Rural Health Systems Take On Cybersecurity Improvements with Support
Lakewood Health joined the program as one of four early adopters in spring 2024. It started with a third-party evaluation of its cybersecurity policies and tools, and that led to the identification of several weak spots that required immediate attention.
While the organization had just upgraded to next-generation firewalls with artificial intelligence–enabled protection, Roeder says, “one of our biggest issues was that we didn’t have detection and response software.”
The fix included implementing Microsoft Defender XDR, a security solution that deploys attack surface reduction rules to block or audit malicious or suspicious activity on an organization’s network. If a user at any one of the organization’s workstations tries to launch something that hasn’t been approved, “we’ve set it up to prevent that from happening and to autoremediate if anything gets through,” he says.
Lakewood Health now also takes advantage of Microsoft-driven phishing simulation tests and, through the federal Cybersecurity and Infrastructure Security Agency, free vulnerability scanning and tabletop exercise packages.
“It’s a journey that we’re on, but we’re far better off than we were a year ago,” Roeder says. “There are a lot of different pieces that go into it, and all of it together is what allows us to be safe.”
RELATED: Improve cybersecurity training for healthcare staff.
Unique Challenges for Rural Healthcare CybersecurityIn 2024, there were 725 large healthcare data breaches, each involving at least 500 patient records, according to the U.S. Department of Health and Human Services. Hacking and other IT incidents accounted for more than 80% of these incidents, which is unsurprising given estimates that digital medical records are 50 times more valuable than financial information.
While hospitals everywhere are at risk of cyberattack, rural providers are especially challenged in their ability to mount an effective defense.
“A lot of it comes down to reimbursement and having the funds and expertise available,” says Roeder, who served as co-lead for a report on the subject by the Health Sector Coordinating Council Cybersecurity Working Group. Resource-constrained providers “lack the workforce, partners and means to implement cybersecurity best practices,” the report concluded.
The good news is that organizations like the HSCC are actively collaborating with tech sector leaders to make rural healthcare cybersecurity stronger. And industry experts like John Riggi, the AHA’s national adviser for cybersecurity and risk, are encouraging rural hospitals to make the most of these partnerships.
“At a lot of these facilities, the IT director is looking at logs one minute, and the next minute, he’s changing light bulbs,” Riggi says. Initiatives like the Microsoft program, which now has more than 550 participants, “can really make a difference for critical-access hospitals by helping them do everything possible on defense.”
healthtechmagazine
