[LINK] Should Australia should ask Microsoft and Google etc the same questions?

Stephen Loosley stephenloosley at outlook.com
Thu Jun 13 13:26:52 AEST 2024


US secures Microsoft, Google commitments for free rural hospital cyber 
services


By David DiMolfetta, Cybersecurity Reporter, Nextgov. JUNE 10, 2024
https://www.nextgov.com/cybersecurity/2024/06/us-secures-microsoft-google-commitments-free-rural-hospital-cyber-services/397232/



US secures Microsoft, Google commitments for free rural hospital cyber 
services

The White House is hoping more tech and cyber firms will sign on.

Microsoft and Google will commit free and low-cost cybersecurity 
resources to some 2,100 rural hospitals across the U.S. as part of a 
White House-led initiative to bolster the healthcare sector’s 
cybersecurity posture.

The commitments announced by deputy national security advisor for cyber 
and emerging technology Anne Neuberger follow a slew of recent 
cyberattacks on the healthcare sector that have crippled prescription 
routing supply chains, snarled claims processing and forced ambulances 
to divert away from certain hospitals.

Microsoft will offer grants and discounts of up to 75% on security 
products tailored for smaller care centers, as well as larger rural 
hospitals already using the company’s services. It will also provide its 
most advanced security suite for free for one year, offer gratis 
cybersecurity assessments for qualified providers and provide training 
for hospital staff.

In parallel, Google will offer free endpoint security consulting and 
stand up a funding pool to assist hospitals with software migration. It 
will also launch a pilot program to help the hospitals develop 
customized security packages that address their unique infrastructure needs.

The National Security Council reached out to multiple firms to gauge 
interest in providing the services. Microsoft and Google “were the two 
that raised their hands” but the White House is hoping more will get 
involved, said Neuberger in a Sunday call with reporters to preview the 
announcement.

Hospitals receiving the services span the country, from Maine to Texas 
and the Midwest. Rural hospitals, defined as being more than 35 miles 
from another hospital, have become a top issue for NSC because patients 
have to travel further to access care if they are impacted by a cyber 
intrusion.

“What we’re trying to do is help the most vulnerable hospitals and, 
frankly, the hospitals that typically have the least resources,” 
Neuberger said. The Biden administration is preparing to roll out 
minimum cybersecurity standards for hospitals but the U.S. faces a 
likely challenge of pushing unwanted regulations on the private sector.

“Part of the challenge for us we find is that we see people often want 
it both ways,” she said. “They don’t want regulation. They don’t want 
the government saying they need to do some key things to stay safe. But 
as attacks rise — without those key steps — companies are more 
vulnerable than they need to be.”

A February cyberattack on UnitedHealth’s Change Healthcare unit caused 
massive cascading impact in what was arguably the largest cyberattack on 
the U.S. healthcare industry to date. Some 36% of respondents to a 
recent American Medical Association survey experienced claim payment 
suspensions, while 32% said they were unable to submit claims 
altogether. It highlighted how a “single point of failure” can enable 
one cyberattack alone to cause hampering effects on a number of people.

A separate hack into Ascension’s healthcare network last month has 
crippled multiple hospitals’ operations over the past several weeks, 
forcing ambulances to divert as staff take systems offline.

Healthcare infrastructure is a treasure trove for hackers because it 
often contains digital repositories of sensitive patient information 
that, if pilfered, can be sold to other criminal cyber operatives for 
use in extortion or fraud schemes.

Hackers frequently target hospitals by quietly injecting malware into 
their networks that holds sensitive data or essential systems hostage in 
exchange for a ransom payment, known as ransomware. Paying cyber ransoms 
is a difficult decision and hotly debated topic, as victims have to 
deliberate in a matter of days or hours over whether cybercriminals will 
keep their promise to return stolen data once payments are made out.

A February intelligence community analysis says cyberattacks against the 
healthcare sector skyrocketed 128% in 2023, with 258 known victims that 
year versus 113 in 2022.

--


More information about the Link mailing list