News

Microsoft Launches Cybersecurity Program for Rural Hospitals

• By Gladys Rama
• 06/10/2024

Microsoft on Monday opened registration for a new cybersecurity and training program designed to help hospitals that serve sparsely populated areas.

The Cybersecurity Program for Rural Hospitals provides free or affordable security and technical support, including patches, as well training to hospitals in rural areas in the United States.

The definition of "rural" depends on the agency, but the U.S. Health Resources & Services Administration, which is linked in Microsoft's program registration page, generally considers the following types of regions to fit the bill:

• Non-metro counties.
• Areas that cover at least 400 square miles with a population density of 35 people or fewer per square mile.
• Outlying metro counties without an urbanized area.

Hospitals in these types of areas are sorely lacking in IT resources, Microsoft argued in a blog post Monday, leaving their patients especially vulnerable to cybersecurity attacks, which have been on a steep and steady increase. According to the U.S. Cyber Threat Intelligence Integration Center (CTIIC), for instance, ransomware attacks against health institutions almsot doubled worldwide between 2022 and 2023. In the U.S. alone, the number of incidents increased by 128 percent.

The impact of security attacks on healthcare goes beyond IT, given how much personal data hospitals have and the time-sensitive medical procedures they need to perform. Medical ransomware attacks can have fatal results; a recent Rubrik study found that ransomware directly contributed to at least 42 deaths in the United States between 2016 and 2021. As a result, the CTIIC classified the healthcare industry as "highly vulnerable."

Rural hospitals are even more so. "In rural communities these attacks can be devastating," Microsoft said, "particularly to smaller, independent Critical Access and Rural Emergency hospitals with limited means to prevent and remediate security risks and often the only healthcare option for many miles in the communities they serve."

To bolster these institutions' security arsenals, Microsoft has launched its Cybersecurity Program for Rural Hospitals, in collaboration with the American Hospital Association, the National Rural Health Association and the Biden White House.

The program aims to give rural hospitals access to Microsoft technologies and support they might not otherwise be able to afford, given their relatively thin resources. Under the program, qualified hospitals will receive the following perks:

• Subscriptions to Microsoft security solutions at nonprofit pricing, translating to discounts as high as 75 percent.
• Free one-year licenses to Microsoft 365 E5 Security for hospitals that already use Microsoft products.
• At least one year of free Windows 10 security updates. (Windows 10 22H2, the last version release of Windows 10, will fall out of support in October 2025. Organizations that want to continue to receive Windows 10 security updates from Microsoft after that date face hefty fees.)
• Free cybersecurity assessments designed to identify potential weaknesses in a hospital's infrastructure.
• Free cybersecurity training for hospital staff.
• Access to grants and discounts.
• Access to Microsoft's new Rural Health AI Innovation Labs.

Interested organizations can apply to the program here. Only U.S. hospitals that are classified as "rural" can qualify. Non-U.S. hospitals, ambulance companies, outpatient facilities, hospitals that are part of larger networks and insurance companies are not eligible.