals have no CISO. These reports uncover a stunning lack of cybersecurity training among healthcare workers, leaving healthcare information technology systems and electronically protected health information (ePHI) vulnerable, so it is no wonder the healthcare sector leads all other industries in cybersecurity breaches. The cybersecurity skills shortage makes healthcare organizations more desirable hacking targets causing direct and measurable damage.

The healthcare industry needs young, enthusiastic, and keen cybersecurity professionals that are committed to helping save lives. Will that be you?

Do you have the skills?

The healthcare providers rely on the security and privacy professionals to fortify their entities against cyber-attacks. However, simply employing security practitioners is not enough. They also need to be armed with the right skill set and knowledge.

Cybersecurity is a business battlespace. As cyber threats continue to grow in sophistication, organizations face a persistent challenge in recruiting skilled cybersecurity professionals capable of protecting their systems against malicious actors’ threat. With cybercriminals now responsible for billions in losses per year and state-sponsored hacking groups posing an ever-greater threat, the need for individuals capable of securing networks against attackers has never been greater. Every day businesses need to win battles – mitigate threats, prevent vulnerabilities from being exploited, identify malicious actors. And to win these battles, they need skilled security practitioners.

Although cybersecurity encompasses a broad range of specialty areas and work roles, certain knowledge sets, and skills are essential for any new team member in a critical work role, regardless of their field or the specialty they adopt. However, this does not mean that we must ignore the soft skills that can turn that technical knowledge into value for their employers. Organizations have consistently noted that soft skills like communication, teamwork, and problem-solving are crucial for new hires.

Hard skills

Knowledge of emerging technologies

Emerging technologies change the way healthcare entities provide their services and will create new roles in the future. The Internet of Medical Things (IoMT), Artificial Intelligence (AI), Machine Learning (ML), virtual reality, and robotics are all seen as important investments for the healthcare industry as they strive to enhance the quality of services and treatments for their patients. New IT positions will demand professionals who understand these emerging technologies and their inherent security and privacy challenges.

Savvy IT professionals should acquire this knowledge today as many of these emerging technologies will force change in the workplace tomorrow. Without understanding how this technology impacts IT infrastructure and business, some may find they are left behind as roles evolve to include skills related to emerging technology.

Thorough understanding of security and privacy frameworks

Being a critical national infrastructure, the healthcare industry is a highly regulated sector. Regulations, such as HIPAA, PIPEDA, and GDPR, set the foundation within healthcare. They protect and provide benefits to the public and guide the proper conduct and delivery of healthcare services. Since regulations are mandates set by government bodies, healthcare organizations are subject to oversight by these regulatory agencies.

Becoming knowledgeable about all global healthcare regulations and understanding who enforces what can be a daunting task. This knowledge is essential because if an organization is noncompliant with a regulation, penalties can result in sanctions, court orders, fines, or even imprisonment of principals.

Deep knowledge of risk management

Risk management is a crucial element for understanding information and privacy security. In the healthcare industry, adopting a risk-based approach is even more crucial due to the processed information’s sensitive nature. Data sharing can be, in many cases, a critical factor between life and death. However, patient safety is not the only objective. Saving someone’s life while their most sensitive secrets are leaked to unauthorized parties is counterproductive. Hence, the security and privacy professional must balance the clinical need for information and privacy rights.

Like most other industries, the healthcare industry has utilized technology to improve operation and patient care. In many cases, these technologies come with associated risks that must be considered. The industry also has its unique regulatory and business requirements that the security and privacy practitioner must uphold.

Soft skills

Leadership and communication

It is no longer acceptable for IT team members to work quietly and separate from the organization’s rest. Community, creativity, and a clear investment in business priorities are skills critical to security and privacy practitioners’ success. A certain level of business acumen and engagement is expected. Brushing up on “soft skills” gives individuals an edge as both a teammate and a leader in your security department.

Flexibility

Businesses are placing value on security and privacy professionals who can be flexible and are willing to take on hybrid roles, which ask for a mix of skills. To be leaner and more agile, healthcare organizations expect practitioners to use technical tools, analyze data, collaborate across teams, and manage projects from start to finish.

Furthermore, according to a recent analysis, hybrid roles pay 20-40% more and represent about 12% of all job openings today. Silo-skilled roles are being phased out with a demand for security and privacy workers who can embrace several different challenges.

Advocate for cybersecurity culture and best practices

Another important attribute of security and privacy practitioner is taking the lead in advocating for pervasive security and privacy culture throughout the healthcare organization. In some organizations, employees believe security is someone else’s job.

Instead, we should be forging ahead to message that corporate security requires everyone to be invested in the company’s defense and protection. This starts with creating a strong awareness program for all users.

Whether a healthcare provider is just starting with a security program or seeking to enhance their operations, a security and privacy practitioner brings many applicable business skills. Organizational security requires experience in many facets of the technology landscape, including:

• Risk identification and management
• Management of third-party relationships
• Understanding the impact of healthcare information technologies on privacy and security
• Understanding the connection between privacy and security
• Sensitive data handling
• Alignment of information security and privacy policies, standards, and procedures

A healthcare security and privacy practitioner brings these practical skills to the organization and higher-level theoretical concepts, such as foundational health data management and security and privacy frameworks. This combination of “hard” and “soft” skills is vital for a healthcare security department’s day-to-day functioning.

Why is it important to see the big picture?

The healthcare environment is changing

Technology continuously improves the ability of healthcare organizations to provide better care for their patients. The healthcare practitioner interacts with a variety of interconnected technical platforms daily. The number of new and improved technologies in healthcare only grows. And with that growth, new challenges come in making the technologies interoperable and secure.

Breaches of PHI are increasing in frequency, and healthcare has become the most targeted industry. Several different trends in the healthcare industry have increased the risk to information assets.

• The value of health records to criminals and other bad actors, coupled with the increased availability of technical tools to execute compromises, has increased risk.
• The adoption of greater numbers of electronic systems to manage ePHI has increased the potential number of targets.
• The increased information sharing between agencies exposes more information to potential disclosure.

However, the adoption of new technologies poses challenges. Implementation of technological solutions often has unplanned and unwanted negative consequences to healthcare organizations and their patients. Despite the advantages of increasing the level of technology in healthcare, introducing new technology is challenging. The technologies themselves may be immature, and relying on them too early may put patients’ safety and health at risk.

Electronic Health Records

Healthcare practitioners input patients’ vital data into centralized technology systems throughout their daily activities. When this information is captured in medical coding, it drives the revenue cycle, supports a range of healthcare analytics, and provides data to other critical processes.

Advocates for EHR point out significant benefits from widespread adoption, including improved public health, enhanced patient care, ease of workflow, and lower healthcare costs. Nevertheless, issues with data quality and adoption present challenges for EHR implementation.

Big Data

Although big data is important, what really matters is what organizations do with the data. Many healthcare organizations now use sophisticated clinical decision support systems (CDSS), leveraging the healthcare record data with big data structures of similar patient symptoms, treatments, and outcomes.

The broad use of big data, however, opens concerns over patient privacy. As the disparate data is consolidated, previously anonymized information may become deanonymized through either aggregation or inference. Careful analysis of the data being shared and integrated into the big data repositories must be a priority concern for data architects and privacy officers to minimize the chance of deanonymization.

Communications

Healthcare practitioners and patients use various technologically advanced devices to communicate, including email, video conferencing and telehealth, and telemonitoring services to share information. Mobile health applications can enable the patient and healthcare practitioner to consistently gain greater insight into the patient’s lifestyle. These devices provide access and support to both the caregiver and the patient throughout their care.

Communication technologies bring many benefits, such as making healthcare practitioners more easily available and accessible to patients, improving records access for caregivers and patients, and improving processes with lower associated costs.

However, advances in communications technology bring additional security challenges. Interconnected technologies can be compromised through a connection, and the compromised entities collectively can be used by attackers to attack other systems or breach PII. The problem is exacerbated by the fact that many organizations fail to take even the most basic precautions. Compromise is often enabled through weak access controls, improperly configured, or even absent. Inappropriate or inadequate cryptographic controls over algorithms, key rotation, and key custody put many organizations at risk of a privacy breach.

Internet of Medical Things (IoMT)

The Internet of Things (IoT) devices interface with the physical world and tend to be pervasively deployed. In 2017 there were over 8 billion IoTs, while Gartner projects that there will be 25 billion devices deployed in 2021.

Healthcare organizations utilize a broad array of IoMT devices, which is reshaping healthcare delivery to patients. Patient monitoring, both in clinical settings and in patients’ daily lives, is one of the most common uses, allowing healthcare practitioners to view the patient’s real or near-real-time information. Health events that would have escaped detection in a routine examination can now be evaluated as they occur.

IoMT devices bring with them a range of risks that have traditionally affected legacy environments: malware, human error, and distributed denial of service attacks have all been reported in the healthcare arena. Further, many of these devices integrate legacy technology and design criteria. As a result, their underlying computing platforms are often vulnerable to legacy attacks and do not conform to privacy and security principles by design.

Healthcare Cost Effectiveness

As life expectancy increases and the population is aging, there is a growing pressure to achieve cost-effectiveness on healthcare expenditure. The adoption of digital services is expected to result in more precise interventions, improved health outcomes, increased efficiency, and ultimately reduced health-care expenditure. Despite the initial capital required to be invested in healthcare technology acquisition, these innovative solutions are expected to have a great investment return, replacing ineffective healthcare delivery systems and labor-intensive models.

Through automation and simplification, these amazing solutions will enable healthcare workers to do things that would otherwise not be possible or not to the same extent or with the same quality. On the same subject, a machine learning algorithm that can make diagnoses faster or better than most doctors could be expected to lead to substantial reductions in the price of that particular service.

The Healthcare industry is a critical national infrastructure

The European Union Network and Information Systems (NIS) Directive states the healthcare industry is a critical national infrastructure because

• it provides a service “which is essential for the maintenance of critical societal and/or economic activities”
• “an incident would have significant disruptive effects on the provision of that service”

Healthcare is a major contributor to societal and financial welfare. The National Healthcare Systems play “a significant role in response and recovery across all other sectors in the event of a natural or manmade disaster,” says the US Cybersecurity Infrastructure Security Agency (CISA).

The size, diversity, openness, and economic value of the healthcare sector make it an attractive potential target for terrorists or other malicious actors. In the event of a natural disaster or a virus outbreak, a malicious cyber incident coupled with the increased demand for healthcare services may impact the sector’s ability to meet surge demands with severe consequences on patient care adequately.

Healthcare cybersecurity differs from other sectors

If an adversary or an accident disrupts healthcare systems, that can profoundly impact patient care. Failing to mitigate security vulnerabilities and risks can have a devastating effect on human lives. On the other hand, the implementation of security controls must balance the nature of healthcare workers’ jobs, where saving human lives has the highest priority. These controls must provide enough security and should not disrupt how healthcare workers operate.

Besides security concerns, cybersecurity is highly related to data privacy. Protected health information is sensitive personal data and should afford adequate security to ensure this data’s confidentiality, integrity, and availability. Disrupting medical data information flow can have devastating results in how treatments are provided.

Healthcare is one of the world’s most heavily regulated industries. Jurisdictions regulate all aspects of care delivery, ensuring that drugs are safe and effective and that whenever patients interact with a healthcare organization, their personal information is protected. The World Health Organization (WHO) constitution (1946) envisages, “The highest attainable standard of health as a fundamental right of every human being.”

Regulations like HIPAA in the US, PIPEDA in Canada, GDPR, and NIS in the EU mandate the physical and cybersecurity and privacy of health records, whether in paper or electronic. Along with security requirements, these government regulations dictate heavy fines for data breaches. Failure to be compliant with these regulations will entail financial burdens and jeopardize private healthcare providers’ existence because of reputational damage and subsequent loss of revenue.

With the evolving nature of healthcare, it is common to see more and more services and functions sourced to third parties to reduce costs, introduce enhanced technology, supplement core services, and so forth. While it is relatively straightforward to assign responsibility when the information is under the healthcare entity’s control, it is more difficult when multiple third parties apply different standards of control.

The sharing of healthcare information among organizations can present significant risks in security, privacy, and compliance. This is due to the sensitive nature of the information required to support patient treatment and related healthcare functions such as data analytics and research. Organizations must proactively manage third-party risks and challenges, such as appropriate protection of patient information, reliable software and hardware management, and IT asset lifecycle management, including holistic, accurate, insightful, and forward-thinking vulnerability management.

Cyber-attacks on healthcare providers are increasing

Reports show that ransomware and other cyberattacks are on the rise, and healthcare is one of the biggest targets. Increasingly sophisticated cyberattacks will pose significant threats to hospitals’ operations and revenues, as well as risks to patient safety that will expose more hospitals to malpractice accusations and lawsuits.

The interconnectedness of hospital operations and IT makes the hospital sector highly vulnerable to cyberattacks such as ransomware, malware, email phishing, and infiltration through online medical devices. While all hospitals will face cybersecurity threats, smaller hospitals, especially critical access hospitals, will be the most vulnerable because they typically lack the resources for dedicated cybersecurity experts and often use dated, easily compromised technology.

Cyberattacks that result in operational disruptions present the greatest risk. To date, attacks that have led to sensitive patient data being exposed or stolen are the most common types of attacks reported by hospitals.

However, going forward, attackers will increasingly seek to disrupt hospitals’ operations, which will jeopardize patient safety and have a significant financial impact.

Despite the rising threat, many hospitals are unprepared to handle cybersecurity threats, even though they pose a major public health problem.

However, the vast majority of security incidents, no matter their scale, could have been avoided if applicable security controls and security professionals were in place. Knowledgeable and skilled security professionals using proper technology and processes can minimize any organization’s security risks and ensure a robust security posture.

The importance of broad security knowledge

A skilled professional with a broad knowledge of healthcare-related security and privacy issues can become an organization’s most valuable asset. Having a broader understanding of security incidents, the security practitioner can make accurate impact assessments based on the changing threat and technology environment, assisting the executive board in allocating the resources required to implement proportionate mitigation measures, ensuring a cyber-resilient healthcare organization. Implementing security controls aligned with the overall healthcare goals of treating patients and saving human lives. The security and privacy professional can help minimize the security risks, benefit the organization in many ways, and establish trust with patients and partners.

On the tactical level, the security and privacy professional can ensure a robust yet useable security program. Having in place security controls that do not consider the human element can lead to friction, frustration, and minimized productivity. Simultaneously, the healthcare workers will try to circumvent those measures favoring their convenience, leaving the organization open to malicious actors, either external or internal. Ensuring that the security program has the right ingredients of controls and usability can help create a cybersecurity culture and a cyber-resilient organization.

Considering all the technological advances, their application in all sectors of the healthcare industry, and their inherent security and privacy challenges, the professional wishing to enter the healthcare cybersecurity sector is presented with endless options; they may choose to become generalists or specialists, work in a specific medical sector or be employed as a consultant. The choice is yours.

What are the benefits of a security and privacy certification qualification in healthcare?

Many cybersecurity personnel transitions from IT, seeking to advance their career in a different yet similar sector. Whether you are a university graduate developing your career and want to specialize in healthcare cybersecurity, in cybersecurity and want to move into the healthcare sector, or kickstarting a second career, demonstrate your knowledge and skills can make you stand out from the competition.

Hiring managers want to see a token of proof of your practical experience. Therefore, having a certification as a healthcare security and privacy practitioners can be essential when applying for a vacant cybersecurity position in the healthcare industry. Earning such a certification comes with many benefits, such as:

• Career advancement. Raising the credibility of your knowledge and expertise in improving healthcare security and privacy can boost your career and create new opportunities.
• Versatile skills. Acquire versatile, vendor-agnostic skills that can be applied to different technologies and methodologies to understand how security and privacy work together to create a resilient healthcare organization.
• Personal branding. Differentiate yourself from your employers and peers, gaining respect and recognition from a community of security and privacy professionals.
• Solid foundation. Acquiring a breadth of knowledge can help you build a solid foundation to be better prepared to mitigate and respond to cyberattacks that can have life-threatening effects.
• Self Confidence. Develop skills to reach a deeper, better, and broader understanding of healthcare cybersecurity challenges and solutions.
• Stronger skillset. Expanded knowledge can arm you with a stronger skill set to fulfil your roles and responsibilities.
• Make an impact. Be able to speak competently about current security trends and risks in the market and how those security issues directly impact the provision of high quality and secure healthcare services to patients.
• Vision. Develop interconnection and thorough understanding of all the existing and emerging security and privacy technologies with healthcare goals leading to the secure provision of healthcare services.
• Higher salaries. Security and privacy practitioners with a certification qualification earn up to 35% higher salaries than non-certified practitioners.

Which areas of knowledge should healthcare security and privacy certification cover?

Searching for a security and privacy certification focusing on the healthcare industry, the professional will end up with a handful of choices. Many healthcare IT certifications only cover security or privacy, but it’s important to look for one that covers both. Therefore, they face a dilemma of which to select. Besides selecting the one that addresses specific interests and practical experience, it is important to investigate the body of knowledge each certification offers. A security and privacy practitioner’s certification should cover the following domains.

Risk Management and Assessment

Risk management is a crucial element for understanding information and privacy security. In the healthcare industry, adopting a risk management approach is even more crucial due to the information’s sensitive nature. Therefore, the candidate should understand enterprise risk management, risk management frameworks and be able to apply risk management processes.

Healthcare Regulations and Standards

Regulations and mandates set the foundation within healthcare. They protect and provide benefits to the public and guide the proper conduct and delivery of healthcare services. The candidate should identify, describe, and reference pertinent and applicable regulatory and standards requirements for the healthcare industry.

Third-party Risk Management

The privacy and security practitioner candidates should identify third-party relationships based on their use of health information, help manage third-party relationships, and determine when additional security and privacy assurances are required. Candidates should also support the assessment of third parties, respond to third-party security and privacy events, and participate in the mitigation of third-party risks.

Overview of the Healthcare Industry

The healthcare industry is exceedingly diverse, consisting of various organizations from small physician practices and large hospitals to laboratories, pharmaceutical companies, biomedical companies, payers (private, public, etc.), regulators, and public-health organizations. All these organizations rely on the efficient and effective exchange of patient-related information. The candidates should understand the healthcare industry’s diversity, the types of technologies and flows of information that require various levels of protection, and how healthcare information is exchanged within the industry.

Information Governance and Regulatory Compliance

Information governance provides organizations with the means to manage compliance risks, both internal and external while aggregating and presenting those organizational attributes to their senior leadership. The privacy and security practitioner candidate should know how healthcare organizations govern information, assess risks, define policies, procedures, and work processes, and comply with legislative and regulatory requirements.

Information Technologies in the Healthcare Industry

Candidates should have the necessary knowledge to manage emerging healthcare technologies and to identify emerging threats utilizing these technologies throughout the information lifecycle. Understanding how the organization’s information is shared, accessed, used, and destroyed becomes very important to the healthcare privacy and security practitioner.

Privacy and Security in Healthcare

Patients have expectations that they should have some control over who should have information about them and their medical condition. The candidate should know security and privacy principles and how they relate to the healthcare industry. They should also understand the relationship between privacy and security to ensure that personally identifiable information (PII) is adequately protected regardless of its state or the system in which the information exists.

Privacy and Security Controls Implement the Healthcare Security Policy

The above domains of knowledge cover the whole breadth of privacy and security operations. These controls involve policy, oversight, supervision, manual processes, actions by individuals, or automated mechanisms implemented by information systems. Therefore, the privacy and security practitioner is presented with massive career opportunities in any areas covered by the above knowledge domains depending on their skills and interests.

Being knowledgeable about these privacy and security domains is important for one more reason. By implementing these controls, the security practitioner can help with the enforcement of the organizational security policy. They can significantly impact and become a valuable asset for the lifesaving services a healthcare organization provides.

The healthcare privacy and security policy are the cornerstone document of a company’s risk management program. The security policy defines strict procedures to keep the networks secure, maintain secure transmission of data, and protect their patients’ confidential records. Developing such policies and procedures and conducting real-time monitoring and audit of security practices ensures the hospital’s IT environment’s security. Security policies reflect the executive management’s acceptable risk and therefore serve to establish a security mindset within the organization.

While a security policy is at the strategic level and serves as the “letter of intent” of the healthcare entity’s executive management, the privacy and security controls are at the tactical level. The primary objective of security controls is to reduce security risks by enforcing corporate privacy and security policy. The risk-based approaches to control selection and specification considers effectiveness, efficiency, and constraints due to applicable laws, policies, regulations, standards, and guidelines.

Privacy and security controls help materialize the policy. Here is where the role of a security and privacy practitioner becomes vital. The professional will implement these controls contributing the knowledge and skills to their organization’s overall robust security posture.

Why the HealthCare Information Security and Privacy Practitioner (HCISPP) is the right certification for you

The (ISC)2 HealthCare Information Security and Privacy Practitioner (HCISPP®) certification covers everything you need to know about privacy and security in the healthcare industry. Therefore, it is ideal for IT administrators, managers, directors, and privacy and security professionals responsible for safeguarding the patients’ sensitive medical data. The certification shows you have the foundational technical skills and knowledge to implement, monitor, and administer the healthcare infrastructure using privacy and security best practices, policies, and procedures.

HCISPPs understand the healthcare environment. Healthcare security and privacy practitioners must possess a unique set of skills and specialized knowledge to navigate this highly regulated industry. Healthcaboundsnded with regulations, laws, compliance mandates, and reforms – all that are constantly changing and impacting the way patient information is collected and shared. HCISPPs have the expertise to understand the implications and apply the appropriate security and privacy controls and best practices to address health information’s data protection needs.

As the protectors of personal health information within their organizations, HCISPPs bring a breadth of knowledge spanning the healthcare privacy and security domains. HCISPPs can speak both groups’ language to ensure that an organization’s sensitive patient health information is secure. The HCISPP represents practitioners who are versed in all aspects of healthcare information stewardship.

The HCISPP credential requires that candidates pass an exam and keep current with healthcare security and privacy changes. HCISPPs must complete continuing professional education (CPE) credits each year and submit themselves for recertification every three years. This process ensures that HCISPPs are continually learning about new developments and keeping their skills current. Those who attain the HCISPP certification must also uphold the (ISC)2 Code of Ethics, which states that information security professionals certified by (ISC)2 must adhere to the highest ethical behavior standards and act honestly and responsibly to protect the common good.

The HCISPP Common Body of Knowledge (CBK®) provides an in-depth awareness and expertise across all knowledge domains discussed here, building and showing a solid healthcare cybersecurity foundation. A strong and versatile skillset helps healthcare organizations in providing a high level of lifesaving services securely.

Conclusion: Not all lifesavers wear white coats

The protection and the secure operation of technology are of the utmost importance for keeping organizations healthy. As the healthcare industry relies more and more on technology to provide high-level services, the medical staff needs to ensure that they can safely use this technology to save human lives. You can be part of these amazing teams and “protect the patients they serve and ensure delivery of lifesaving services.”

Source: (ISC)2