Dive Brief:
- Two Democrat senators are calling on the Trump administration to release a plan to boost cyber preparedness among rural hospitals as providers prepare for Medicaid cuts that could strain their finances.
- Rural hospitals are already vulnerable to attack, given their limited funds and access to cybersecurity personnel, Sens. Ron Wyden, D-Ore., and Mark Warner, D-Va., wrote in a letter to leaders of the HHS and CMS on Friday.
- And the massive tax and policy law recently signed into law by President Donald Trump could worsen the situation, according to the lawmakers. If rural hospitals have to operate under lower operating margins, they’ll be “less likely to prioritize spending on cybersecurity infrastructure” — putting patient care at risk, the letter from Wyden and Warner reads.
Dive Insight:
The letter asks HHS Secretary Robert F. Kennedy Jr. and CMS Administrator Dr. Mehmet Oz about what plans their agencies have to help small and rural hospitals implement cybersecurity performance goals, as well as whether they plan to finalize an update to HIPAA that would increase cybersecurity requirements proposed just before Trump took office.
The senators also questioned administration officials about how they will disperse a $50 billion fund for rural hospitals included in the GOP’s massive tax and policy bill.
The letter comes shortly after the “One Big Beautiful Bill” was enacted early this month, a huge piece of legislation that includes more than $1 trillion in cuts to federal healthcare funds, according to a report released Monday by the Congressional Budget Office.
Many of those cuts come from the safety-net insurance program Medicaid. The law’s policies will increase the number of uninsured Americans by an estimated 10 million by 2034, according to the nonpartisan budget scorekeeper.
That poses a significant financial concern for providers, especially those that serve large numbers of low-income patients and rural hospitals that rely more heavily on Medicaid reimbursement.
An analysis released in June by a group of Democrat senators found more than 330 rural hospitals were at high risk of cutting services, converting to a different type of facility or closing their doors if Medicaid funding is slashed.
The federal funding cuts could also worsen hospitals’ cyber preparedness, the senators wrote. Cybersecurity is a serious concern for the sector overall, which has managed a growing number of cyberattacks and data breaches over the past decade.
But rural and small providers in particular struggle to allocate funds toward cybersecurity. They’re also less likely to have staff dedicated to shoring up defenses.
Meanwhile, hackers know that these providers are highly motivated to return to normal operations in the wake of an attack, given the nearest hospital might require long travel times that could put patient lives at risk in an emergency, Wyden and Warner wrote.
A major reorganization at HHS — which cut thousands of jobs across the department — and a reported focus on reining in diversity, equity and inclusion programs instead of promoting cybersecurity at the Office for Civil Rights provides hospitals even fewer federal supports, they said.
“The lack of federal oversight and resources, coupled with historic cuts to Medicaid and the Affordable Care Act (ACA), only serve to increase rural and small hospitals’ cybersecurity vulnerabilities,” Wyden and Warner wrote.
In a statement, a spokesperson for the HHS said the department is “working closely with Congress to explore ways to support rural facilities in building greater cyber resilience.”
