November 14, 2024: Join Sarah Richardson and Kate Gamble as they discuss how limited resources and aging infrastructures make rural hospitals vulnerable to attacks—and explore the proactive steps being taken to safeguard patient care and hospital operations. From federal grants to network segmentation and multi-factor authentication, this episode dives into the high-stakes world of cybersecurity for rural healthcare, revealing strategies that go beyond traditional IT solutions. Don't miss this crucial conversation on building resilience in the heart of our healthcare communities.
01:33 Strategies for Enhancing Cybersecurity
02:52 Grant Opportunities and Management
05:15 Collaborative Efforts and Conclusion
Alex’s Lemonade Stand: Foundation for Childhood Cancer Donate
Today in Health IT, we are discussing protecting our rural hospitals, a critical cybersecurity imperative. My name is Sarah Richardson. I'm a former CIO for several healthcare systems, most notably within HCA and Optum. And now president of This Week Health 229 Executive Development Committee, where we host a set of channels and events dedicated to transforming healthcare, one connection at a time.
And I am joined by Kate Gamble, Managing Editor here at This Week Health. Kate, welcome to the show. Thank you, Sarah. So today we're talking about protecting our rural hospitals, a critical cybersecurity imperative. And rural hospitals are increasingly targeted by cyber criminals due to limited resources and outdated infrastructure.
A proactive approach to cybersecurity we know is critical, focusing on foundational protections, people centered security, and resource allocation, including grants from federal programs. Cybersecurity is vital for rural healthcare continuity and patient safety, demanding action beyond IT to protect these community resources.
What I found most interesting is that rural hospitals have these limited budgets, aging systems, which makes them more vulnerable. And the importance of focusing on some foundational security elements such as network segmentation, access control, and backups. Also investing in cyber security training and using clear response protocols.
A big one that I found most interesting was leveraging the cloud. Federal grants for resources. So Kate, give me some of your thoughts on this one. Sure. And this is such an important topic. This article was actually written by Joey Menezes, who is the executive director of technology at Grady Health System.
And he's held a few different roles and has made it a point, to bring this issue to light. in his blog that he writes. And one of the things that really struck me was that he said the most vulnerable hospitals are unprepared to deal with the impact of digital extortion, and that the consequences of a ransomware attack can be particularly devastating for these facilities and their patients.
And it is so important that rural hospitals have access to resources that can help bolster their security while also providing training. And We're starting to see a lot of resources that are available for this now, which is absolutely critical. And actually our own Drex de Ford talks about this a lot on his Unhack the podcast, Unhack the news.
So check those out, but there are a lot of key resources that organizations can leverage to get funding on this. And getting a grant writer can be time and resource intensive. Target a grant strategy could significantly support a rural hospital in enhancing services and addressing vulnerabilities.
And while you think about being able to have that type of person either contracted or full time, it could be feasible with a strategic approach. What are some of the grant considerations that you found? So first you have to have a dedicated grant management, a small team or part time staff focus on grant applications to help streamline that process. And one of the things hospital can do is partner with regional health networks that provide this type of support, Because it is, as you said, time consuming.
And another thing is to prioritize high impact grants and target those grants that align closely with hospital needs, such as those for cybersecurity or telehealth, which may have higher success rates and immediate operational benefits. And what's also critical is to look for federal and state assistance programs like the USDA.
HHS's SHIP and HRSA are some of the ones that are targeted for rural hospitals, often with a simpler application process for facilities that meet the criteria. And another one, which is right up our alley, is leveraging local partnerships and collaborating with community health providers or state health agencies.
To improve application viability and extend some of those research sharing options. The thing about having a grant writer is they can do more than apply for these types of grants. It becomes part of the fabric of the organization. And like anything, we think about. The article talking about focusing on foundational security, network segmentation, access control, backups.
You're like, I do all of those things and I'm still at risk. What are some other things that I can do? And we think about maintaining a strong cyber hygiene, multi factor authentication, protecting against unauthorized access, especially for remote and high risk systems. You may find that more often in a rural environment because of the telehealth factor or other people remoting in to provide certain capabilities, the routine software patching.
Always making sure that the software and system prevents exploitation of known vulnerabilities. And I think of other things like data encryption and incident response planning. And then, of course, continuous monitoring and threat detection. When you use advanced monitoring tools, you enable early detection of suspicious activities, which can mitigate potential breaches.
I think about strengthening the fabric of your security program while you're strengthening the fabric of your grant program. Those things coming together to make sure that you have a really good approach for cybersecurity in a rural environment. Yeah, absolutely. These rural hospitals are sometimes the only source of care for ours.
And so it's so important that they're able to provide that care. This article really also does highlight the importance of leadership buy in for sustainable cybersecurity improvements, which is something that we hear a lot from CISOs about that importance of being able to get that buy in, to tell the story and to really show why this is so important.
And in fact, I'm giving Drex another shout out because he's really done so much to bring this community to light. But in a few of his interviews, They've called out HSCC's, cybersecurity Working Group, which has a cybersecurity strategic plan, and then CISA, the and Infrastructure Security Agency, which offers a lot of free resources. And it's so important to be able to take advantage of these and educate yourself and then, like we said, talk to other people, get in touch with other CISOs and find out what they're doing. People are very willing to share their best practices and talk about how they're dealing with the same issues.
And it's almost like patients that go into a self pay scenario and ask the hospital what percentage of the cost of services can be written off to have these conversations with your partners as well and say, this is what I can afford and how safe can you keep me? That then goes into the conversation about how robust your program is, what your cybersecurity insurance could look like, what your disaster response and continuity planning may look like.
All of these factors come and. I have yet to come across a partner who isn't willing to meet me where I am or help me, especially when they realize that patient care is on the line, and they could be one of the reasons that you have a better way of protecting that patient. Yeah, absolutely. As you said, the vendor partners can be such a great resource.
A lot of times, Much of the time they have that experience. They've been in hospitals, they've been in health systems and they have a different perspective, but they can even get you hooked into the community as well. So take advantage of all of that. And as we said before about grants, they are time and resource intensive, but they can really support rural hospitals in enhancing services and addressing the vulnerabilities and keeping patients safe.
Hey, thank you for always going the extra mile and digging into options for our listeners. And we encourage you to share this podcast with a friend or a colleague. Use it as a foundation for daily or weekly discussions on the topics that are relevant to you and the industry. 📍 You can subscribe wherever you listen to podcasts.
Thanks for listening. That's all for now.