HealthCare Information Security

dustervoicedustervoice Member Posts: 877 ■■■■□□□□□□
in IT Jobs / Degrees
Hi All,

Can someone who has worked in information security for any healthcare organisation share their experience? Reason i ask is because someone contacted me about a role and i wanted some insights from the community before proceeding further. Many thanks.
· Share on FacebookShare on Twitter

Comments

  • TLeTourneauTLeTourneau Member Posts: 616 ■■■■■■■■□□
    What type of information are you looking for?
    Thanks, Tom

    M.S. - Cybersecurity and Information Assurance
    B.S: IT - Network Design & Management
    · Share on FacebookShare on Twitter
  • LexluetharLexluethar Member Posts: 516
    I haven't worked in healthcare but i know a few that have. Generally speaking it's an industry that doesn't spend a ton on IT. Money is spent more on doctors (rightfully so) and new technologies like MRI machines and items to keep people alive.

    I've seen from a few different people it's a pretty stagnant area where not a lot is spent on IT and the technology you support will generally be older. It's also a 24/7 environment (depending on your role) because lives are on the line for some systems. Obviously depending on your role depends on if this applies to you.

    The two good parts i've seen is job security and generally speaking good health benefits.
    · Share on FacebookShare on Twitter
  • DatabaseHeadDatabaseHead Member Posts: 2,754 ■■■■■■■■■■
    Lex thanks for posting that, good info.
    · Share on FacebookShare on Twitter
  • beadsbeads Member Posts: 1,533 ■■■■■■■■■□
    I had my 15 minutes of Internet fame by being the second person to pass the HCISPP and have worked in HR and Healthcare for many years. I am a HIPAA expert and have contributed many talking points to HHS, OCR and a host of other names and acronyms you've never heard of.

    Anyway. Healthcare is very slow to change no matter how you might think. Compared to IT and especially security - its a crawl. Why do I bring this up? Simple healthcare doesn't change until HHS or FDA, etc. tell them to change. Its bureaucratic by its very nature. Particularly clinicians. They want to practice whatever form of medicine they specialize in and ignore everything else. The tendency is to look a bit down on everyone else as being a lesser being than themselves. Yes, oh yes they do. So learning when to put one's tail between one's legs is a matter of discipline or be disciplined at times. A definite pecking order to that totem pole and you are far down on that pole. Politics aside if you enjoy the idea of making a difference and working to helping other - its a great area to be in.

    /* RANT

    Now, why do healthcare costs skyrocket? Look at the basement storage area with all those last year's models of MRI, CT scanners, etc that the hospital can't give away because people demand the very latest model that can give a marginally better outcome than the model right before. That's what drives me nuts more than anything else. Ummm... that and medicine by metrics.

    /*End RANT

    Its a cool field with some very cool people. So much to be done but getting there can look rather daunting. Good news is HIPAA has serious teeth so pay me or pay the fines. Betting I win from a cost control standpoint.

    Feel free to PM me about more specific questions. More than happy to help.

    - b/eads
    · Share on FacebookShare on Twitter
  • Pmorgan2Pmorgan2 Member Posts: 116 ■■■■□□□□□□
    I would have to concur with Lexluethar and b/eads that Healthcare IT is a slow developing and stagnant field. I worked IT in a hospital for 2 years and supported clinics for 2 more.

    Help desk was pretty standard, except the added healthcare administration software support. We didn't touch MRI / CT / medical hardware or software. Security wise, the focus was on HIPAA compliance, data at rest, and disaster recovery. Like b/eads said, we didn't do any security hardening unless it was mandated by HHS or some other governing organization. Some of the medical applications we supported were last updated in 1998... which presented unique challenges.

    I thought that working IT in the healthcare field was the golden combo - people and computers will always get sick. But it actually provided less job security and progression than I've found elsewhere.
    2021 Goals: WGU BSCSIA, CEH, CHFI | 2022 Goals: WGU MSCSIA, AWS SAA, AWS Security Specialist
    · Share on FacebookShare on Twitter
  • 636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
    Most people I know in healthcare want to leave healthcare. money sucks, the job sucks, business support for IT and especially IT niches like cybersecurity sucks, you're expected to work security miracles with no training, no technical controls, and no new money for improving either of the above. and you're blamed for when security things go wrong even though you have proof from last year that that specific thing would go wrong if the business didn't fund the control you were looking for and they didn't end up funding it......

    then again, maybe it's the only prospect you have, so there is a bright side there, if that's the case
    · Share on FacebookShare on Twitter
  • TLeTourneauTLeTourneau Member Posts: 616 ■■■■■■■■□□
    I've been in healthcare IT for a long time and have worked in organizations that are like those described but I have also (and currently) worked in an organization that runs the latest technology and tries to stay ahead of the curve on security related items because it has seen the results of not. Not all healthcare organizations are the same, do your research and ensure that it is what you would like to do.

    Pay and benefits can vary as well depending on the organization and can be quite competitive.

    OP - feel free to PM me as well.
    Thanks, Tom

    M.S. - Cybersecurity and Information Assurance
    B.S: IT - Network Design & Management
    · Share on FacebookShare on Twitter
Sign In or Register to comment.