Is Healthcare the Vertical for Security Vendors?

by Tim Larkins, Senior Manager, Market Intelligence

Fresh off the plane returning from the HIMSS12 conference in Las Vegas, I thumbed through my pages of notes and reflected on the vast amount of knowledge gained from hours of education sessions, networking events, and traversing that massive exhibitor hall.  The thought that kept banging around in my head (other than how sore my feet were from walking so much) was that in 4 days, I did not hear one speaker talk about the enormous opportunity for cybersecurity vendors there is within the healthcare vertical this year.  From an HHS perspective, new and ongoing programs continue to invest in cybersecurity initiatives (such as the HHS Cybersecurity Program, the CDC Intrusion Detection and Assessment System, and the various Information Security programs run by HHS component agencies); and one would think there are opportunities abound for companies offering security solutions.

But ONC Chief Privacy Officer Joy Pitts would have us singing a different tune.  According to Pitts, security suffers when budgets get tough, so the best way to improve the agency’s security posture is by implementing low tech, low cost, high impact strategies (like offering basic security education to employees and creating a culture where each employee owns the responsibility of keeping information safe).  Similarly, the VA and MHS are both reluctant to purchase new security products.  According to Acting CIO Karen Guice, MHS’s priority will be to first adapt their current technologies to fill gaps in security.  Then, if glaring holes still exist, purchasing new products will become an option.

My thoughts?  Well, with the most obvious theme of HIMSS12 being interoperability and information sharing, healthcare agencies will find themselves digging out of holes they created if cybersecurity priorities go ignored.  ONC has developed an IT task force to focus on establishing a platform for the VA/MHS iEHR program.  As the months of planning come to an end, and implementation of information exchange and interoperable platforms come to fruition, more and more needs for protection of personally identifiable information and systems will surface.  Regardless of the tune executives may be singing at present, I believe that healthcare is still a vertical with tremendous opportunity for cybersecurity vendors, and I don’t think that you’ll have to walk a thousand miles to find it.