I am sure most of you read the story from Christian Vasquez in CyberScoop about the unrelenting attacks on rural healthcare providers by initial access brokers and ransomware groups.

Looking at collected data, states with a large rural population suffer an outsized number of ransomware attacks based on population. But, even when they don’t, attacks on large healthcare providers disproportionately impact rural areas where they may not have enough resources to survive service disruptions caused by ransomware attacks to large providers.

The linked report from the Foundation for the Defense of Democracies is worth reading in full and there are a lot of excellent ideas in the report.

There are two recommendations from the report that I want to focus on:

1. Create a Rural Hospital Cybersecurity Workforce Development Strategy

2. Develop Regional Contingency Plans for Healthcare Providers

We talk a lot about solving the rural healthcare provider ransomware problem by throwing money at it. But, money will not solve the problem without the right personnel in place to manage the technology. But, I also wonder how some of these hospitals that are struggling to make ends meet would feel about hundreds of thousands of dollars being allocated to cybersecurity when they are struggling to find the budget to cover basic healthcare needs for their patients (I’ve had similar conversations with small towns who have some of the same concerns).

I wonder if an MS-ISAC model might make more sense, where there is more centralized monitoring and alerting that covers many hospitals at once. The hospitals would need assistance to get logging set up and running, but it would allow for more effective use of people and resources while improving security overall.

The 2nd point, regional contingency plans, are also critical. Some rural hospitals are 50 miles or more away from the next closest hospital. This makes it harder to make regional contingency plans, but it still needs to be done, ideally in person. Not only do rural hospitals have to plan for what happens when they, or one of their “neighboring” hospitals, are hit with a ransomware attack, but what are you going to do if a national provider is hit and staff have challenges filling prescriptions, making appointments or treating patients. Ideally, tabletop exercises like these can be led by HHS or the Health-ISAC, organizations that have experience with everything that can go wrong during one of these attacks.

We need more focus on protecting rural healthcare, not just from cyberattacks but from everything impact these organizations. But my focus is on cybersecurity, so I am going to focus on how we can make that better.

Yours Truly Dollar #4 Kickstarter is Live!

The Kickstarter for our last Yours Truly, Johnny Dollar comic book is live and we could really use your support! In this issue (surprisingly relevant) Johnny has to deal with the fallout of a ransomware attack agains the UK Healthcare system. We’ve hit our funding goal, but I would love it if we could get to 100 backers and show the world that there are more ways to tell cybersecurity stories than through PDF and PowerPoint.

Thank you all for your support!