Henry Dalziel | CompTIA, Information Security Careers, ISC2 | January 11, 2013
Healthcare is becoming more and more of a target by hackers – primarily because of their ageing networking and computer systems. Health care IT professionals must improve their security skills and knowledge in 2013, and into the future. With the mass-migration of healthcare providers storing patients electronic health records in databases, and with complex regulations, it is understandable that this is an industry that is gearing itself up to increase its’ security.
When health care providers are found responsible for data breaches they are liable for up to $1.5 million in fines. (It would be interesting to know if this fine is also applicable to social engineering hacks).
There has been a tightening of legislation towards data privacy laws, for example with the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act – but data breaches continue. According to HITRUST – since the HITECH Act went into effect, there have been over 500 hacks in the 2011-2012 period (HITRUST is the Health Information Trust Alliance).
Sophisticated and ever increasing advanced persistent threats are constantly attacking healthcare providers systems. Clearly this is a massive space for information security and ethical hackers to get involved in.
ISC2 Health care IT information security certification
As mentioned in the title of this post, ISC2 and HITRUST are forging a way ahead by combining their organizations skills to create a health care information security certification. One of HITRUST’s key goals is to protect patient data so it seems like a logical match to team up with ISC2.
Who else offers a similar certification?
Currently CompTIA and their Healthcare IT Technician Certification is the best known course in this space. The exam covers the following modules:
Medical business operations
Once we get the new healthcare ISC2 syllabus we’ll update this post.
The idea of certifying IT professionals to secure patient information is obviously excellent. Announced early December 2012, the ISC2 and HITRUST partnership will host a series of workshops in January 2013 to identify job requirements and skills required by health IT security professionals to secure patient data. As we get more information we will update you all.