Small and rural hospitals are seeking strategies to find their way through the dangerous surge of healthcare cyberattacks. It’s a challenge for many of them.
For instance, most of the 550 or so rural hospitals working with Microsoft on cybersecurity training have struggled to maintain basic cyber hygiene practices, such as multi-factor authentication and timely patching of known vulnerabilities, the company noted last month.
Smaller hospitals have unique sets of challenges, and generally have fewer resources to allocate to cybersecurity. The bad guys know this, and often see them as prime targets for cyber exploits.
But by forming partnerships that help address technological and financial challenges, and devoting in-house resources to build stronger cultures of security, many hospitals are able to bolster their defenses and mitigate risk, says Jason Griffin, managing director of digital health/IT strategy and cyber practice at Nordic Global.
We spoke with Griffin recently to explore how rural healthcare providers can do more than simply survive when prioritizing cyber readiness: making use of managed security services, seeking private and public-sector technical support and participating in local or regional shared security initiatives.
Q. How are rural providers implementing cybersecurity protocols and tools, despite resource challenges?
A. Amidst growing threats against healthcare organizations, one of the biggest challenges rural providers face is a lack of dedicated cybersecurity staff. We’re seeing more rural hospitals partner with managed security service providers or tap into shared cybersecurity resources at the regional or state level. This way, they benefit from high-level expertise without hiring full-time security teams.
Rural hospitals are also prioritizing foundational security measures that offer the biggest impact with the lowest cost. Multi-factor authentication, regular phishing awareness training and network segmentation are some of the most effective first steps to reduce risk without a large investment.
Through the Rural Health IT Community, we’re helping hospitals explore funding opportunities and technology partnerships that make enterprise-level security more accessible. We connect them with federal grant programs, state-sponsored cybersecurity initiatives and private-sector partnerships that provide financial and technical support.
For example, some hospitals are tapping into Federal Communications Commission and Health Resources and Services Administration funding programs that subsidize the cost of IT modernization. Others are leveraging state-level cybersecurity resource centers that offer shared security services at reduced costs. We’re also working with technology partners, including Microsoft, to tailor cloud-based security solutions that are affordable and manageable for hospitals with limited IT staff.
Additionally, we are developing partnerships that provide expertise and ongoing cybersecurity support like regional security collaboratives, managed detection and response services and cybersecurity workforce-sharing programs.
Q. Which collaborative efforts can improve the vulnerability of rural hospitals to cyberattacks? And how can the private sector really help?
A. Collaboration is key to strengthening rural hospitals’ cybersecurity defenses because no single organization can tackle these challenges alone. Through initiatives like the Rural Health IT Community, we’re working alongside Microsoft and other industry partners to provide rural hospitals with the security tools, expertise and best practices they need to protect patient data and operations.
By participating in regional hospital collaboratives, rural providers can learn from each other’s security experiences, share cost-effective strategies and even form group purchasing agreements for cybersecurity solutions.
Public-private partnerships also play a role. Federal agencies, state health departments and private technology firms can work together to offer grant funding, shared security services and streamlined compliance support. We’re seeing more interest in state-sponsored cybersecurity resource centers that provide cyber risk assessments, real-time threat intelligence and incident response support.
Private companies can offer cybersecurity solutions tailored to rural healthcare’s unique budget and resource constraints. Many rural hospitals don’t have full-time cybersecurity staff, so technology service providers can help by developing managed security services that are affordable, scalable and require minimal in-house expertise.
Cost-sharing programs and flexible pricing models also make strong cyber defense more accessible. Security solutions that are often implemented for large health systems come with price tags that rural hospitals simply can’t afford. Private sector partners can offer discounts, tiered pricing models or group purchasing agreements to ensure that rural providers can adopt necessary security measures without breaking their budgets.
Private sector organizations also help by offering cybersecurity expertise and training. Rural hospitals need more than security tools – they need the knowledge to use them effectively. Private firms can step in by offering free or low-cost cybersecurity training, sharing threat intelligence and providing advisory support to help rural hospitals build a stronger security culture.
These companies can also be partners in advocating for policy changes and funding initiatives that support rural cybersecurity efforts. By working with industry groups and government agencies, private sector leaders can help push for federal and state funding programs that make cybersecurity improvements financially feasible for rural hospitals.
We need to move away from the idea that each rural hospital is solving these issues alone. Collaborative efforts make the difference between remaining vulnerable and building true resilience.
Q. How can rural IT teams move beyond surviving to thriving to growing and innovating?
A. The day-to-day reality for many rural IT teams has been about keeping the lights on – responding to cyber threats, managing legacy systems and stretching limited resources. But to truly thrive, rural hospitals need to shift from a reactive cybersecurity posture to a proactive, strategic approach.
A key step in this transition is modernizing IT infrastructure to prioritize security and scalability.
Cloud-based systems are not inherently more secure, so the transition must be taken on with care and intention. By adopting managed security services, rural hospitals can free up IT teams from constant troubleshooting and allow them to focus on innovation and long-term strategy. When cybersecurity is no longer a daily fire drill, IT teams can start exploring how technology can enhance patient care, operational efficiency and financial sustainability.
Collaboration is another essential factor. Rural IT teams shouldn’t feel like they’re on an island. Engaging with regional hospital collaboratives, participating in shared security initiatives and leveraging expertise from partners can allow these teams to gain insights, share best practices and access cutting-edge security tools that might otherwise be out of reach.
To move beyond survival mode when it comes to the workforce, rural hospitals should invest in ongoing cybersecurity training, mentorship programs and workforce-sharing models that allow them to access specialized expertise even if they can’t hire full-time security professionals.
Through initiatives like the Rural Health IT Community, we’re helping hospitals find new ways to build internal capacity while tapping into external support.
Rural IT teams should embrace cybersecurity as a foundation for digital health innovation. When security improves, hospitals can confidently explore artificial intelligence-driven clinical decision support, remote patient monitoring and data-driven care models that enhance patient outcomes.
Cybersecurity shouldn’t be seen as a burden. It enables growth, allowing rural hospitals to safely adopt new technologies that expand access to care in their communities.
Andrea Fox is senior editor of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.