Echoing language used in a policy proposal issued by Sen. Mark Warner, D-Va., a new Senate bill proposes creating a rural hospital cybersecurity workforce development strategy to address longstanding staffing challenges in these areas of the country.
Sponsored by Sen. Josh Hawley, R-Mo., the bill directs the Department of Homeland Security to develop a plan with the departments of Health and Human Services, Education, and Labor to address the growing need for skilled cyber professionals in rural area hospitals within a year.
Rural hospitals face specific challenges and a need for government assistance. As SC Media previously reported, small, rural and under-resourced entities' lack budgets and staff to adequately secure their networks. These limitations also mean that broader security advice may not even be relevant to rural hospital environments.
In 2019, New America, a Washington, D.C.-based think tank, issued a paper with a section detailing workforce challenges in these regions and across healthcare as a whole. Healthcare cybersecurity leaders are faced with complicated infrastructure, resource constraints and staffing shortages. At the time of the report, the pay of healthcare cyber leaders was estimated as three to four times less than other industries.
These workforce challenges further compound healthcare technology issues, including a heavy reliance on legacy tech and patch management gaps. The New America report stressed that government assistance should begin with recruiting and retention issues to begin fixing these challenges.
Four years later, Hawley's proposal takes aim at these challenges that are far more prevalent today.
The bill would direct the DHS secretary to confer with rural healthcare providers from specific geographic regions to create an effective plan, as well as rural health and cybersecurity education stakeholders to identify existing instructional materials able to be adapted for use in these areas.
In November, Warner’s policy paper suggested a similar program that would be tailored to prepare cybersecurity leaders to handle threats specific to the healthcare environment. The ideal program would rely on community colleges and professional certification programs.
The program should be tailored to “prepare cybersecurity professionals to confront cyber threats that are specific to the healthcare environment,” according to Warner's policy plan.
Under Hawley’s proposal, the baseline rural hospital workforce development plan would strengthen partnerships between hospital leaders, educational institutions and other private-sector entities to build out the cyber training and education programs.
At a minimum, the cybersecurity curriculum and teaching resources would be designed for use in community colleges, vocational schools and other educational institutions in rural areas, and focus on needed technical skills and abilities tied to their specific cybersecurity needs.
The bill would also seek recommendations on possible legislation, rule-making or guidance to effectively implement the workforce development strategy. A required annual review would evaluate possible updates to the plan, where appropriate, as well as potential initiatives, effectiveness and additional program needs.
If passed, DHS would be required to provide instructional materials for rural hospitals to train staff on these “fundamental cybersecurity efforts.”
In the last few years, the government has ramped up its focus on the dire state of cyber in healthcare with numerous congressional hearings, private meetings, and proposed bills. Healthcare stakeholders have worked tirelessly to inform these decisions, in hopes of incentives, workforce development and additional support to meet sector challenges.
The proposed bill draws on these frequent requests and Warner’s policy plan. As the Senate Homeland Security and Governmental Affairs meets on May 17 to discuss the bill, leaders should consider some of Warner’s suggestions, as well.