In this episode of The Two Minute Drill, Drex dives into the latest White House fact sheet on healthcare cybersecurity. Discover how Microsoft and Google are stepping up to support rural and nonprofit hospitals with new security initiatives, grants, and training. Drex shares insights, raises important questions, and offers a healthy dose of skepticism about these free offerings. Tune in to stay informed and vigilant in the ever-evolving world of healthcare cybersecurity.
Fact Sheet: https://www.whitehouse.gov/briefing-room/statements-releases/2024/06/10/fact-sheet-biden-harris-administration-bolsters-protections-for-americans-access-to-healthcare-through-strengthening-cybersecurity/
Remember, Stay a little paranoid.
Subscribe: https://www.thisweekhealth.com/subscribe/
Linkedin: https://www.linkedin.com/company/ThisWeekHealth
Twitter: https://twitter.com/thisweekhealth
Donate: Alex’s Lemonade Stand: Foundation for Childhood Cancer - https://www.alexslemonade.org/mypage/3173454
Everyone, I'm Drex, and this is The Two Minute Drill, where we do at least three stories at least two times a week, all part of one great community, the 229 Cyber and RISC community here at This Week Health. Of course, you know, ORDR is the exclusive sponsor of The Two Minute Drill. ORDR's cyber asset attack surface management product, Chasm, is available now in the AWS marketplace.
It's a great way to find and eliminate blind spots. Find out more at thisweekhealth. com slash ORDR. That's O R D R, This Week Health. Thanks for joining me today. Here's a thing you might want to know about. I'm going to talk about one item today, but there's several parts to it and it's important to the work we're all doing in cybersecurity and risk.
Earlier this week, a fact sheet was published by the White House that was focused on health care cyber, and I have to take it as a good sign, generally, that the White House is thinking enough about health care cyber security that they put out a document like this. Now, at the beginning of the document, they tout many of the things they've done over the past three and a half years to help make the nation and health care more secure.
Everything from cyber security performance goals to the upgrade patching research program recently announced. I talked about that in a previous two minute drill. But the interesting punchline to the document came in the form of two announcements on partnerships with private sector companies we all know and probably have some kind of a relationship with currently.
Microsoft is one of those companies. They're extending the non profit program to provide grants. And up to a 75 percent discount on security products to independent critical access hospitals and rural emergency hospitals. Larger hospitals already using Microsoft Security Solutions can get their most advanced security suite.
for one year at no additional cost. Microsoft also commits to providing free security assessments and free training for frontline staff and IT staff for eligible hospitals. They'll also extend security updates for Windows 10 for one year for free. On the face of it, that all sounds exciting. Like you, I love free stuff.
But we all know Microsoft stuff can be challenging to work with sometimes. And there's lots of caveats in this document that I need to better understand, like which hospitals are actually eligible, and what do you have to have already purchased to be eligible for some of the opportunities? And how in depth are the security assessments?
And how complete is the training? If you're doing nothing, then something is better than nothing. So this all could be good. But for those of you who know me, I'm always a bit suspicious about stuff that's free because I mean, my dog jackpot was free, but I've stopped counting how much money I've spent in food and vet bills and that heartworm thing and beef sticks and nail trimmings and dog walkers.
And when is he going to learn to pick up his own poop? But jackpot has added a ton of value. He's a very good boy. He watches the house when I'm out. He's the best exercise partner I've ever had. I wouldn't change a thing, but the local pound gave him away as free. And as it turned out, he actually costs a lot of money.
Now, the other company mentioned in the White House document is Google. They tell us in the fact sheet that they'll provide endpoint security advice to rural and nonprofit organizations at no cost. They also say they'll provide a pool of funding to support software migration. Which of course leads me to my next question.
What software are they trying to get you to migrate? Do you need to migrate that software or whatever it is? Given all the work that you have to do on your list, is software migration at the top of your must dos? There's a lot of questions. Google says they're committed to launching a pilot program with rural hospitals to develop a package of security capabilities that fit those hospitals needs.
And now look, I want to be optimistic about all of this. I really do. But the devil's in the details. I'm excited about the possibilities, but with 30 plus years in this business, I'm also a little skeptical. Free stuff on the surface is good, but every project you implement has a maintenance and operations tail, so go into this thinking clearly about the cyber strategy that you may have already committed to versus the strategy free offerings might force you into.
Stay a little paranoid. That's all I'm saying. Thanks as always to our partner ORDER, the Two and a Half Minute Drill's exclusive sponsor. ORDER can help with security hygiene by identifying assets with vulnerabilities, missing critical security controls, or out of date software. Check out thisweekhealth.
com slash ORDER for more information. And that's it for today's Two Minute Drill. Thanks for listening. And I'll say it again, stay a little paranoid. I'll see you around campus.