Security

White House Seeks Cybersecurity Help for Rural Hospitals

Google and Microsoft will supply solutions to better protect the healthcare sector.

John Morell is a long-time business writer covering new developments in tech out of Los Angeles. His work has appeared in the Los Angeles Times, The New York Times and the Chicago Tribune

The White House has tapped Microsoft and Google to provide free cybersecurity services to approximately 2,000 “critical access” hospitals in an effort to protect healthcare in rural parts of the U.S.

Critical access facilities are located more than 35 miles from comparable facilities, making their continuous operation essential to residents and their need for security funding, assessments, tools and training great.

The number of ransomware attacks on the U.S.’s $4.5 trillion healthcare industry increased to 389 in 2023, up from 214 the prior year. The reasons are numerous: Healthcare data often travels networks for sharing by various departments to improve patient outcomes, medical devices connected via networks create vulnerable endpoints and staff focused on providing patient care may not prioritize cyber hygiene.

“Healthcare should be available no matter where you call home, and the rise in cyberattacks threatens the viability of rural hospitals and impact communities across the U.S.” Justin Spelhaug, corporate vice president of Microsoft Philanthropies, said in a statement. “Microsoft is committed to delivering vital technology security and support at a time when these rural hospitals need them most.”

Click the banner below to begin developing a comprehensive cyber resilience strategy.

x-cyberresillience2-static-2024-na-desktop

x-cyberresillience2-static-2024-na-mobile

What Security Resources Can the Private Sector Offer Rural Hospitals?

The commitments the White House secured from its private sector partners include grants for and up to a 75% discount on Microsoft security products designed for smaller enterprises. Hospitals already using Microsoft solutions will receive the company’s advanced security suite free for one year, and those that use Windows 10 for a year will receive a free security update extension.

Eligible rural hospitals will have access to free cyber assessments and training from security providers.

Google is offering rural hospitals and nonprofits free endpoint security advice and discounts on its communication and collaboration tools and security support. Funding exists for software migration.

The tech giant plans to launch a package of security solutions designed specifically for rural hospitals, including Google Workspace Enterprise Essentials Plus, which is compatible with federal law restricting the release of medical information.

DISCOVER: DOD needs air-gapped tools for remote work.

“We are investing in these organizations by providing tools, services, capabilities and partnership so they can stay focused on their patients,” says Taylor Lehmann, director of the CISO’s office at Google Cloud. “These make their systems more secure, resilient, easy to manage and use. We’re committed to using the resources we have to drive a measurable reduction in risk at vulnerable organizations working with us.”

Stakes Are High for Securing Rural Hospitals

A cyberattack on Change Healthcare, a payments and revenue clearing house for 15 billion medical billing transactions annually, took weeks to resolve in the early months of 2024 and left many care providers teetering financially. Meanwhile, a breach at Ascension, a network of 140 hospitals across 19 states, forced staff to shift to old-fashioned paper records, risking errors.

Cyberattacks on the healthcare industry are clearly a problem that won’t easily go away, and they can greatly damage smaller medical practices and hospitals. The CSC 2.0, the successor to the Cyberspace Solarium Commission, published a 20-page report in June assessing healthcare cyber risks and pointed out that smaller, exurban facilities often lack the resources for certain security products or full-time or contracted cybersecurity support.

CSC 2.0 recommends that the Department of Health and Human Services create a rural hospital cybersecurity workforce development strategy that considers solutions such as facilities sharing cybersecurity staff and moving sensitive data to secure cloud storage.

The impact of a cyberattack on a small, rural hospital can be painful and tragic.

“There are parts of America where, if a hospital is in a ransomware attack, the next hospital is hours away,” said Anne Neuberger, deputy White House national security adviser for cyber and emerging technology, at May’s Bloomberg Technology Summit.

UP NEXT: It’s time for agencies to embrace API and static app security testing.

shapecharge/Getty Images