In the healthcare industry, information security is crucial for patients and providers alike. Whether through unintentional accidents or targeted attacks, data exfiltration is one of the fastest-growing cybersecurity threats.
Cyberattacks are on the rise, increasing in both frequency and efficiency. Hacker groups from around the globe have targeted hospitals and health systems to exfiltrate protected health information (PHI), personally identifiable information (PII), and other restricted data.
As threats increasingly target the healthcare sector, these organizations are also facing a critical shortage of cybersecurity professionals. On average, cybersecurity jobs take 70% longer to fill than other IT roles, often due to the potential consequences and ramifications of a cyberattack.
Security-related certifications ensure staff have the knowledge and skills necessary to manage cybersecurity threats. There are numerous options when it comes to certification programs in cybersecurity, but there’s no one-size-fits-all solution.
This is because the credentials for healthcare cybersecurity certification are based on different skill sets and focus areas. For example, some cybersecurity certifications are meant for IT professionals with years of experience. Others can be obtained with little to no experience, requiring minimal continuing education or on-the-job experience to qualify.
Let’s look at some of the top cybersecurity certifications available, their benefits, and how to prepare for the exams.
Entry-level certification
Organizations that focus on recruiting and developing entry-level cybersecurity staff can accelerate the hands-on training needed to overcome the cybersecurity labor shortage. Cybersecurity certification can help remove barriers to enter the field and allows candidates to demonstrate their understanding of important concepts and best practices.
The two most prominent healthcare cybersecurity certifications are the Certified Associate in Healthcare Information and Management Systems (CAHIMS) and the (ISC)² Certified in Cybersecurity.
CAHIMS
CAHIMS is offered through the Healthcare Information and Management Systems Society (HIMSS), a leading source of authority for healthcare IT. Ideal for entry- and junior-level staff, this certification establishes a solid foundation for a career in health information and management systems.
Anyone with a high school diploma (or equivalent) as well as 45 hours of continuing education is eligible for CAHIMS certification. A candidate holding an associate’s, bachelor’s, or other advanced degree only needs 25 hours of continuing education. Relevant work experience can be used in lieu of continuing education credits, but the hours required are greater—150 hours for those with a high school diploma and 75 hours for those with an associate’s or higher.
The CAHIMS exam features 115 multiple-choice questions, 100 of which are graded. Exam topics are based on common knowledge and skills in healthcare IT, including:
- Organizational environment
- Technology environment
- Information and systems management
- Privacy and security
- Clinical informatics
Certified in Cybersecurity
The nonprofit International Information System Security Certification Consortium, Inc. (ISC)2 offers globally recognized certifications for information security. (ISC)2’s Certified in Cybersecurity certification is a pilot program that began in early 2022 and is meant to provide new pathways for people interested in cybersecurity roles.
Obtaining this certification will help candidates demonstrate the foundational knowledge, skills, and abilities needed to obtain entry-level work in cybersecurity. The exam is multiple choice, 100 questions, and covers topics including, but not limited to:
- Security principles
- Access control concepts
- Network security
- Incident response, business continuity, and disaster recovery concepts
- Security operations
Professional certification
Experienced professionals can also demonstrate commitment to and expertise in the field of cybersecurity through various certification programs, including:
- Certified Professional in Digital Health Transformation Strategy (CPDHTS)
- Certified Professional in Healthcare Information and Management Systems (CPHIMS)
- Certified Information Systems Security Professional (CISSP)
- Healthcare Information Security and Privacy Practitioner (HCISPP)
CPDHTS
The CPDHTS certification program demonstrates a candidate’s competence in digital health transformation strategy, which is the adoption of technologies that improve workflows, efficiency, and patient care outcomes. Electronic health records (EHRs), telehealth solutions, and cloud security technologies are all examples of digital transformation.
To earn professional certification through the CPDHTS exam, candidates must meet eligibility requirements related to education and work experience. While this is not meant for entry-level staff, CPDHTS certification goes a long way toward resolving a common pain point in digital transformation—70% of such projects fail.
The CPDHTS exam has 150 multiple-choice questions relating to IT ecosystems, health, transformation, and strategy. Topics addressed include, but are not limited to:
- Privacy and security
- Digital infrastructure and interoperability
- Virtual healthcare delivery models
- Compliance and adherence
- Data science and analytics
CPHIMS
The CPHIMS credential demonstrates that an individual meets an international standard of knowledge and competence relating to information and management systems. Because this certification establishes a professional’s expertise in the field, it requires more education and experience than CAHIMS:
- Ten years of experience working in information and systems management, eight of which must be specific to a healthcare setting;
- A four-year degree in addition to five years of hands-on work experience, three of which must be in a healthcare setting; or
- A graduate degree or higher in addition to three years of on-the-job experience, two of which must be in healthcare.
The CPHIMS exam is 100 questions, all of which impact the final score. It addresses the same core topics as CAHIMS but in greater detail commensurate with the test-taker’s experience.
CISSP
The CISSP is recognized worldwide as a highly valuable security certification. The CISSP certification exam aligns with the (ISC)2 Common Body of Knowledge (CBK). The CBK contains all the relevant subjects a cybersecurity professional should be familiar with, including skills, techniques, and best practices.
The technical knowledge covered by the exam focuses predominantly on security controls and operations. Earning CISSP certification demonstrates an individual’s ability to understand a wide range of information security disciplines.
The exam, offered through (ISC)², evaluates a test-taker’s technical and managerial competence across eight areas of expertise. Eligible candidates must have at least five years of experience in two or more of the domains:
- Security and risk management
- Asset security
- Security engineering
- Communications and network security
- Identity and access management
- Security assessment and training
- Security operations
Software development security
HCISPP
(ISC)2 also offers cybersecurity certification specific to healthcare. The HCISPP combines cybersecurity skills with the best practices and techniques to safeguard patient health information. Certification places heavy emphasis on regulatory issues, risk management, data governance, and other privacy concerns.
With the growing volume of ransomware attacks, the knowledge and abilities needed to assess, implement, and manage cybersecurity controls in healthcare organizations are more important than ever.
The HCISPP exam focuses on seven domains of expertise. Qualified candidates must have at least two years of paid work experience in at least one of these domains:
- Healthcare industry
- Information governance in healthcare
- Information technologies in healthcare
- Regulatory and standards environment
- Privacy and security
- Risk management and assessment
- Third-party risk management
Exam preparation
HIMSS certification exams are based on relevant work experience, which requires candidates to recall, apply, and analyze information. To ensure that candidates meet the minimum requirements, knowledge, and skills, HIMSS publishes candidate manuals for each examination.
Candidate manuals include information on how to prepare for exams, an overview of topics, and a competency gap assessment. This tool helps test-takers identify the topics that require extra study and review prior to the exam. HIMSS also has practice exams and review guides for each program that can be used to familiarize test-takers with the exam’s format and types of questions.
(ISC)2 also offers a variety of materials to help candidates prepare for exams, including study guides, practice tests, and flash cards. Test-takers can also prepare using (ISC)2 online training, which includes options for self-paced learning as well as virtual learning with an authorized instructor.
Today, cybercriminals can breach an estimated 93% of company networks. Healthcare IT professionals are in high demand, and both experienced and junior staff can advance their knowledge and skills through cybersecurity certification.
How WinZip Enterprise can enhance cybersecurity certifications
To control and mitigate cyberthreats, healthcare organizations look to solutions such as WinZip® Enterprise. This highly customizable solution empowers IT staff with centralized control over the data environment, including the ability to set and enforce encryption standards, access controls, and other important security protocols.