Cybersecurity shield: White House, Microsoft, Google offer aid to rural hospitals

With the industry’s cybersecurity health in perilous condition after a series of major body blows this year, the White House is stepping in to provide some extra help to some of the most vulnerable parts of the system: rural hospitals. 

Rural hospitals, including Critical Access Hospitals (CAHs), provide essential services to smaller and more remote communities. They tend to run lean, with fewer resources and staff to devote to cutting-edge cybersecurity infrastructure when compared to their larger, more urban peers.  

That makes them a very attractive target for cybercriminals. In fact, a 2020 report by RiskIQ, a Microsoft subsidiary, found that approximately 70% of attacks between 2016 and 2019 were directed at facilities with fewer than 500 employees – a particularly troubling statistic in light of the fact that cyberattacks are up by 128% from 2022 to 2023, according to the White House. 

With rural hospitals under serious threat, White House officials have partnered with two Big Tech companies to offer some additional protection against an array of increasingly sophisticated criminal attacks. 

Firstly, Microsoft has committed to extending its nonprofit program to provide grants and up to a 75% discount on security products optimized for smaller organizations, including all independent CAHs and Rural Emergency Hospitals.  

For larger rural facilities that are already using eligible Microsoft solutions, the company will provide its “most advanced security suite” at no additional cost for a year. Hospitals will also have access to free cybersecurity assessments and free training for frontline and IT staff. These facilities will also get no-cost Windows 10 security updates for one year.  

“Rural hospitals are particularly hard hit as they are often the sole source of care for the communities they serve and lack trained cyber staff and modern cyber defenses. President Biden is committed to every American having access to the care they need, and effective cybersecurity is a part of that. So, we’re excited to work with Microsoft to launch cybersecurity programs that will provide training, advice, and technology to help America’s rural hospitals be safe online” said Anne Neuberger, Deputy National Security Advisory for Cyber and Emerging Technologies, during the announcement.  

Meanwhile, Google will provide free endpoint security advice to rural hospitals and non-profit organizations. Eligible customers can get discounts on communication and collaboration tools, as well as security support and access to a pool of funding to support software migration. The tech giant is also planning to launch a pilot program with rural hospitals to develop a package of security capabilities that are tailored to their specific needs.  

The American Hospital Association applauded the news after working closely with both companies and government officials on securing the deal. 

“Cybersecurity is a top priority for America’s hospitals and health systems. It is also a shared responsibility,” said AHA President and CEO Rick Pollack. “While hospitals and health systems have invested significant resources to guard against cyberattacks, they cannot do it alone, which is why these commitments from Microsoft and Google are important.”  

“It’s no secret that many rural hospitals across America are struggling as they serve as a health care lifeline in their communities so keeping them safe is essential. The AHA appreciates the White House’s support of rural hospitals and health systems and looks forward to continuing to work with them and other stakeholders across government, law enforcement and the technology sector to expand these resources to all hospitals.”  

The public sector initiative follows a federal investment of $50 million into cybersecurity defense tools announced in May of 2024. The Universal Patching and Remediation for Autonomous Defense (UPGRADE) program, led by the Advanced Research Projects Agency for Health (ARPA-H), will aim to automate the detection of potential vulnerabilities in cybersecurity defenses, allowing healthcare organizations to take a more proactive approach to beating criminals at their own game. 

Taken all together, these efforts will hopefully prevent additional data breaches, both large-scale and small-scale, that are so very disruptive and dangerous to the entire industry. Partnerships between federal, public, and private entities will be crucial for creating a stronger, more seamless cybersecurity shield that protects organizations from the financial and operational implications of breaches while simultaneously ensuring that patients can receive safe and uninterrupted access to care. 

Jennifer Bresnick is a journalist and freelance content creator with a decade of experience in the health IT industry.  Her work has focused on leveraging innovative technology tools to create value, improve health equity, and achieve the promises of the learning health system.  She can be reached at jennifer@inklesscreative.com.