Dive Brief:
- The White House is partnering with technology giants to bolster cybersecurity in rural hospitals as the number of attacks against the healthcare sector rises.
- Microsoft and Google will offer free or low-cost cybersecurity products to rural hospitals, which often lack the resources to implement robust cyber defenses, the partners said this week.
- Cyberattacks can disrupt access to critical technology, sometimes forcing hospitals to divert patients to other facilities — a particular challenge in rural communities where other hospitals may be dozens of miles away.
Dive Insight:
Cyberattacks against the U.S. healthcare sector increased 128% from 2022 to 2023, according to the Office of the Director of National Intelligence.
The industry has already experienced several high-profile incidents this year, including the major ransomware attack against UnitedHealth’s technology unit Change Healthcare, which held up claims processing and payment to providers for weeks.
Attacks on hospitals can also disrupt patient care, pushing providers to delay scheduled procedures and send ambulances to other facilities. Many rural hospitals are critical access hospitals, located more than 35 miles from another facility, adding additional concerns when making the decision to divert emergency care.
“Rural hospitals face a unique challenge in cybersecurity, balancing limited resources with the increasing sophistication of cyberthreats, which puts patient data and critical healthcare infrastructure at risk,” Alan Morgan, CEO of the National Rural Health Association, said in a statement.
The programs from Microsoft and Google aim to improve security and resilience to attack at rural facilities, the White House said.
Microsoft said it will offer up to a 75% discount to independent critical access hospitals and rural emergency hospitals on security products for smaller organizations. Larger rural providers already using eligible products can get its more advanced suite for no cost for a year.
The tech giant is also offering Windows 10 security updates to participating rural hospitals for a year at no additional cost, and provide cybersecurity assessments and training through Microsoft and its partners.
Google will offer free advice on endpoint security — defenses for devices like laptops, desktops or smartphones — to rural hospitals and nonprofit organizations, as well as funding for software migration.
The company will also launch a pilot program with four to five rural hospitals to develop security capabilities for their specific needs, said Taylor Lehmann, director in the Office of the Chief Information Security Officer at Google Cloud.
The American Hospital Association, which advised the tech giants and the White House on the offerings, cheered the program.
“While hospitals and health systems have invested significant resources to guard against cyberattacks, they cannot do it alone, which is why these commitments from Microsoft and Google are important,” AHA President and CEO Rick Pollack said in a statement.
The Biden administration has lately pushed for increased cyber protections in the healthcare sector, releasing voluntary goals and proposing mandatory standards alongside funding and eventual penalties. The AHA has previously argued against cyber requirements, claiming fines could reduce resources needed to prevent attacks.