Dec 06 2021

Cloud Adoption and Partnerships Help Rural Hospitals Improve Cybersecurity

Budget constraints can make investing in cybersecurity difficult, but there are options available to providers.

About 57 million Americans depend on rural hospitals for their healthcare, according to the American Hospital Association.

Because of low population density in rural areas, hospitals there often have low patient volumes that can lead to high relative operating costs. This makes investment in cybersecurity more challenging. Already vulnerable due to precarious financial situations and personnel shortages, rural healthcare providers also face an increased risk of cyberattacks.

New threat vectors and vulnerabilities continue to emerge as Internet of Medical Things devices proliferate in the clinical environment. Ransomware attacks on hospitals have spiked in recent years. Budget constraints can make it more difficult for rural hospitals to prevent and respond to rapidly evolving cyberthreats. However, there are steps these organizations can take now to help improve their approach to cybersecurity.

Click the banner below to dig deeper into cybersecurity and incident response with planning guidance from CDW.

Assess the Security Environment for Vulnerabilities

Recently, the Health Sector Cybersecurity Coordination Center, which is the cybersecurity arm of the U.S. Department of Health and Human Services, issued a threat briefing on the risks of "zero-day attacks.” Though mitigating such attacks completely is difficult, the center recommended patching devices early and often.   

The presence of so many connected devices can make hospitals prime targets for cyberattacks.

Rural hospitals should assess their IoMT devices and adopt new strategies to secure their clinical environments. Network assessments and monitoring tools, combined with new artificial intelligence platforms can help protect against malicious actors who seek to exploit vulnerabilities in IoMT devices.

It’s also critical to take stock of endpoint devices, such as desktop computers and laptops. Rural hospitals often lack a consistent refresh cycle for this equipment, and running an outdated operating system on a hospital network can present an increased security risk. Layers of security are required to protect these devices, not just traditional anti-virus software and firewalls.

MORE ON SECURITY: Find out 5 steps to secure Internet of Medical Things devices.

Develop and Adopt a Cloud Strategy for Rural Healthcare

A strong cloud strategy can help reduce risk. If a rural hospital can serve up applications and store critical data in the cloud, it can essentially leverage state-of-the-art cybersecurity solutions that it might not otherwise be able to afford if it continued to store data locally on-premises.

A cloud provider has the resources to invest in intrusion prevention, intrusion detection and more sophisticated security solutions than a rural hospital might be able to.

Collaborate with Security Partners to Protect Rural Hospitals

Rural hospitals often have limited local resources and smaller IT staffs compared with their urban counterparts. They also face challenges recruiting the staff needed to address the ever-evolving cybersecurity landscape.

If a rural hospital is willing to employ a partner for remote managed services, that can take some of the pressure off the local IT team and ensure the adoption of proper security practices. 

The landscape of security vendors is much more crowded than it was a decade ago, but the right partner can help rural hospitals find the right mix of solutions to create a layered protection model that will limit the risk of a breach.

READ MORE: Learn why partnerships are important to healthcare security and incident response.

Incident response retainers can help in the event of a cyberattack, giving a hospital’s IT staff comfort that there is a team of experts on tap to help customers remediate in such crises.

A partner that provides remote managed services can also offer a sophisticated network operations center or a Security Operations Center as a Service. Local IT teams can then be freed up to handle other issues as the managed service provider focuses on assessing risk, and managing the network and security environments.

Hiring someone to manage a security operations center is the best plan for rural hospitals that don’t have the money to build their own. Some partners also can provide CISO as a Service options: For hospitals that can’t hire dedicated CISOs, this service is like a consulting engagement to plan a three- to five-year strategy to improve their security postures for better preparation against future attacks.

This article is part of HealthTech’s MonITor blog series. Please join the discussion on Twitter by using #WellnessIT.


JuSun/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.