Can rural hospitals face cybersecurity risks on their own?
How and when rural hospitals will get the tools and resources they need to alleviate electronic threats is unknown. But to increase awareness of the reasons for the weakness of rural hospitals and pushing more cooperation to enhance cybersecurity, Microsoft said she imagined immediate and sustainable commitment through a partnership between the public and private sectors.
“We can take an unprecedented action and speed to alleviate cyber risks, pay innovation, and ensure both rural and American hospitals who serve them in the future,” Microsoft researchers said in a new white paper, the cybersecurity scene at the rural hospital.
The terrible situation in life and the dollar
In order for rural hospitals to be the cornerstone of delivering health care in the United States and continues to provide basic services to millions, Microsoft has pledged to continue to expand its efforts to help support its comprehensive flexibility, including taking advantage of artificial intelligence to address the necessary efficiency.
The technology giant also calls on technology companies, policy makers, community institutions and health care providers to meet the urgent needs of these critical institutions.
While rural health care providers may be currently Optimistic about financial affairsLast year, he witnessed the promotion of high medical care Half of all rural hospitals in red.
Since 2010, I have closed or transferred 182 rural hospitals, according to the state of rural health for the year 2025 a report It was released last month by Chartis. This year, 46 % of the red hospitals in red and 432 are subject to closure, the consulting said.
“On the occasion of the financial resources breed, rural hospitals face great challenges in employing and maintaining healthcare professionals. Find skilled employees in fields specialized in hospital management, for example, IT specialists or revenue management teams are a major challenge in rural areas,” said Microsoft in the white paper released on March 5.
Rural hospitals face great challenges in employing and maintaining work forces, as well as investing in their security.
“In a large part of it due to limited budgets, rural hospitals are likely to lack the resources necessary to implement the main cyber security measures, creating an ideal opportunity to exploit Internet criminals,” the researchers said.
The actors all over the world know this, whether they are following rural hospitals to achieve financial gains, or are punished by the nation -states to sew the dispute in the United States and harm citizens.
To showcase the increasing intensity of the threat scene, in 2015, Texas witnessed five data violations through electronic attacks, and revealed more than 102,000 patients’ records, according to the white paper.
By 2022, 44 attacks revealed nearly 6 million patients.
“This height is not an homosexuality, but the result of the concentrated efforts to target hospitals that suffer from resource deficiency simultaneously with weak IT environments and valuable patient data housing.”
Microsoft indicated that 20 % of hospitals that saw an electronic attack reported an increase in the patient’s deaths.
The cost is doubled on the missing day until the time of stopping after the ransom attacks from 2018-2024, which is estimated at $ 1.9 million, with an average of a stop of 18.7 days, according to Microsoft.
Then there is the cost of recovery.
“In 2023, according to the IBM report, the costs of data breach of health care increased to more than $ 10.9 million,” the researchers pointed out.
For hospitals that are already suffering from financial pressure, “this can be the difference between sheet and closed”, which is why WURAL hospitals have immediate and long -term support for support and help in developing Internet flexibility.
Rural electronic hygiene mode
The new white paper discusses Microsoft visions of its efforts to help rural service providers improve cybersecurity through the cybersecurity program for rural hospitals.
The program provides a free security evaluation through a pre -assembled security partner to assess and identify strategies to alleviate cyber security risks, coordinated learning for provider employees, and the founding cybersecurity management certificate for IT employees, according to Microsoft.
Participants may also receive one year from the expanded security update of Windows 10 without any cost-wherever it is available-discounts and security products offers, including non-profit pricing to reach rural emergency hospitals.
All rural hospitals in the United States are eligible for the specialized cybersecurity program for technology giant, and because they launched more than 375 rural hospitals, she requested help by conducting a free evaluation. In addition, more than 550 American rural hospitals registered in the company’s program and about 1,000 individuals of these organizations have reached online training opportunities, Microsoft said.
Soon the researchers discovered that most of the rural hospitals did not implement the best practices of cybersecurity, said Kate Behnkin, Vice President of Microsoft Charity Company and Erin Burstefeld, the first director of technology for social influence and one of the white paper authors, in them Blog article On March 5.
Basic electronic hygiene such as email safety and multiple factors are not present, and it also performs the basic scan for weakness.
“The correction is often neglected in a timely manner according to a firm operation in rural hospitals, as only 43 % of hospitals are considered as receiving traffic scores in these practices,” said white paper authors.
An example of this: On Wednesday, the FBI and Cyber Security Office, the Security Agency for the Infrastructure and the Perfect Information Continue Center A. Joint alert Sector warning about medusa ransomware. The initial arrival that was recently investigated, as is the case last month, showed that the alternative publishes hunting campaigns as an essential way to steal the victims ’accreditation data and once the non -recipient weaknesses such as the Connectwise screen – which may have been used to get rid of the rights to join health care data. The Information and Health Analysis Center issued an alert to a threat about the weak Screenconnect screen in January.
The distinctive account management is another responsibility for many rural hospitals that only 29 % of these Microsoft assessed “a sufficient separation of final users, distinguished accounts or accounts with broader systems/data.”
“Rural hospitals with lean information technology are often lacking in developing and managing these policies and the ability to make a strict continuous monitoring,” Microsoft said in the white paper.
Although most rural hospitals were well recorded in their asset management practices, the management point management has revealed a great danger. Less than 37 % of the estimated hospitals have achieved the informed degree of success experts, according to the port of the house.
The researchers said that most rural hospitals do not have comprehensive training and awareness programs, which makes them vulnerable to social engineering attacks.
“Our goal in this program is to address all of the instant electronic risks facing these critical resources of society, as well as the broader regular challenges facing rural health,” said Pionkin and Bourcheldel in their blog.
“We can help these hospitals to be less vulnerable to common threats and ultimately serve their societies better,” Microsoft stated in the white paper.
In addition to the cybersecurity program in rural hospitals, the Microsoft Digital Crime Unit has begun in both legal and technical procedures at the international level to disrupt Internet criminals and their facilities, including those targeting health care institutions using legitimate tools to regulate Rabudi programs.
In partnership with Microsoft, H-VISAC and International Agencies, the American software company Fortra said on Monday that cooperative efforts to dismantle Internet criminals over the two years bear fruit, and the abuse of cobalt in the wild decreased by 80 %.
In its attractiveness to other technology companies, policy makers and others, Microsoft has urged innovation as well as support on Earth to support rural health care against increased electronic threats.
The company said in the report: “Not only by supporting the founding cybersecurity, but also innovation to address the inefficiency and cost operating programs, they are skills to ensure hospitals are ready to manage these complex environments,” the company said in the report.
Government cooperation and intervention
Microsoft said in the white paper: “Governments in particular be held responsible for stopping attacks against hospitals,” Microsoft said in the white paper.
During the keynote speech in the morning at Himss25 on March 7, General Paul Nakason, former Director of the National Security Agency from 2018-2024, said he immediately thought about the results of the Cyber Security Cooperation Center at the agency that was established in 2020 for the speed of warp after reading Microsoft Rural Cybercape LandCAPE.
The center was not able to only communicate with the defensive industrial complex and allow experts to exchange information, but through it, the National Security Agency also provided a scanning, safe email and DNS protective to the participants.
“The number of interventions in the defensive industrial base has decreased significantly,” Nakason said.
He said that the cost of this security investment by the US Department of Defense – $ 10 million a year – provided ten times as much as the cost cost.
With the absence of another decisive infrastructure sector that reaches difficulty through the ransom of health care – at a cost of $ 1.9 million per day lost in revenue – Nakason said that similar government participation can improve the electronic defense of the critical health sector.
“Why don’t we do the same with rural health care? Why don’t we do it with health care in general?” He said.
“Why do we not discover a method in which we can provide and overburden health service providers, and everyone who wants to do so, scanning DNS and its specifications and ensuring the email to make the tape much higher for the attackers to enter?”
Andrea Fox is a great health care editor.
Email: Afox@himss.org
Healthcare is Hosz News.