Hospitals need more cybersecurity pros. It's time to recruit more women.

Las Vegas - Hospitals across America have suffered the heavy costs and disruptions of cyberattacks in recent years, and executives say they struggle to find top cybersecurity pros.

Many industries find it difficult to attract cybersecurity talent, but hospitals and health systems have found recruiting and retaining experienced cybersecurity pros to be a particularly stubborn problem. They say cybersecurity pros often can earn more in sectors other than health care.

However, cybersecurity leaders also are pointing to another obstacle in their talent search. They said they need to get more women in the field.

John Frushour, chief information security officer for the New York-Presbyterian Hospital System, talked about the lack of women cybersecurity professionals in hospitals during a panel discussion at the HIMSS Global Health Conference & Exhibition.

“If you have a young female in IT that is interested in this field, you better sponsor her or get her some doggone training by now, because we do not have enough females in this field,” he said. “I don't know why.”

When it comes to finding women interested in cybersecurity in health care, Frushour said, “I have a hell of a hard time.”

Frushour suggested a need for more internships, shadowing programs and STEM initiatives to help encourage more women to pursue careers in cybersecurity.

“This cannot be a male-dominated field,” he said.

Jason B. Griffin, managing director of digital health strategy and cyber practice leader of Nordic Global, agreed that it’s time to get more women working in cybersecurity in the healthcare industry.

“We struggle finding folks that are wanting to actively pursue it, and women as well, minorities as well,” Griffin said in the panel discussion at HIMSS. “And we've got to find ways to open doors and provide that first level of access.”

Men hold most of the cybersecurity jobs across all industrial sectors. Women hold roughly one in four (24%) of jobs in cybersecurity in all sectors in 2024, according to a report by Women in Cybersecurity, a group aiming to get more women into the field.

There is some progress being made, as the group said only 11% of cybersecurity jobs were held by women in 2014.

Health systems have cited struggles in recruiting cybersecurity professionals for years. About 3 out of 4 healthcare IT professionals (74%) said hiring qualified cybersecurity staff remains “a significant workforce challenge,” according to a report released by HIMSS last year.

In a new HIMSS survey of cybersecurity professionals in healthcare, a majority said they were investing more in cybersecurity. However, only about one in three cybersecurity leaders (34%) reported significant increases to staff, the survey found. Some systems are spending more on technology, including AI solutions to beef up cybersecurity.

Lee Kim, senior principal of cybersecurity and privacy of HIMSS, said in a news briefing at the conference that some hospitals may need to look at their hiring efforts for cybersecurity roles.

“I have personal knowledge of many colleagues that are looking for work that are very experienced in healthcare,” Kim said. “Why are they not necessarily connecting with the jobs where they would be easily qualified … that's kind of puzzling to me.”

Paul M. Nakasone, a retired four-star Army general who led the U.S. Cyber Command before retiring last year, said the country needs a concerted effort to develop a group of workers trained in cybersecurity and AI. He wasn’t speaking about women specifically, but he said there needs to be a broad national effort to train the workforce that is needed in health care.

“We have to be much more aggressive in investing in our talent,” he said in a keynote address at HIMSS. “I'm very hopeful that we will have some type of National Defense Education Act that looks at technology for the future in the same way that we had a Sputnik moment in the 50s, and the result was a huge number of math and science graduates.”