No healthcare security best practices list is complete without educating employees on securing patient data from technical, physical and administrative perspectives. The level of education required combined with the perceived talent shortage and continued healthcare data breach struggles signify the need for more training options earlier on for healthcare IT security professionals. One avenue to bridge the education gap may be cybersecurity master’s degree programs, such as the one offered by Sacred Heart University (SHU).
Students can study in SHU’s 36-credit cybersecurity program on a full- or part-time basis starting in fall 2013. Though it’s a cross-industry program, it will include healthcare security in its coursework and many general cybersecurity best practices can be applied to healthcare. Courses include cryptography, systems security, digital forensics, securing the Cloud and ethical hacking. Working cybersecurity professionals such as Greg Kyrytschenko will serve as professors. Kyrytschenko is associate director of the new program and has worked in the cybersecurity industry for 13 years, holding positions in security management and security architecture.
SHU had a smaller certificate program in place for 4-5 years now, but it decided to go ahead with an actual full program with more classes in which it can concentrate on some of the other key pieces of cybersecurity. With the new program, Sacred Heart is partnering with some vendors so students can get on-hands training with specific solutions and it’s looking to provide more insight into different industries.
“We already do some theory-based education, but we’re trying to implement and research more practical cybersecurity methods as well,” Kyrytschenko said. “We’re trying to relate it to healthcare as well as a number of other different areas, such as financial services.”
Kyrytschenko went on to say the university is focusing on is the talent shortage out there and trying to find a good way to train and teach people security basics – not only from an end user perspective, but how to take all these different controls and put them into practice. When asked what the cybersecurity education core pieces are as they relate to healthcare, Kyrytschenko said there are a few different focuses.
We cover healthcare and the regulations, which is part of it, but we also teach how to create the next generation of workforce to ensure these [cybersecurity students] understand the technology and how it actually works so they can make judgment calls when they use a risk-based approach and are more effectively securing critical infrastructure fall all types of industries [such as healthcare]. We want everyone to know what’s going on in the industry.
The master’s program will have an architecture project in one course where you pick a specific industry [such as healthcare] and build a security program that’s tailored to and meets that industry’s standards. Among the other cybersecurity training exercises will be risk management, security auditing and testing, information assurance, vulnerability management, forensics and basic scripting, which is a core requirement because security pros get so much data from so many different places, SHU wants to make sure, for example, an analyst can put reports together from firewall logs. Kyrytschenko mentioned that will be a few research projects specific to healthcare.
One of the projects we have slated for research is how to manage patient data in a cloud, ways to synergize the management of data, secure sharing of patient data among the healthcare industry, maintaining the integrity of the data and the access controls behind that security. Those are some of the areas we’re thinking about – some of the other ones are more infrastructure-related, which could in a number of different industries. An example of this would be keeping security in mind when developing an application.
The SHU program will also try to ensure everything it teaches is current. There may have been a virus that worked in one instance, but six months or a year down the road, that threat may have evolved and changed. With that in mind, educating professionals on the latest threats will make cybersecurity preparedness that much better in the future.