Microsoft and Google have announced initiatives to provide free or discounted cybersecurity services to rural hospitals across the United States, aiming to reduce their vulnerability to cyberattacks that can disrupt patient care and threaten lives, the White House and the tech firms reported on Monday.
Microsoft will offer free security updates, assessments, and staff training for eligible rural hospitals, as stated in a communication to CNN. Google will offer free cybersecurity advice and launch a pilot program to align its services with the specific needs of rural hospitals.
Approximately 1,800 rural community hospitals in the U.S. are highly susceptible to ransomware attacks due to limited IT security resources and a lack of cybersecurity-trained staff. These hospitals often serve as the sole medical facility within extensive areas, making them critical for emergency care; hence, a ransomware attack that disables a hospital’s operations can be life-threatening.
This initiative stems from private discussions between the tech companies and officials at the White House National Security Council, who are increasingly worried about cyber threats to hospitals. The goal is to leverage the widespread use of Microsoft and Google software in hospitals nationwide to strengthen the healthcare sector’s cyber defenses.
“We’re in new territory as we see this wave of attacks against hospitals,” Anne Neuberger, the top cyber official at the White House National Security Council, stated on Sunday.
Additionally, the Biden administration is preparing to implement minimum cybersecurity requirements for U.S. hospitals. While details are yet to be finalized, the American Hospital Association opposes the proposal, arguing that it would unfairly penalize hospitals that fall victim to cyberattacks.
A Growing Problem Ransomware attacks on the U.S. healthcare sector surged by 128% in 2023 compared to 2022, as per the Office of the Director of National Intelligence. Recent attacks have underscored the sector’s vulnerabilities.
In February, a ransomware attack on a major health insurance billing firm disrupted billions of dollars in health provider payments and pushed some clinics toward bankruptcy. UnitedHealth Group, whose subsidiary was compromised, paid a $22 million ransom to recover patient data, potentially affecting one-third of Americans.
In another incident in May, a ransomware attack on one of America’s largest hospital chains endangered patients’ lives as nurses had to manually input prescription information, multiple nurses told CNN.
Despite efforts by the FBI and international allies to dismantle ransomware gangs and unlock victim computers, ransomware remains a lucrative business. U.S. officials attribute this to the impunity enjoyed by many perpetrators operating from Russia.
The healthcare sector is particularly appealing to attackers because hospitals under pressure to resume patient services often choose to pay the ransom.
“We do see a much more permissive environment in Russia by both hacktivists and criminals, and it’s of concern,” Neuberger stated. “We also see more and more companies paying ransoms. And every ransom payment feeds the beast and drives further attacks.”
Cleveland Cyberattack Shuts City Hall Cyberattacks have also disrupted other critical services.
The City of Cleveland is investigating a cyber incident, according to a Sunday night statement from Mayor Justin Bibb’s office. As a precaution, City Hall was closed on Monday.
Cleveland also shut down all internal systems and software, although essential city services like the Department of Public Safety, 911, police, fire department, ambulances, and the Department of Public Utilities remained operational.
“The City of Cleveland is currently investigating a cyber incident and though we have not confirmed its nature and scope, we are taking this incident seriously,” Bibb’s office stated. “We are working expeditiously to rectify the situation as soon as possible.”