Health Data, Workforce Development, Privacy and Security, From AHIMA

Building a Strong Cyber Workforce Helps Safeguard Patient Data

More patient data is stored electronically than ever before, making healthcare organizations prime targets for cyberattacks. With criminals utilizing it for identity theft, fraud, and other crimes, patient data is lucrative on the black market.

In the health information (HI) field, we need a broader, more inclusive approach to cybersecurity to ensure the safeguarding of this data, especially when it comes to one of our biggest challenges: the cyber workforce. Now is the time for providers, payers, and the industry as a whole to create an inclusive environment that integrates diverse expertise and provides opportunities in the cybersecurity field.

Fortunately, a career in cybersecurity is no longer reserved for individuals with degrees in computer science or engineering. HI professionals, especially those employed in accounting or information technology (IT) departments, may only need minimal training to pursue entry-level positions. There are jobs available, and individuals with curiosity and a sense of mission can have an opportunity to step into significant roles

In fact, as HI professionals, you have a leg up when it comes to handling valuable data. Your understanding of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and HI policy frameworks can help you to navigate the regulatory compliance issues inherent in building cybersecurity infrastructure. Your familiarity with electronic health records and basic IT architecture can help you to respond to risks more efficiently, and your expertise in general risk management gives you a strong base for identifying and mitigating threats. Additionally, any knowledge you may have of security protocols, such as data encryption and access controls, can be helpful in identifying and mitigating cyber threats.

With Cybersecurity Awareness Month upon us, it’s a good time to remember that you don’t have to be a degreed cybersecurity professional to actively contribute to the protection of sensitive information. In fact, we all must do our part to help safeguard our organizations against cyber-crimes and security breaches. Because staff members are often targeted as vectors for threats like ransomware and phishing attacks, every professional has a role to play in maintaining cybersecurity. Without basic training, employees can inadvertently compromise digital safety by not following procedures properly or accessing data they shouldn't.

Beyond your current role, HI professionals can now envision a new path toward participation in your organization’s cybersecurity function. In collaboration with the Health Information Sharing and Analysis Center (Health-ISAC), AHIMA has developed a tailored Cyber Threat Intelligence certificate course. This class helps organizations train their staff to identify cyber threats and address the shortage of skilled professionals in cybersecurity roles. Healthcare organizations who arm their staff with basic cybersecurity training can then tap into their existing pools of talent and redirect them to fill essential entry-level cybersecurity roles.

For you, the HI professional, this course and resulting certificate helps position you for a possible cybersecurity role and empowers you for future success.

The curriculum of this course starts with a basic overview of fundamental cybersecurity practices and cyber threats specific to healthcare settings. This structure prepares participants to help defend their organizations and positions individuals to transition into this work.

The safeguarding of sensitive data is a critical element of patient care. In this day and age, we can't protect patients without also protecting their data. With stakes this high, we need nothing less than collaboration among professionals with diverse backgrounds and distinctive skills working together to ensure the integrity and availability of electronic health information.


Lisa Gallagher, BSEE, CISM, CPHIMS, FHIMSS, is an executive cybersecurity consultant and former managing director, cybersecurity, PwC. She guides cybersecurity education at AHIMA.