Measuring Healthcare InfoSec Competency

Measuring Healthcare InfoSec Competency: “In healthcare, there are a lot of places we have very junior staff,” Murphy says in an interview with Information Security Media Group. “We have people that have maybe grown up with the organization and have different roles within the organization, but now have an almost brand new responsibility in handling electronic information or protecting electronic assets.

“We need to be able to develop these personnel in a way that gives us a tangible return on investment, something that we can see very clearly – that they have been able to obtain a level of competency that is measured by a third-party,” he says.

For example, while there is automation in some areas of information security, such as remote software patching, in healthcare “you have an environment where medical devices, special purpose computing platforms are out there,” he says. “You have to be able to accommodate those from the perspective of a lot of it has to be done manually, you have to coordinate with the medical device manufacturers to make sure they’ve tested and approved the patch,” he notes.

“We need people in the workforce in healthcare that understand the complexity and can work through those processes.”