The White House has enlisted Microsoft and Google to provide free cybersecurity services to rural hospitals following recent cyberattacks targeting the nation’s healthcare system.
Rural hospitals often cannot afford skilled cybersecurity teams, leaving them more vulnerable to cyberattacks. Additionally, the White House said that most rural hospitals are critical access hospitals, “meaning they are located more than 35 miles from another hospital, which makes diversions of patients and staffing-intensive manual workarounds in response to attacks more difficult.”
“Recognizing the critical role these hospitals play in the communities they serve, the White House worked with and received commitments from leading U.S. technology providers to provide free and low-cost resources for all 1,800-2,100 rural hospitals across the nation,” the White House said in a fact sheet.
As part of today’s announcements, Microsoft will extend its program for nonprofits to provide grants and up to a 75 percent discount on security products for independent critical access and rural emergency hospitals. For larger rural hospitals already using Microsoft solutions, the company will offer most of its advanced security suite at no additional cost for a year.
Additionally, Microsoft will provide free cybersecurity assessments and training for frontline and IT staff at rural hospitals across the country. It will also provide security updates for Windows 10 to participating hospitals for one year at no additional cost.
“President Biden is committed to every American having access to the care they need, and effective cybersecurity is a part of that,” Anne Neuberger, the White House’s deputy national security advisor for cyber and emerging technologies, said in a statement. “So, we’re excited to work with Microsoft to launch cybersecurity programs that will provide training, advice, and technology to help America’s rural hospitals be safe online.”
As for Google, the company will provide endpoint security advice and funding to support software migration to rural hospitals and nonprofits at no cost.
Google also plans to launch a pilot program with rural hospitals to “develop a packaging of security capabilities that fit these hospitals’ unique needs,” according to the White House.
“The rise in healthcare related cyberattacks is alarming because there is a human cost involved when the ability of hospital systems to provide care is severely disrupted. We have seen hospital systems and physician groups go out of business, face bankruptcy and take months to recover from such damaging attacks,” said Taylor Lehmann, director of the Office of the CISO at Google Cloud. “By partnering with the White House and the healthcare sector, we are focused on helping reverse this trend and building safer and more resilient critical infrastructure systems.”
Neuberger said cyberattacks against U.S. healthcare systems rose 130 percent in 2023, noting that “rural hospitals are particularly hard hit as they are often the sole source of care for the communities they serve and lack trained cyber staff and modern cyber defenses.”
Today’s new public-private partnerships aim to offer much-needed support for rural hospitals – and come after increased pressure on the Biden administration to take action to better protect the healthcare sector from cyberattacks.
Just last week, former acting National Cyber Director Kemba Walden called on Congress to act on legislation to codify cyber requirements for the healthcare industry.
Walden moved to the private sector just one month before the Change Healthcare ransomware attack in February, which paralyzed the largest healthcare payment system in the country.
Additionally, a new report out last week from CSC 2.0 – the successor to the Cyberspace Solarium Commission – calls on Congress and the White House to better protect rural hospitals from cyberattacks.
The report recommends the White House create a rural hospital cybersecurity workforce development strategy.
It also calls on Congress to direct and resource the Department of Health and Human Services (HHS) to establish a “Rural vCISO Pilot Program.” This pilot program would provide “part-time CISOs, called ‘fractional CISOs’ or ‘virtual CISOs’ (vCISOs), to help the most vulnerable and underfunded rural hospitals,” the report says.
“The safe and efficient provision of health services is a matter of both personal safety and national security. This is why the Federal government designated the healthcare and public health sector as a critical infrastructure sector,” the report says. “The U.S. government must collaborate with stakeholders in this sector to increase providers’ resiliency against cyberattacks.”
