Topics
More on Privacy & Security

HIMSSCast: Cybersecurity often takes a back seat to clinical priorities at rural hospitals

You're always going to lose the battle between cyber defense and having enough nurses at the bedside, says security expert Kate Pierce.

Susan Morse, Executive Editor

Photo: Tetra/Getty Images

Rural hospitals are just as much a target of cybersecurity attacks as larger and more urban health systems, according to Kate Pierce, Fortified Health Security's senior virtual information security officer and executive director of Subsidy. 

Pierce was recently asked to testify before the U.S. Senate's Homeland Security & Governmental Affairs Committee about the cybersecurity challenges facing rural hospitals. Not surprisingly, the biggest challenges are money and staffing, she said. 

Among her requests to the committee was the establishment of a cyber security relief fund as part of the Federal Emergency Management Agency for hospitals to get immediate assistance following a cyberattack. The committee made no immediate recommendation, but Pierce is hopeful that action will be forthcoming this year.

"Cybersecurity is patient safety," Pierce said.

For more of Pierce's conversation, listen to her discussion with Susan Morse, executive director of Healthcare Finance News.

 

Talking Points:

  • Rural and smaller hospitals saw an increase in cybersecurity attacks In 2022, as hackers see these providers as the path of least resistance. 
  • Rural hospitals are having a hard time coming out of the COVID-19 pandemic because they don't see as many patients and don't have that income.
  • Rural hospitals have struggled to keep staffing, as everywhere else, and struggle with the expense of paying travel nurses.
  • Cybersecurity staff is also harder to recruit in rural areas.
  • In the financial trade-off between cybersecurity and having more nurses at the bedside, the need for nurses will win out.
  • If systems go down during a cyberattack, rural hospitals have a harder time diverting patients to other hospitals, since that could be 60 miles away.
  • Beyond patient records, medical devices, email and phones going offline during an attack, hospitals lose remote telehealth used in care.
     

More About This Episode: 

HIMSS23: Cybersecurity now a strategic imperative, experts say

How hospitals can financially measure the risk of cybersecurity attacks

Rural hospitals are more vulnerable to cyberattacks – here's how they can protect themselves

Top 10 privacy and cybersecurity stories of 2022
 

Twitter: @SusanJMorse
Email the writer: SMorse@himss.org