Microsoft, Google offer free and low-cost cybersecurity services to rural hospitals

Hospitals are increasingly under attack from cybercriminals, with the healthcare sector reporting more ransomware attacks than any other critical infrastructure sector in 2023, according to FBI data.

Cyberattacks involving ransomware against the healthcare sector were up nearly 130% last year, data from the Office of the Director of National Intelligence show.

The roughly 1,800 rural community hospitals across the U.S. are among the most vulnerable to ransomware attacks because they often lack IT security resources and cybersecurity-trained staff. 

Healthcare-related cyber disruptions can be particularly disruptive to rural hospitals, which serve over 60 million Americans. Most rural hospitals are critical access hospitals, meaning they are located more than 35 miles from another hospital, which makes diversions of patients and staffing-intensive manual workarounds in response to attacks more difficult.

As part of its efforts to improve the resilience of the healthcare sector to cyberattacks, the Biden administration got commitments from major technology providers and private sector partners to provide free and low-cost resources for all 1,800 to 2,100 rural hospitals across the country.

Microsoft plans to roll out a new cybersecurity program designed to help rural hospitals boost their cyber defenses. The tech giant says it will deliver free and low-cost technology services for these hospitals, the company announced Monday.

For rural emergency hospitals and critical access hospitals, Microsoft will provide nonprofit pricing and discounts for its security products optimized for smaller organizations, providing up to a 75% discount, the company said. And for some larger rural hospitals already using eligible Microsoft solutions, the company will be providing its most advanced security suite at no cost for one year.

Microsoft will also provide free cybersecurity assessments by qualified technology security providers and free training for frontline and IT staff at eligible rural hospitals.

Additionally, the company will extend security updates for Window 10 to participating hospitals for one year at no cost.

Google will provide endpoint security advice to rural hospitals and non-profit organizations at no cost and a pool of funding to support software migration, according to the White House announcement. The tech giant also said it will launch a pilot program with rural hospitals to develop a packaging of security capabilities that fit these hospitals’ unique needs. 

The companies are working with the White House, the American Hospital Association and the National Rural Health Association on the rollout, adoption and effectiveness of the programs.

“Healthcare should be available no matter where you call home, and the rise in cyberattacks threatens the viability of rural hospitals and impact communities across the U.S.,” said Justin Spelhaug, corporate vice president, Microsoft Philanthropies, in a statement. “Microsoft is committed to delivering vital technology security and support at a time when these rural hospitals need them most.”

Microsoft will also provide free cybersecurity assessments through Microsoft and its trusted partners to evaluate risks and gaps and offer free cybersecurity training to staff in rural hospitals to help them better manage the day-to-day security of their systems.

“Rural hospitals face a unique challenge in cybersecurity, balancing limited resources with the increasing sophistication of cyberthreats, which puts patient data and critical healthcare infrastructure at risk,” said Alan Morgan, chief executive officer of the National Rural Health Association in a statement. “This important partnership with Microsoft will help ensure that rural hospitals are prepared in the future to meet this rising threat in small rural facilities.”

“Cyberattacks against the U.S. healthcare systems rose 130% in 2023, forcing hospitals to cancel procedures and impacting Americans’ access to critical care. Rural hospitals are particularly hard hit as they are often the sole source of care for the communities they serve and lack trained cyber staff and modern cyber defenses," said Anne Neuberger, deputy national security adviser for cyber and emerging technologies, in a statement. "President Biden is committed to every American having access to the care they need, and effective cybersecurity is a part of that. So, we’re excited to work with Microsoft to launch cybersecurity programs that will provide training, advice and technology to help America’s rural hospitals be safe online."

The AHA said it advised the White House, Microsoft and Google on the cybersecurity challenges facing hospitals and health systems.

"Cybersecurity is a top priority for America’s hospitals and health systems. It is also a shared responsibility,” said AHA President and CEO Rick Pollack in a statement. “While hospitals and health systems have invested significant resources to guard against cyberattacks, they cannot do it alone, which is why these commitments from Microsoft and Google are important."

Pollack added, "It’s no secret that many rural hospitals across America are struggling as they serve as a health care lifeline in their communities so keeping them safe is essential. The AHA appreciates the White House’s support of rural hospitals and health systems and looks forward to continuing to work with them and other stakeholders across government, law enforcement and the technology sector to expand these resources to all hospitals."

Editor's note: This story has been updated with information about Google's cybersecurity services for rural hospitals.