Senators push bipartisan bill to shore up rural hospital cybersecurity

Legislation aims to address workforce shortage and training gaps at facilities serving 46 million Americans.

By admin

Jul 15, 2025, 12:20 PM

A bipartisan group of senators has reintroduced legislation to strengthen cybersecurity at rural hospitals, citing the urgent need to protect vulnerable healthcare facilities that serve as lifelines for millions of Americans but often lack the resources to defend against increasingly sophisticated cyberattacks.

The Rural Hospital Cybersecurity Enhancement Act, sponsored by Senators Mark Kelly (D-Ariz.), Josh Hawley (R-Mo.), and Maggie Hassan (D-N.H.), would require the Department of Health and Human Services to develop a workforce strategy for building cybersecurity expertise in rural healthcare facilities, create training materials for hospital staff, and provide annual reports to Congress on implementation progress.

The push comes as healthcare facilities face an unprecedented wave of cyberattacks. Health care had more cyberthreats last year than any other critical infrastructure industry, according to the FBI’s 2024 Internet Crime Report released April 23. A total of 444 reported incidents impacted health care, comprised of 238 ransomware threats and 206 data breach incidents.

Rural hospitals face unique vulnerabilities compared to their urban counterparts. They typically operate with minimal or no dedicated cybersecurity staff and struggle with basic security measures due to resource constraints.

Cyber workforce gaps

The cybersecurity gap at rural hospitals stems from fundamental financial and staffing challenges. Half of America’s rural hospitals are losing money and more than 700 rural hospitals, or 31% of the country’s rural hospitals, are facing the possibility of shutting down.

Research from Microsoft found that 60% of cybersecurity teams across various industries faced understaffing as of 2020, with hospitals experiencing particular difficulty filling these specialized roles — taking up to 70% more time than other IT positions.

Microsoft’s researchers examined over 250 rural hospitals and revealed widespread security gaps. Roughly 70% struggle with implementing multi-factor authentication, nearly two-thirds face email security challenges, and more than 60% have difficulty with network segmentation. Additionally, one-third need stronger cybersecurity requirements for their vendors and partners.

High stakes, high costs

When cyberattacks succeed at rural facilities, the consequences extend far beyond financial losses. Research indicates hospitals lose nearly $2 million daily during system downtime following ransomware incidents. These attacks typically disable critical electronic services, including medical records systems, for approximately 18 days.

When a rural facility goes offline due to cyber incidents, patients may need to travel significantly farther for care compared to urban areas where alternative hospitals are typically just blocks away.

“We saw this firsthand in Yuma, where a ransomware attack disrupted operations and put hundreds of thousands of patients at risk,” Kelly said in the press release. That attack at Yuma Regional Medical Center in April 2022 affected systems for several days and ultimately compromised the personal information of more than 700,000 patients, including names, Social Security numbers, health insurance information and limited medical information.

“We are giving rural hospitals the tools and workforce they need to strengthen their security and keep delivering care, especially as they navigate new digital reporting requirements.”