NC Health News
A policy paper examining cybersecurity and threats found that cyberattacks at health care facilities have increased more than 125 percent since last year, with rural hospitals being especially vulnerable.
Jenny Niblock, chief clinical officer at Citizens Health in Colby, Kansas, is co-author of “Cybersecurity: A path to increase rural health care preparedness,” a policy brief from the National Rural Health Association.
The policy paper estimates that a patient’s medical record is worth ten times more on the black market than a credit card number.
“Hackers target data including personal identification information such as social security numbers and birthdate, protected patient records, and financial information such as credit card and bank account details,” according to the paper.
Niblock said rural hospitals are especially vulnerable to cyberattacks for two main reasons: Rural hospitals tend to have an older IT infrastructure and inadequate IT staffing.
“Often due [to] lack of funding, rural hospitals have older equipment and versions of software that would help prevent cyberattacks,” she said in an email interview.
Further, rural hospitals are hit hard in the area of health care workforce shortages including IT departments that are often under-trained and understaffed, she added.
“The criminals are quickly realizing that larger hospitals have strengthened their infrastructure and are harder to hack,” she said. “Therefore, the cyberattackers are targeting the more vulnerable rural hospitals.”
Niblock said cyberattacks are devastating to rural hospitals. According to the White House,, the cyber attacks can be particularly disruptive to rural hospitals, which serve over 60 million Americans.
“They lack the manpower and funds to respond quickly,” she said. “They also lack backup systems to continue to see patients in a modified manner. They are also devastating to patient care because there [are] no other hospitals in another part of town to send patients to during the downtime.”
For example, earlier this year, a cyberattack at a rural hospital in Sheridan, Wyoming, left the claim processing center compromised for more than 25 days. In June 2023, a rural hospital in Illinois blamed a cyberattack for its closure, saying the bad actors left the hospital unable to bill Medicare, Medicaid and other payers for months.
Research shows that during the first week of a ransomware attack, inpatient admissions volume fell by 14.7 percent at rural hospitals, according to a study published by the National Rural Health Association. They recovered to pre-attack levels within two to three weeks. Outpatient visits fell by 35.3 percent at rural hospitals during the first week, while emergency room visits fell by 10 percent at rural hospitals.
To combat the attacks taking place in rural America, two tech companies are stepping in to help. Microsoft and Google will provide free or discounted cybersecurity services to rural hospitals across the country to help them in their efforts to prevent cyberattacks. The White House backed the initiative, taking part in the announcement about the tech companies.
Microsoft will provide critical access hospitals and rural emergency hospitals nonprofit pricing and discounts of up to 75 percent for its security products made for smaller organizations. In addition, some larger rural hospitals already using eligible Microsoft solutions would be offered an advanced security suite at no cost for one year. Microsoft offers to provide Windows 10 security updates to participating rural hospitals for at least one year at no additional cost, and the company also states it would provide free cybersecurity assessments.
Google, meanwhile, is offering endpoint security advice to rural hospitals and non-profit organizations at no cost and a pool of funding to support software migration. In addition, Google plans to launch a pilot program with rural hospitals to develop a packaging of security capabilities that fit those hospitals’ distinct needs.
“Cybersecurity is a top priority for America’s hospitals and health systems. It is also a shared responsibility,” American Hospital Association President and CEO Rick Pollack said in a press statement. “While hospitals and health systems have invested significant resources to guard against cyberattacks, they cannot do it alone, which is why these commitments from Microsoft and Google are important.”
Pollack said it’s no secret that many rural hospitals across America are struggling.
“The AHA appreciates the White House’s support of rural hospitals and health systems and looks forward to continuing to work with them and other stakeholders across government, law enforcement and the technology sector to expand these resources to all hospitals,” he added.