By Amber Walker, Grants Development Associate (Healthcare & Human Services)
As 2024 has ended, the state of hospital cybersecurity has come into focus. One thing is clear, hospitals are at an increased risk of cyber security attacks and attacks are getting more prevalent each year. Due to the nature of hospitals being technology-reliant, complex organizations with very sensitive personal data, they are especially vulnerable. These security breaches not only affected more than 182.4 million people in 2024, but they were also the cause of long-reaching IT outages across healthcare systems. Looking ahead, threats and security breaches are not expected to slow down. Experts are looking at trends in health service delivery to identify new avenues for ransomware attacks, data theft, and destabilization. The rise of telehealth services and remote patient monitoring increases the vulnerability and potential exposure of sensitive patient data.
As threats to hospitals and healthcare organizations increase, stakeholders from all areas recognize the severity and the long-term implications of the situations. From federal and state provisions, grant funding, and corporate programs, things are coming together to protect patients and hospitals.
For instance, at the federal level, new bills have been introduced, such as the “Healthcare Cybersecurity Act of 2024” proposed by a bipartisan group of senators would require the Cybersecurity and Infrastructure Security Agency (“CISA”), in coordination with HHS, to enhance the cybersecurity of healthcare and the public health sector.
Individual states, like New York, are beginning to implement their provisions for hospitals and the healthcare sector. In October New York adopted regulations that would have implications for reporting incidents, cyber security, senior-level, or executive training on cyber security policies, testing and record maintenance, and more.
Grant programs at the state and federal levels aim to strengthen the cyber security posture of the nation’s hospitals and healthcare systems. Programs like the Physical and Digital Infrastructure Security Grant Program in California, The Delta Health Systems Implementation Program (multi-state), or the Non-Profit Security Grant Program (federal passthrough funding to all states) administered by the Federal Emergency Management Administration (FEMA) all include cyber security measures as a potential project focus.
Corporations are also joining the efforts to curb cyber security attacks against the nation’s healthcare systems. Both Google and Microsoft have established programs to aid organizations as they protect themselves and their patients. Google’s Rural Healthcare Cybersecurity Initiative - offers eligible rural healthcare organizations access to technology, consulting and support services, and security training resources at a discount or no cost to strengthen resilience to cyberattacks. Additionally, the Microsoft Security Program for Rural Hospitals – provides help to rural hospitals to keep their health services safe and secure with affordable access to Microsoft security solutions and building cybersecurity capacity.
Health and Human Services’ department also provides valuable resources to healthcare systems across the country. To learn more about the free educational platform available, visit the knowledge on-demand page covering cyber security topics like terminology, top threats, preparedness, and resilience. https://405d.hhs.gov/knowledgeondemand
Protecting the nation's healthcare system and hospitals across the country from cyber security attacks should be of the highest priority for decision-makers in the healthcare industry and the governments shaping regulations. Although 2024 was a record-breaking year for the number of attacks and patients and individuals affected, multiple strategies are being deployed simultaneously to reverse this trend. As healthcare systems continue to increase their reliance on telehealth services, AI diagnostics, and remote medical devices, they must also expand their efforts to secure and protect those systems.