Historically, health care has spent fractions of a percent of its technology budget on security, a paltry proportion when compared to industries like finance that handle similarly sensitive data. As a result of this underspending, there were an alarming number of data breaches in health care, with 477 incidents reported to HHS, the media or other sources in 2017, according to the Protenus Breach Barometer. These incidents represent only a fraction of the approximately $6 billion in damage done annually in health care due to data breaches.
In response, the health care cybersecurity market has begun to take off. It’s growing at nearly 13 percent per year and expected to reach $10 billion by 2022.
Maryland has the resources to be a leader in this area. There are, of course, the obvious reasons — we have both world-class health care (in the Johns Hopkins Health System and the University of Maryland Medical Center) and world-class cybersecurity assets, including NSA and U.S. Cyber Command. But those resources alone aren’t enough. Fundamentally, we see three key opportunities that we must seize in order to strengthen our position in this market and along the way, build the foundation for many other high-tech sectors in the state.
First, we need to acknowledge that the threats of the future will be unpredictable, diverse and creative and that an advantage always exists for the attacker in cybersecurity. To this end, we need to build a diverse workforce in health care cybersecurity that can see the world from every angle and every perspective. This means ensuring underrepresented minorities, women and LGBTQ individuals all have a seat at the table and substantive opportunities for advancement. It also means thinking about ways we can incorporate professionals who may have grown up in different socioeconomic strata with different educational backgrounds. Finally, it means that we should be thinking about how people with training in areas as varied as neurobiology, finance and national security can all contribute to our shared mission of protecting our nation’s health care systems. Only by building a workforce that mimics the population of the future and the perspectives of all disciplines, can we create a robust and safe health care cybersecurity posture.
Second, we need to continue to build a workforce that is well-trained on emerging technologies and best security practices. Health care cybersecurity will require big-data analytics and artificial intelligence technologies to be successful. Languages like Scala and experience in “dev-ops practices” with cloud infrastructure service providers will be critical to building the platforms of the next 10 years, and Maryland must make sure that we attract and retain individuals with these skills.
Maryland has a strong public and private university presence with world recognized programs in computer science, cybersecurity and STEM in general. We can and should work hard to retain our graduates, interesting them in developing their careers and future businesses within the state. Whether through incentivized training, tax credits for companies that hire and training in critical areas, or highlighting Maryland's lifestyle advantages in cost of living and career opportunity, we must make an investment in building our local workforce.
Third, we need to make sure that our world-class programs in critical fields are supported by the state. While the previous two recommendations could apply to any high-tech field, this third one is very Maryland-specific. As noted above, we have amazing assets in our world-class health systems and unique cybersecurity and national security landscape. However, technology and talent transfer from these fields must continue to be enhanced. Terrific work at institutions including Johns Hopkins and the NSA, continue to lead the way here, but we can always do more; we must hold up our success stories to generate more of them. We must also continue to invest in the basic research in cybersecurity, health care and A.I. that will make us leaders in this field, especially given the recent federal cuts to science and technology research budgets. It is not just one of these fields, but the combined success of these fields, that will shape our success in tackling this market.
Maryland, quite simply, is the richest environment for the development of our nation’s next generation health care cybersecurity immune system. With a few small changes that add to the trends we are already seeing, we can position ourselves for a bright future in defending some of our nation’s most critical infrastructure.
Robert Lord (firstname.lastname@example.org) is president and co-founder of Protenus, a health care analytics platform that protects the privacy and security of patient data, and a member of the board of directors at TEDCO, which focuses on technology development in Maryland. David Mussington (email@example.com) is a professor and director of the Center for Public Policy and Private Enterprise within the School of Public Policy at the University of Maryland.