A cybersecurity program Microsoft launched last year for rural hospitals has “exceeded projections” with nearly a third of the country’s rural hospitals registering for free or low-cost support, the tech giant said Wednesday.
The Cybersecurity for Rural Hospitals Program is funded through philanthropic investment and, per last summer’s unveiling, was rolled out in “close collaboration” with the Biden administration, the American Hospital Association and the National Rural Health Association.
The program offers independent critical access hospitals and rural emergency hospitals up to a 75% discount on certain security products as well as free cybersecurity assessments, staff trainings and other security updates.
In a blog post and accompanying white paper (PDF), Microsoft said that more than 550 rural hospitals have registered for the program. More than 375 of those hospitals are participating in cybersecurity assessments funded by Microsoft, and almost 1,000 rural hospital workers received cybersecurity trainings.
The white paper includes preliminary data on more than 250 assessments Microsoft and its cybersecurity partners conducted among the hospitals.
“For example, early on, we found most rural hospitals hadn’t implemented basic cybersecurity best practices, such as email security and multi-factor authentication,” the company wrote in its blog post. “By delivering a holistic solution that includes free assessment, curated learning pathways for employees, and non-profit pricing for Critical Access and Rural Emergency Hospitals, we can help these hospitals to be less vulnerable to common threats and ultimately, better serve their communities.”
Only 43% of the assessed hospitals were deemed to have a passing score on basic vulnerability scanning and timely patching, according to the white paper. Just 29% adequately separated and managed privileged accounts (those with broader systems and data access) from other end users, and “most” of the hospitals didn’t have cybersecurity training and awareness programs for their users.
The white paper outlines a need for the industry, its tech partners and government to address near-term, high-priority risk as well as long-term resilience.
For the former, Microsoft said its assessments of the rural hospitals' IT footprint suggest that an average $30,000 to $40,000 baseline investment would be needed on average for an independent rural hospital with 50 beds and 200 end users. Nationwide, that would be a $40 million to $45 million investment for all independent rural hospitals and a $70 million to $75 million investment for the entire rural hospital landscape.
In the longer view, “There is a compelling need for the healthcare industry, policymakers and funders, and technology companies to bolster resourcing and innovation across rural areas. Microsoft is committed to this effort and looks forward to working with public and private sector partners to advance a collaborative response in rural America,” the company wrote in the white paper.
To that end, Microsoft wrote in the blog post that it plans to expand its rural hospital support efforts in the coming months, including through the use of AI to streamline and automate hospital processes.
“In the coming months, Microsoft will continue to expand efforts to support rural hospitals, ensuring they have the tools and resources needed to mitigate cyber threats and enhance their overall resilience,” the company wrote in a blog post. “Leveraging AI for greater efficiency—by streamlining and automating some hospital processes—is just one way we are looking to provide support.”
Microsoft’s report notes the financial headwinds and tight budgets rural hospitals face play a role in their cybersecurity resiliency.
A recent report from healthcare advisory services firm Chartis found that 46% of rural hospitals are operating at a loss, and 432 are “vulnerable to closure.” A separate survey from Wipfli found cybersecurity to be a rising concern among rural providers, with about 4 in 5 respondents saying they have increased their investment in cybersecurity technologies within the past year.