In this chapter, you will learn to
Understand the status of the U.S. and international information privacy and security workforce
Recognize implications of cybersecurity workforce status on healthcare
Understand the convergence of traditional healthcare skill sets into cybersecurity responsibilities
Identify knowledge domains required for healthcare cybersecurity competency
Describe government and educator initiatives to improve cybersecurity workforce competency
With the increase in the number and severity of data breaches happening globally, many call for measures to provide for and ensure that healthcare has trained and competent workforce members protecting sensitive information. Of course, the need for measures of competency is not necessarily unique to healthcare; however, many of the information privacy and security competencies are specific to healthcare. The advances in healthcare information technology and the increasingly complex systems and interconnections, coupled with the value of the data—all used and shared within the healthcare environment—have initiated an imperative in healthcare. Not only must we put programs and technology in place to protect the information assets from unauthorized disclosure, but we must also make sure we have employees equipped and trained to succeed sufficiently in their responsibilities.
Many of us remember the days leading up to the year 2000, or "Y2K," as the world came to know it. At that time, we began to realize just how dependent we were on integrated and interconnected computers. Banks, retailers, and even healthcare organizations had to examine any machine containing a microprocessor to find those that might react and fail due to a date change from a year ending in 99 or 00. The fear was that computers and software that had only a two-digit year field size would "think" the date had changed back to the year 1900. Critical calculations, such as in the banking industry, for example, would miscalculate things like interest accrued or owed. In healthcare, the worry was that devices such as telemetry units or ultrasound machines would simply stop working. Billions of dollars were spent worldwide to patch systems or replace them with newer versions of software that used four-digit year field sizes. If you are too young to remember this Y2K effort, now you know why we always use four digits in an application's year field. Maybe you never gave it a second thought, until now.
In the end, either because of the focus and attention paid to this problem or because the computers were never at much risk in reality, there were no catastrophic events that occurred when the clock struck 12:00 a.m. on January 1, 2000. In the process, we developed disaster recovery plans, refined backup strategies, and mandated continuity of operations disciplines. Most of these concepts remain integral parts of every information security and privacy professional's responsibilities; however, the level of interconnection among systems and the degree of our reliance on them has changed almost immeasurably since the Y2K era. Continuity ...