Monday, June 17, 2024

White House Forges Deal with Microsoft & Goggle to Help Cyber Defense for Rural Hospitals


Today's post is good news for healthcare and especially for patients who live in rural areas of the US.  The White House recently announced an effort to help protect the cybersecurity of hospitals through a partnership with Microsoft and Google.  As we all know data security is a serious issue.  Attacks using Ransomware are on the increase with healthcare attacks growing faster than any other sector.

Even well funded efforts have been defeated lately (see the post I made last week on UHG).  These attacks can, quite literally put hospitals in a situation where it impacts needed and sometimes emergency care.  This is especially a critical issue for rural areas where residents may only have a choice of one hospital.  In a major metropolitan area it can still wreak havoc, but patients at least have the potential of other hospitals in their area being unaffected and able to provide care.  That isn't the case if there is only one option.

To help with this issue in protecting rural healthcare, the Biden administration on June 10th announced that Microsoft and Google will both be working to help with the problem.  The American Hospital Association and the National Rural Health Association are also partnering in the initiative.

Microsoft has created the new Microsoft Cybersecurity Program for Rural Hospitals to help with this situation.  According to AHA...

For independent critical access hospitals and rural emergency hospitals, Microsoft will provide nonprofit pricing and discounts for its security products optimized for smaller organizations, providing up to a 75% discount. In addition, for some larger rural hospitals already using eligible Microsoft solutions, the company will provide its most advanced security suite at no cost for one year. Microsoft also will provide Windows 10 security updates to participating rural hospitals for at least one year at no additional cost, and the company will provide free cybersecurity assessments through Microsoft and its trusted partners to evaluate risks and gaps and offer free cybersecurity training to staff in rural hospitals.

 While the AHA states for Google...

Google will provide endpoint security advice to rural hospitals and non-profit organizations at no cost and a pool of funding to support software migration. In addition, Google is committing to launch a pilot program with rural hospitals to develop a packaging of security capabilities that fit these hospitals’ unique needs. 

This is a nice step forward in helping protect the care and lives of patients in rural areas.   The next step should be to improve small medical and dental practices in those areas.

Microsoft has a page detailing their involvement.  

1 comment:

  1. Oof--that's not gonna fix anything.

    Microsoft's products are the problem--no matter how steeply you discount them.

    Implementing a secure system in a Microsoft environment is extraordinarily difficult. Way more complicated than it needs to be.

    As a slightly unrelated example, I recently had to do a very simple IT task. Set a standard desktop background on ~800 computers. Simple enough with Group Policy...except they want some dynamic information on the wallpaper that something like bginfo can't provide...and we can't use bginfo from systinternals either for...well...reasons.

    Ok--this should be simple enough--it's probably just a registry key that needs to get tweaked somewhere.

    I was wrong. Over 50 lines of powershell later, including hooks to user32.dll and shell32.dll...and you can reliably set the background about 50% of the time. It jumps to ~80% if you add a "start-sleep -seconds 5" in the script. And the desktop will apparently eventually update at some point over 30 minutes. Just not immediately. Of course all those calls to user32.dll and shell32.dll look sorta like a virus...which caused more problems.

    Fortunately, I also had to push it out to 30 Linux boxes.

    One-liner: gsettings set org.cinnamon.desktop.background picture-uri https://portal.--redacted--.tld/background.img?&someparam=somevalue

    I wrote the tool to dynamically generate desktop images in Python *and* deployed it to Linux boxes in under an hour. We're at 8 hours and counting trying to figure out the convoluted mess of Windows Registry keys and 1995-era API calls.

    Microsoft deliberately makes it difficult so point-and-click admins will buy things like InTune (horrible licensing) to accomplish their tasks.

    I wish more Dentists would embrace web-based dental software...and I wish x-ray and IO cam vendors would expose their sensors directly as a "webcam" so web-based dental software could directly snarf the image up instead of having to rely on a Windows-only app to interface between the sensor and the website.