Microsoft, Google pledge 'low cost' cybersecurity services to rural hospitals

Rural hospitals will gain access to cybersecurity services at reduced prices thanks to a new initiative led by Microsoft, Google and the White House.

The Biden administration said on Monday Google will provide endpoint security advice to rural hospitals and nonprofit organizations at no cost and a “pool of funding to support software migration.” Google will also launch a pilot program with rural hospitals to develop a package of security capabilities that fits each hospital’s needs.

Microsoft concurrently announced a program for rural hospitals which will see the tech giant provide “non-profit pricing” and other discounts of up to 75% for security products used by independent critical access hospitals and rural emergency hospitals. 

“Most rural hospitals are critical access hospitals, meaning they are located more than 35 miles from another hospital, which makes diversions of patients and staffing-intensive manual workarounds in response to attacks more difficult,” the White House said in a statement. 

“Recognizing the critical role these hospitals play in the communities they serve, the White House worked with and received commitments from leading U.S. technology providers to provide free and low-cost resources for all 1,800-2,100 rural hospitals across the nation.”

Larger rural hospitals that already use certain Microsoft products will get one year of free access to a Microsoft security suite. In some cases, the company said it would provide free Windows 10 security updates for at least a year or free cybersecurity assessments to “evaluate risks and gaps.” Training will also be provided to staff at rural hospitals. 

Anne Neuberger, deputy national security advisory for cyber and emerging technologies, said cyberattacks against the U.S. healthcare systems rose 130% in 2023, forcing hospitals to cancel procedures and impacting Americans’ access to critical care. 

“Rural hospitals are particularly hard hit as they are often the sole source of care for the communities they serve and lack trained cyber staff and modern cyber defenses,” Neuberger said. “President Biden is committed to every American having access to the care they need, and effective cybersecurity is a part of that.”

Microsoft said it will work with the White House, the American Hospital Association (AHA) and the American Rural Health Association on the rollout, adoption and “effectiveness” of the program. 

More than 60 million Americans rely on hospitals in areas considered rural, and facilities have struggled to deal with a wave of ransomware attacks and data breaches since the COVID-19 pandemic. A recent report found that most rural hospitals have struggled to come up with the funding to cover new cybersecurity systems to protect against ransomware. 

Read More: Ransomware tracker: The latest figures

National Rural Health Association CEO Alan Morgan said rural hospitals face a unique challenge in cybersecurity because they have to balance limited resources with the increasing sophistication of cyber threats, which puts patient data and critical healthcare infrastructure at risk.

For nearly the entire month of May, hundreds of hospitals that are part of the Catholic nonprofit Ascension healthcare network faced technology outages due to a ransomware attack.

Appointments were canceled and ambulances were turned away as the network’s 140 hospitals struggled to serve their patients without a working electronic medical record system. The Ascension incident was the latest in a long line of attacks on hospitals and healthcare networks across the U.S.

The White House statement also referenced the ransomware attack on UnitedHealth Group – which led to major disruptions in timely payment to healthcare providers. Several senators said last week that an attack of this size necessitates significant changes, including government mandates that force healthcare companies to improve their cybersecurity practices. 

Rick Pollack, president and CEO of the AHA, said hospitals and health systems have invested significant resources to guard against cyberattacks, but they need the investment of large companies to help reinforce systems.

“Rural hospitals are often the primary source of healthcare in their communities, so keeping them open and safe from cyberattacks is critical,” Pollack said.