Recruiting Healthcare InfoSec ProsWhy Organizations Often Hire From Other Sectors
Many healthcare organizations are hiring chief information security officers and other information security professionals from other business sectors where security efforts are far more advanced, two recruiters say.
A headhunter who helps place CISOs, and a manager at an IT job placement firm that helps find security talent for healthcare organizations, say that those with expertise in encryption and auditing, in particular, are in high demand because of the growing emphasis on breach prevention.
"Healthcare is a weird industry in that it is going through its technology revolution now," says Bill Liguori, a partner at executive search firm Leadership Capital Group. "Other industries have gone through their revolution years ago, like financial services, travel, and content providers like Google and Facebook."
But being late in the technology game has its perks. "Healthcare being the last industry has the benefit of learning from the leaders ahead of them in infrastructure, architect and security" and tapping that talent, he explains.
In his searches for CISOs, Liguori often turns to financial services and other business sectors that are heavily regulated and deal with high volumes of mission-critical transactions, much like the healthcare arena. "People in the healthcare career mode don't have that lens of experience from those other industries," he says.
"With healthcare information, there are greater implications if ... data is breached," he says. "Financial information, travel information can be duplicated if there's a data loss, but when it comes to your health information, there is only one 'you' if that information is lost."
Liguori says one of his largest healthcare clients, has recruited information security pros from such companies as Merrill Lynch, Fidelity, Toyota, EDS and even the CIA.
In the Trenches
The trend of hiring from outside healthcare also applies to other front-line information security jobs, says Joshua Goodwin, a brand director specializing in healthcare at Dice, a technology job site.
And demand for infosec pros in healthcare right now is high, he notes. That's because so many organizations are installing electronic health records system as a result of the HITECH Act's financial incentive program, and many are ramping up security to comply with updated regulations, including the HIPAA Omnibus Rule. Plus, the Affordable Care Act means more Americans will have health insurance, which could create a surge in patients visiting hospitals and clinics.
Although some healthcare organizations are seeking out specialists with experience rolling out popular EHR systems, such as those from Epic Systems Corp. and Cerner Corp., many are emphasizing professional credentials and overall security experience, Goodwin says.
And expertise in encryption and auditing are in high demand, Goodwin says, because of the interest in taking steps to prevent breaches.
Lost or stolen unencrypted devices, and improper access by insiders, are among the most common causes of breaches, the federal tally of major healthcare breaches shows. And under the HIPAA Omnibus Rule, penalties for non-compliance can reach $1.5 million per violation.
Experienced IT and IT security professionals making a move into the healthcare sector often are looking for job security as well as job satisfaction, Goodwin says. "These people are caring and compassionate, and wanting to make a difference," he says.
So what's Goodwin's advice for security pros who want to build a career in healthcare? "Keep your skills current ... and have a passion for what you're doing."