With Microsoft and Google, White House offers cybersecurity tools for rural hospitals
Photo: Onfokus/Getty Images
As part of its recent efforts to bolster cybersecurity resilience across critical sectors nationwide, the White House this week announced a new initiative that enlists the private sector to help small and rural hospitals that are especially vulnerable to cyberattacks.
WHY IT MATTERS
The Biden Administration, working alongside the American Hospital Association and the National Rural Health Association, says it has gotten Google and Microsoft to each offer free and low-cost tools and services for independent critical access and rural emergency hospitals.
"Cyber-attacks against the U.S. healthcare systems rose 130% in 2023, forcing hospitals to cancel procedures and impacting Americans' access to critical care," said Deputy National Security Advisory for Cyber and Emerging Technologies Anne Neuberger in a statement. "Rural hospitals are particularly hard hit as they are often the sole source of care for the communities they serve and lack trained cyber staff and modern cyber defenses."
For its part, Google says it will provide endpoint security advice to these hospitals at no cost, and will also offer funding to go toward software migration. Additionally, the company plans to launch a pilot program to package cybersecurity technologies that meet the unique needs of small and rural facilities.
Meanwhile, the new Microsoft Cybersecurity Program for Rural Hospitals aims to offer grants and up to a 75% discount on security products optimized for smaller organizations, the company says. Eligible rural hospitals can receive free cybersecurity assessments by qualified technology security providers and free training for frontline and IT staff.
Additionally, eligible hospitals that are already using Microsoft tools can get its advanced security suite at no additional cost for a year. And Microsoft will extend security updates for Windows 10 to participating hospitals for one year at no cost.
The Biden administration notes that cyberattacks are especially disruptive to rural hospitals, – which serve more 60 million patients across the U.S.
With rural hospitals designated as critical access – located more than 35 miles from another hospital – potential disruptions of care during a ransomware attack, such as ambulance diversions and the need to revert to manual workarounds, could prove particularly dangerous.
It's in recognition of the essential role these more than 2,000 rural hospitals play in the communities they serve, that the White House, AHA and NRHA have spearheaded this effort.
"Rural hospitals face a unique challenge in cybersecurity, balancing limited resources with the increasing sophistication of cyberthreats, which puts patient data and critical healthcare infrastructure at risk," said Alan Morgan, chief executive officer of NRHA.
THE LARGER TREND
Cyberattacks against the American healthcare system rose 128% from 2022 to 2023, according to the Office of the Director of National Intelligence.
And the first few months of this year have already seen some of the most significant healthcare cyberattacks so far, disrupting care provision, claims processing and much more.
The federal government is trying to meet the moment.
The Department of Health and Human Services – which has floated voluntary cybersecurity performance goals for hospitals and health systems – launched its healthcare cybersecurity gateway to help streamline access to HHS' cybersecurity information and resources and prioritize high-impact cybersecurity practices.
In Congress, Sen. Mark Warner, D-Va., has introduced the Healthcare Cybersecurity Improvement Act of 2024.
Just this month, meanwhile, the Advanced Research Projects Agency for Health announced the launch of the Universal Patching and Remediation for Autonomous Defense, or UPGRADE, an initiative that will invest more than $50 million to scale hospitals' cybersecurity capacity by automating patch deployments across networks and build new tools for IT teams to better defend the hospital environments from cyberattacks.
And the White House – which in 2023 issued a "whole-of-nation call to action" in its four-pillar national cyber workforce strategy – recently convened chief information security officers and other infosec professionals from across the healthcare sector – providers, vendors and others – to compare notes on cybersecurity challenges, share threat intelligence and work toward more secure-by-design technologies for healthcare.
ON THE RECORD
"Cybersecurity is a top priority for America’s hospitals and health systems. It is also a shared responsibility," said American Hospital Association president and CEO Rick Pollack. "While hospitals and health systems have invested significant resources to guard against cyberattacks, they cannot do it alone, which is why these commitments from Microsoft and Google are important.
"It’s no secret that many rural hospitals across America are struggling as they serve as a healthcare lifeline in their communities so keeping them safe is essential," Pollack added. "The AHA appreciates the White House’s support of rural hospitals and health systems and looks forward to continuing to work with them and other stakeholders across government, law enforcement and the technology sector to expand these resources to all hospitals."
Mike Miliard is executive editor of Healthcare IT News
Email the writer: mike.miliard@himssmedia.com
Healthcare IT News is a HIMSS publication.