Resources to Protect America鈥檚 Rural Hospitals from Cyberthreats

Feb 18, 2025 - 02:11 PM by
John Riggi, National Advisor for Cybersecurity and Risk, AHA
2025-cyber-blog-feb-900x400.jpg

Cyberthreats such as ransomware attacks are not just data-theft or financial crimes, but they also are threat-to-life crimes. And they are not just an IT issue 鈥 they pose a risk to every function of your enterprise. They are designed to shut down vital systems and cause maximum delay and disruption to patient care. They not only threaten the safety of patients in the hospital, but also their effects cascade throughout the entire community, posing a safety risk to everyone who depends on the availability of the nearest hospital in the event of a medical emergency.

These attacks also pose a risk to every hospital, clinic and emergency department in the surrounding region that may have patients diverted to them or depend upon the impacted hospital for clinical services such radiology or oncology. The combined regional impact and disruption to care delivery is what I call the 鈥渞ansomware blast radius.鈥 The impact of the blast radius is especially significant for rural hospitals.

Why It鈥檚 Vital to Protect Rural Hospitals

Approximately 60 million people living in rural areas depend on their hospital as an important and often the primary source of care in their communities, as well as a critical component of their region鈥檚 economic and social fabric. Yet rural hospitals鈥 limited access to technology, staff and financial resources constrains their ability to defend against the malicious actors behind today鈥檚 ever-escalating cyberattacks. They cannot do it alone.

That鈥檚 why the AHA is collaborating with multiple parties across the public and private sectors to support our rural members with cybersecurity risk mitigation. The AHA has long been committed to helping hospitals and health systems defend against and deflect cyberattacks.

Cybersecurity Resources for Rural Hospitals

Support for Cybersecurity Programs

The U.S. Department of Health and Human Services has outlined key cybersecurity performance goals (CPGs), yet rural hospitals often have limited resources and staff to achieve these benchmarks. Designed to defend against the most common tactics used by cyber adversaries to attack health care, the CPGs encourage the implementation of high-impact cybersecurity practices to help organizations better prepare for and mitigate cyberthreats.

Visit the AHA鈥檚 new Cybersecurity Support webpage to learn more about how the AHA鈥檚 cybersecurity provider partners, including AON; Censinet; Critical Insight, a Lumifi Company; and Microsoft, are providing dedicated resources and special offerings to help your organization meet the HHS CPGs.

Microsoft Cybersecurity Program for Rural Hospitals

In late spring 2024, the AHA and Microsoft partnered to launch the Microsoft Cybersecurity Program for Rural Hospitals, which includes free cybersecurity training for front-line workers and health care IT professionals. The AHA appreciates Microsoft鈥檚 commitment to supporting the unique cybersecurity needs of critical access hospitals, rural emergency hospitals and rural hospitals within a health system. Depending on the hospital鈥檚 rural status, it may be eligible for all or some of these powerful program elements:

  • Free curated learning pathways and resources.
  • Free cybersecurity risk assessments.
  • One year of free Windows 10 extended security updates.
  • Microsoft product discounts and offers, including nonprofit pricing for independent critical access hospitals and rural emergency hospitals.

.

AHA Preferred Cybersecurity & Risk Provider Program

Microsoft is one of the exclusive, highly reputable, qualified and accomplished service providers in our AHA Preferred Cybersecurity & Risk Provider Program. The program鈥檚 goal is to identify trusted providers with vetted services to help AHA member hospitals and health systems protect their patients and operations from cybersecurity attacks, physical threats and other enterprise risks. Learn more.

AHA Cybersecurity and Risk Advisory Services

Learn how my team and I can advise and assist in mitigating the many cyber and physical risks your organization faces.

Attending the 2025 AHA Rural Health Care Leadership Conference? Join me for these sessions:

Critical Response: Cybersecurity Tabletop Exercise for Rural Hospital Leaders 
Preconference session: Sunday, Feb. 23, 1:30-3:30 p.m. CT

Defending the Frontlines: Protecting Patient Care from Ransomware Attacks 
Tuesday, Feb. 25, 10:45-11:45 a.m. CT

 

Related News Articles

Headline
CISA releases guidance following reported legacy Oracle cloud breach
The Cybersecurity and Infrastructure Security Agency April 17 released guidance to reduce risks associated with a reported breach of Oracle cloud services.鈥
Headline
Agencies issue guidance on navigating deceptive online recruitment of current and former federal employees
The National Counterintelligence and Security Center, the FBI, and the Defense Counterintelligence and Security Center yesterday released guidance on鈥
AHA Cyber Intel
[Updated] 3 Must-know Cyber and Risk Realities: What鈥檚 Ahead for Health Care in 2025
While the rate of cyberattacks on hospitals has risen dramatically, the severity of the impacts has also grown exponentially. Let鈥檚 look at the state of cyber鈥
Headline
House subcommittee holds hearing on cybersecurity vulnerabilities in legacy medical devices
The House Energy and Commerce Oversight and Investigations Subcommittee April 1 discussed cybersecurity threats in legacy medical devices during a hearing. The鈥
Headline
ICYMI: AHA podcast discusses the innovative design for Novant Health's Breast Center
In this recent episode of AHA鈥檚 Advancing Health podcast, Sara Robinson, senior associate healthcare architect at McMillan Pazdan Smith Architecture, and Jamie鈥
Headline
Administration extends national emergency for cyber threats
The Trump Administration March 28 announced that it renewed for one year the public emergency for ongoing malicious cyber-enabled activities against the U.S.鈥