Healthcare , Industry Specific
Microsoft, Google Offering Cyber Help to Rural Hospitals
Vendors' Free, Discounted Services Part of Biden's Health Sector Cyber InitiativeGoogle and Microsoft will offer free or highly discounted cyber assistance to rural and critical-access hospitals as part of an evolving strategy by the Biden administration aimed at bolstering cybersecurity in the healthcare sector.
See Also: Healthcare Edition: Trends in Generative AI Tool Adoption and Security Challenges
In a statement Monday, the White House said cyberattacks continue to rise across healthcare, incidents particularly disruptive to the rural hospitals that serve more than 60 million Americans.
Most rural hospitals are critical-access hospitals, meaning they are located more than 35 miles from another hospital, "which makes diversions of patients and staffing-intensive manual workarounds in response to attacks more difficult," the White House statement said.
"Recognizing the critical role these hospitals play in the communities they serve, the White House worked with and received commitments from leading U.S. technology providers to provide free and low-cost resources for all 1,800-2,100 rural hospitals across the nation."
The American Hospital Association, which also worked with the White House, Google and Microsoft on the effort, said it is in continued discussions with the government and private sector companies on expanding cybersecurity offerings and resources to all types of hospitals and health systems.
“While hospitals and health systems have invested significant resources to guard against cyberattacks, they cannot do it alone," said Rick Pollack, president and CEO of AHA in a statement.
"It’s no secret that many rural hospitals across America are struggling as they serve as a healthcare lifeline in their communities so keeping them safe is essential."
Alan Morgan, CEO of the National Rural Health Association, told Information Security Media Group that rural hospitals can indeed use any cybersecurity help that's offered.
"Cybersecurity is a top-tier concern. But half of independent rural hospital are operating at a loss, with workforce shortages and very, very low resources for cybersecurity," he said.
Attacks on small community hospitals "can be a matter of life or death when they are disrupted and patients are forced to go many, many miles away to the nearest hospital," he said.
Under the White House initiative, Microsoft agreed to provide up to 75% discounts on security products to in independent critical-access hospitals and rural emergency hospitals.
The company also will offer new licenses of its Microsoft 365 E5 Security solution at no cost for one year to rural hospitals already using eligible Microsoft security products. Microsoft is extending security updates for Window 10 to participating hospitals for one year at no cost.
As for Google, the company said it is offering endpoint security advice to rural hospitals and nonprofit organizations at no cost and a pool of funding to support software migration.
Additionally, Google said it will launch a pilot program with four to five rural hospitals to develop a package of security capabilities that fit these hospitals’ unique needs.
"Google is working to broadly address underlying security weaknesses and help transition the underserved critical infrastructure organizations of the healthcare sector to a more modern computing approach," said Taylor Lehmann, director, office of the CISO at Google Cloud, in a statement to ISMG.*
"The rise in healthcare related cyber attacks is alarming because there is a human cost involved when the ability of hospital systems to provide care is severely disrupted. We have seen hospital systems and physician groups go out of business, face bankruptcy and take months to recover from such damaging attacks," Lehmann said. "By partnering with the White House and the healthcare sector, we are focused on helping reverse this trend and building safer and more resilient critical infrastructure systems."
Microsoft did not immediately respond to ISMG's request for additional details about its program.
Morgan told ISMG he hopes additional tech firms will step up with similar offerings to rural healthcare providers.
Besides the White House, some bipartisan members of Congress also have been focusing more attention on the cybersecurity needs or rural hospitals.
Last June, the Senate Homeland Security and Governmental Affairs Committee approved the Rural Hospital Cybersecurity Enhancement Act, sponsored by Missouri Republican Sen. Josh Hawley, and co-sponsored by the committee chair, Sen. Gary Peters, a Michigan Democrat. On May 9, the committee took up the bill again, approving a substitute amendment and placing the updated proposed legislation on the Senate legislative calendar (see: Bill for Rural Hospital Cyber Skills Passes Senate Committee).
Among other provisions, the bill directs the Department of Homeland Security through the Cybersecurity and Infrastructure Security Agency - in consultation with the departments of Health and Human Services, Labor, and Education - to develop a cybersecurity workforce development strategy for rural hospitals and to publish instructional materials. The bill calls for CISA to make legislative proposals necessary to implement the strategy.
An amendment by Sen. Rand Paul, R-Ky., added a provision stating that no additional funds are authorized for the implementation of the bill.
Besides the new assistance programs from Microsoft and Google, the Biden administration has taken a number of moves to bolster healthcare sector cybersecurity in recent months.
That includes the publication in January of essential and enhances "cybersecurity performance goals". For now, those CPGs are voluntary, but the Biden administration later this year is expected to issue regulations proposing to tie those goals to financial sticks and carrots from the Centers of Medicare and Medicaid Services (see: Feds Wave Sticks, Carrots at Health Sector to Bolster Cyber).
The Department of Health and Human Services' Advanced Research Projects Agency for Health - ARPA-H - last month announced the launch of the Universal Patching and Remediation for Autonomous Defense program.
The Upgrade program will invest more than $50 million to create tools for IT teams to better defend hospitals through enhanced automation, vulnerability detection and remediation across a variety of devices in healthcare environments (see: HHS Funds $50M to Spot, Patch Hospital Vulnerabilities).
Update: June 10, 2024 21:35 UTC: Added statement from Google's Taylor Lehmann.