The time is now for federal agencies to fortify cybersecurity among small and rural hospitals

Article

As physicians focus on patient health and executives work to keep the doors open, data breaches can have serious consequences for everyone.

Cyber criminals around the world know that sensitive patient information held by America’s hospitals is ripe for the picking. Health care remains the top target for hackers, with 210 of the 870 ransomware attacks last year on critical infrastructure organizations directed at health provider organizations.

While any hospital can be a target, cyber criminals began attacking small and rural hospitals more specifically in 2022. Smaller hospitals often don’t have the information technology (IT) resources necessary to thwart increasingly sophisticated cyber threats, much less continue to care for patients when an inevitable attack occurs.

By their very nature, hospitals are chaotic places where anything can happen at any time. A 2021 study by a federal cybersecurity agency found that hospitals hit by ransomware often experience additional stressors that can correlate with higher patient mortality rates. While ransomware is particularly troubling, any data breach or intrusion can cause serious issues not only for hospitals, but also for patients.

Health care data is particularly prized not only for direct fraud of Medicare or Medicaid, but also for medical, personal, and financial information that can be used to create new identities and open lines of credit. Medical records are worth 50 times more than credit card numbers on the dark web. Hackers also know that the 24/7 nature of hospitals means they are likely to pay a ransom, which 61% did in 2022.

The following suggestions can benefit every hospital, but small and rural hospitals, in particular, need advice, expertise, and funding to meet the cybersecurity challenges of today and prepare for the challenges of tomorrow.

  • First, the industry must move beyond guidance and recommendations to create minimum standards for cybersecurity, a roadmap to ensure a common compliance standard. Not only should these standards be reasonable and achievable, they must also be ever-changing in response to new and emerging cybersecurity threats. Hackers never stop innovating, and health care must keep pace.
  • Second, small and rural hospitals will need new and dedicated funding sources to meet these standards. Funding options can include subsidies, grants, a funding mechanism specifically for small and rural hospitals, or support from the U.S. Centers for Medicare & Medicaid Services in the form of enhanced reimbursement.
  • Third, government cybersecurity efforts must be better coordinated to bring about the necessary changes. Security challenges in health care are unique, and conflicting guidance sows confusion about best practices. Most rural hospitals are not using available resources due to time and budget constraints, so those resources must be streamlined to be effective.
  • Fourth, establishing a cyber disaster relief program, much like the Federal Emergency Management Agency responds to natural disasters, could provide valuable resources following an attack on a hospital. This program could assist organizations in their recovery process and increase the likelihood a hospital could survive an attack.

More than 40% of rural hospitals currently operate in the red, and one in five is at risk for closure, according to the Chartis Center for Rural Health. When a hospital’s mission is to provide the best patient care possible while trying to keep the doors open, cybersecurity will not be top of mind for hospital executives.

But the federal government is stepping up efforts to make patient data more readily available through interoperability of technology systems, which underscores the importance of hardening IT infrastructure across health care to keep patient data out of the hands of bad actors.

When it comes to protecting technology networks and assets, small and rural hospitals have fallen well behind their larger and more urban counterparts. An immediate, bipartisan plan is needed to give small and rural hospitals the resources and support they need to put the focus back where it truly belongs — on the patient.

Kate Pierce is Fortified Health Security’s senior virtual information security officer and executive director of subsidy. She recently testified before the U.S. Senate’s Homeland Security & Governmental Affairs Committee on the challenges small and rural hospitals face in managing an effective cybersecurity program as well as barriers to adequate funding and human capital constraints.

This article was published by our sister publication Medical Economics.

Related Videos
Understanding combined oral contraceptives and breast cancer risk | Image Credit: health.ucdavis.edu
Why doxycycline PEP lacks clinical data for STI prevention in women
The importance of nipocalimab’s FTD against FNAIT | Image Credit: linkedin.com
Enhancing cervical cancer management with dual stain | Image Credit: linkedin.com
Fertility treatment challenges for Muslim women during fasting holidays | Image Credit: rmanetwork.com
Understanding the impact of STIs on young adults | Image Credit: providers.ucsd.edu.
CDC estimates of maternal mortality found overestimated | Image Credit: rwjms.rutgers.edu.
Study unveils maternal mortality tracking trends | Image Credit: obhg.com
How Harmonia Healthcare is revolutionizing hyperemesis gravidarum care | Image Credit: hyperemesis.org
Unveiling gender disparities in medicine | Image Credit: findcare.ahn.org.
Related Content
Study finds maternal vascular indices predict preeclampsia at 36 weeks | Image Credit: © chompoo - © chompoo - stock.adobe.com.

Study finds maternal vascular indices predict preeclampsia at 36 weeks

April 19th 2024
Article

Discover how maternal vascular indices at 35 to 37 weeks' gestation offer crucial predictive value for identifying preeclampsia risk.

Read More

Site Logo

How Individually Identifying More HPV Types Enables Better Patient Management and More Precise Care

September 29th 2023
Podcast

Listen

Long-term mortality risks for women with adverse pregnancy outcomes | Image Credit: © rudisetiawan - © rudisetiawan - stock.adobe.com.

Long-term mortality risks for women with adverse pregnancy outcomes

April 19th 2024
Article

A recent study revealed that women who experience major adverse pregnancy outcomes face heightened long-term mortality risks, shedding light on the need for comprehensive understanding and preventative measures in women's health.

Read More

Site Logo

The Importance of Including Hemoglobinopathies as a Part of Carrier Screening Panels

September 15th 2023
Podcast

Listen

Unlocking placenta accreta spectrum with single-cell gene targets | Image Credit: © natali_mis - © natali_mis - stock.adobe.com.

Unlocking placenta accreta spectrum with single-cell gene targets

April 18th 2024
Article

Discover how cutting-edge single-cell RNA sequencing unveils molecular insights into placenta accreta spectrum disorders, potentially revolutionizing diagnostics and treatments for this life-threatening pregnancy complication.

Read More

Rising US maternal mortality: Impact of surveillance practices | Image Credit: © N F/peopleimages.com - © N F/peopleimages.com- stock.adobe.com.

Rising US maternal mortality: Impact of surveillance practices

April 17th 2024
Article

A recent study highlighted factors impacting increased maternal mortality rates in the United States, shedding light on the repercussions of altered surveillance methods on statistics accuracy.

Read More

© 2024 MJH Life Sciences

All rights reserved.