I have been writing about the shortage of healthcare IT (HCIT) workers for a number of years, and it’s finally more than a prediction—it’s a reality. According to the U.S. Bureau of Labor Statistics, working in HCIT is the place to be. HCIT as a sector is forecasted to grow at a staggering 15 percent, to 37 percent by 2020, which is significant.
When the markets crashed in 2008, the number of Americans predicted to retire slowed down significantly as much of their retirement savings took a nosedive, and their grand plans to retire were put on a shelf. Well that’s changed. The oldest boomers—all 2.5 million of them—turn 70 years old this year. While many are still working because they have to, the American Association of Retired Persons (AARP) predicts that only 25 percent of older boomers will still be working by 2022. Do the math.
With healthcare IT now on the map with the enormous amount of capital invested in the last eight years, we’ve created the perfect storm. The real demand in our niche will be squarely focused on information security jobs. We already see the demand ticking up in our own firm, and a quick search on a number of job boards tells the story just based on the number of openings. These professionals are in great demand, and the growth will likely outpace other HCIT roles thanks in part to ransomware and data breaches across our space.
New titles are popping up and the competition to find experienced HCIT security senior level managers and executives is over the top. With healthcare expenses hovering in the high teens of our GDP, most other non-healthcare vertical markets are turning to healthcare to find data security talent for a variety of organizations that cover almost every industry. Payers are also tapping hospital data security experts as they have also experienced being hacked. The problem is probably going to get worse before it gets better, and it will be a while before the supply and demand begins to level off for this skillset.
Over 75 percent of hospitals that responded to a poll by HIMSS said they could have been hit with ransomware in the last year. Over half the people polled indicated they had some sort of ransomware attack; another 25 percent are either unsure or have no way of knowing if a ransomware attack had been perpetrated against them unless the effort was successful. It’s impossible to get real numbers of actual attacks made due to hospitals avoiding publicity about it, and in some cases not knowing anyone is attempting to deploy ransomware attacks against them.
According to Cloudvault Health, an Atlanta-based data security company focused exclusively in HCIT, these attacks will grow globally and will move to mobile environments as well. Healthcare will continue to see a disproportionate ratio of attacks, in part because of the level of maturity of the software, systems/applications, lack of veteran information security officers high enough in organizations to bring accountability into the equation, and a challenge of leadership to bring focus and overall information security awareness in the industry. In many of their installations, they work with data security professionals that don’t come from the healthcare industry and often find themselves educating the non-HCIT technical staff about our industry. Thus, the quandary we find ourselves in with this level of a talent shortage.
For those hospitals and health networks that are fortunate enough to have superior data security talent in the seat today, my best advice is to have a very solid employee retention plan in place. Everyone will be seeking these data security professionals and will be offering them more money to entice them to leave because their services are very much in demand. You should find ways to keep these valuable employees engaged and happy.