Blog
Explore All Blog Posts

The Rural Healthcare Crisis: How Cybersecurity Threats Are Fueling Hospital Closures

Published on September 9, 2024
 
By: Richard Staynings, Chief Security Strategist
 
5 — minute read

The Rural Healthcare Crisis: How Cybersecurity Threats Are Fueling Hospital Closures

Rural America and urban America can often seem like two separate worlds, especially when it comes to healthcare access. The healthcare challenges in rural areas are exacerbated by financial strains, hospital closures, and an increasingly alarming issue—cybersecurity threats. The lack of rural healthcare access and cybersecurity challenges form a dangerous "Catch22" for rural providers, many of whom are already struggling to keep their doors open.

Rural Healthcare: A Critical Access Problem

In rural areas, essential medical services can be hours away. For example, if you need renal dialysis, chemotherapy, or radiotherapy, you might have to drive 2 to 3 hours to the nearest facility. For emergencies, such as a stroke or trauma, the gap between life and death can be defined by the distance to the nearest specialized center. For many medical services, rural residents often make do with what's available in their community—a midwife instead of a fully equipped maternity hospital. However, complications, like a high-risk pregnancy or early labor, can necessitate costly ambulance or air ambulance transport to a distant city hospital. For many today, accessing anything beyond basic medical care means a long trip to the nearest city. Unfortunately, as rural healthcare services continue to decline, these already tenuous situations become more perilous.

Rural hospitals and entire health systems are shutting down, and those that remain are cutting back on specialist services. The American Hospital Association (AHA) reports that 136 rural hospital closures occurred between 2010 and 2021, with a record 19 closures in 2020 alone. Beckers adds that nearly 200 rural hospitals have closed since 2005, and the pace is accelerating. Eight rural hospital closures were already recorded in 2023, equal to the combined total for 2021 and 2022, according to the Center for Healthcare Quality and Payment Reform.

Just last month, the Eastern Plains Healthcare Consortium (EPHC) in Colorado stated during its annual conference that 20% of rural hospitals in Colorado are at risk of closing. These hospitals need a 4% operating margin to replace equipment and maintain existing services, yet most are operating at a loss, some as much as -17%. EPHC estimates that around 30 rural Colorado hospitals will be forced to convert to emergency-only services to save closing altogether.

Cybersecurity Threats: The Silent Crisis in Rural Healthcare

While rural hospitals face numerous financial challenges, the impact of cybersecurity breaches has added another layer of complexity. Cyberattacks, such as the 2021 ransomware attack on an Illinois hospital that led to its closure by disrupting its ability to submit claims, thus debilitating its cash flow and financial stability, are crippling small healthcare providers. Another small hospital had its entire payroll stolen in a cyberattack, preventing it from paying any of its staff and placing it in financial peril. Without the financial resources to recover from such attacks, many rural hospitals are left unable to process claims or pay their staff, forcing them into closure or reducing services to emergency-only care.

The Change Healthcare cyberattack earlier this year has further exacerbated the situation. Many physicians are struggling to keep their practices afloat, according to the American Medical Association (AMA). While UnitedHealth Group (UHG) has offered some relief through Temporary Funding Assistance, this support is very selective, often excluding smaller providers from desperately needed aid, according to Richard Pollack of the AHA in a letter to UHG.

Challenges Facing Rural Healthcare Providers

Rural healthcare providers face numerous hurdles that make them prime targets for cyberattacks:

  • Financial difficulties from depopulation and a disproportionately high percentage of Medicare/Medicaid patients.
  • General resource constraints
  • Staffing shortages

Most notably, while urban hospitals can often call on dedicated IT and cybersecurity specialists, rural hospitals must make do with IT generalists who often lack the expertise needed to fend off the growing threat of ransomware and data breaches. Additionally, many of these hospitals operate on end-of-life computer hardware and medical devices that are no longer supported by vendors and are, therefore, highly vulnerable to security breaches. This limited resource pool, paired with the lack of budget for advanced security measures, makes rural hospitals a frequent target of Protected Health Information (PHI) breaches and other malicious attacks.

The Role of Managed Security Services in Protecting Rural Hospitals

To help alleviate these cybersecurity concerns and with an increasing number of medical and IoT systems being added to the network as hospitals undergo a digital transformation, many rural hospitals are turning to Managed Services Providers (MSPs) and Managed Security Services Providers (MSSPs). These outsourced experts manage a large number of hospitals simultaneously and, through a leveraged model, can provide point expertise as needed in more or less any technology or vendor system. They can also implement advanced SaaS tools from Cylera and others to identify the growing number of connected assets, evaluate threats, and prioritize risk remediation. Utilizing MSPs and MSSPs is rapidly helping to drive improvements in rural provider cybersecurity, especially in medical device security, a growing problem for all healthcare providers.

Furthermore, the new assistance program initiatives by the White House and the AHA offer free or heavily discounted cybersecurity resources from major companies like Microsoft and Oracle. Unfortunately, less than 20% of eligible hospitals are currently taking advantage of this free program, leaving many rural healthcare providers vulnerable. Only 350 of the 1,800 small and rural US hospitals are presently leveraging this assistance program.

Comprehensive Healthcare Reform: The Path Forward

While short-term improvements in rural hospital cybersecurity will help reduce the number of cyberattacks, they don't adddress the larger, structural issues that rural healthcare providers face. The continued closure of rural hospitals, alongside growing digital and financial challenges, calls for urgent healthcare reform. Rural hospitals are not just under threat from cyberattacks, but also from underfunding, staffing shortages, and outdated technology. While urban providers can rely upon numbers to maintain services and a plentiful supply of cybersecurity talent nearby to avoid the worst of the attacks, rural providers face almost insurmountable challenges. This is undoubtedly a larger political question of healthcare reform that the next administration will need to prioritize.

Protect Your Hospital: Explore Advanced Cybersecurity Solutions

To protect rural hospitals from further financial decline and cybersecurity threats, it’s crucial for healthcare providers to leverage managed services and seek out available government assistance. Learn more about how Cylera can help rural hospitals improve their cybersecurity posture with advanced solutions.

  • Richard Staynings, Chief Security Strategist

    Richard Staynings, a global cybersecurity advocate, renowned author, and public speaker, specializes in fortifying Healthcare and Life Sciences security. With extensive board service, including AEHIS and HIMSS, Richard advises governments and industry leaders on cybersecurity strategies. As Chief Security Strategist at Cylera, he continues to drive innovative security measures globally.

Recent Related Stories

General
How Cylera Helps AHA Members Align with HHS Cyber Performance Goals
In its July 24th, 2024 Cybersecurity Advisory, the American Hospital Association (AHA) announced new offerings from Microsoft, Google, Cylera, and…
Read More
Blog
HIMSS 2024 Recap
HIMSS 2024 Recap   Cybersecurity Imperatives for Healthcare in 2024  In the wake of an eventful week at HIMSS 2024,…
Read More
Healthcare Security
2024 Healthcare Cybersecurity Predictions
Navigating Healthcare Cybersecurity in 2024: Predictions and Strategies  The 2024 healthcare cybersecurity forecast signals a crucial need for preparedness. Looking…
Read More

Categories

Russia (2)
Medical Imaging (1)
HealthcareIoT (3)
IoT (1)
CCTV Cameras (1)
Incident Response (1)
Cybercrime (2)
HIPPA (1)
Healthcare (2)
Data Breach (1)
Technology Company (1)
FDA (1)
Aset inventory (1)
Risk Anaysis (1)
Ransomware (4)
GeoPolitics (1)
Cyberwar (2)
CNI (2)
Cybersecurity Talent (1)
Regulation (2)
Interview (1)
Webinar (1)
Fireside Chat. (1)
cybersecurity startups (1)
Password Policy (1)
Security Education (2)
Rural Healthcare (1)
AI (2)
Healthcare Security (4)
Cybersecurity (3)
Cyber Attack (4)
cyber threats (12)
risk mitigation (10)
remediation (2)
threat response (3)
technology (7)
Fraud (1)
VPN (1)
General (9)
ML (2)
Offensive AI (1)
Defensive AI (1)
Asset visibility (2)
Company (5)
Compliance (7)
inventory (3)
IoT Security (4)
Monitoring (1)
Medical Device Security (6)
Integrations (1)
data enrichment (4)

Connect