Under a quarter of rural hospitals are using White House’s free cyber resource program, official says
The commitments from industry leaders announced in June seek to help small healthcare centers boost their cybersecurity posture.
Around 350 of some 1,800 small and rural U.S. hospitals are leveraging free and low-cost private sector cybersecurity resources that were marshaled by the White House this summer, a top White House cyber official said Tuesday.
Deputy National Cyber Director for Cybersecurity and Emerging Technology Anne Neuberger provided the update at the 2024 Billington Cyber Summit and said she hoped more would join with time.
Microsoft and Google made the initial commitments in June. Microsoft offered grants and discounts of up to 75% on security products tailored for smaller care centers, as well as larger rural hospitals already using the company’s services. It also provided its most advanced security suite for free for one year, offered gratis cybersecurity assessments for qualified providers and provided hospital staff training.
Google, meanwhile, committed free endpoint security consulting and stood up a funding pool to assist hospitals with software migration. It also launched a pilot program to help the hospitals develop customized security packages that address their unique infrastructure needs.
Hospitals receiving the services span the country, from Maine to Texas and the Midwest. Rural hospitals, defined as being more than 35 miles from another hospital, have become a top issue for the National Security Council because patients have to travel much further to access care if their closest hospital is impacted by a cyber intrusion.
A February ransomware attack on UnitedHealth’s Change Healthcare unit caused a massive cascading impact in what was the largest cyberattack on the U.S. healthcare industry to date. It highlighted how a “single point of failure” can enable one cyberattack alone to harm a number of people and organizations.
Paying cyber ransoms is a difficult decision and hotly debated topic, as victims have to deliberate in a matter of days or hours about whether cybercriminals will keep their promise to return stolen data once payments are made out.
Healthcare infrastructure is a treasure trove for hackers because it often contains digital repositories of sensitive patient information that, if pilfered, can be sold to other criminal cyber operatives for use in extortion or fraud schemes. A February intelligence community analysis says cyberattacks against the healthcare sector skyrocketed 128% in 2023, with 258 known victims that year versus 113 in 2022.