Estimated reading time: 3 minutes
Survey Reveals Widespread Vulnerabilities in Rural Hospitals
Hospitals and healthcare providers across the United States face growing risks from cyberattacks that can disrupt patient care, expose sensitive data, and drain financial resources. As cybercriminals target outdated systems and under-resourced IT departments, many facilities, particularly small and rural ones, struggle to keep up. A new report from Black Book Research reveals the extent of these challenges, showing that cybersecurity vulnerabilities have worsened sharply in 2025, especially in hospitals threatened by Medicaid funding cuts. One element of the report that stands out; Over half (54%) of those surveyed have been denied cyber liability insurance coverage, further impacting their cyber resilience.
Staffing and Infrastructure Gaps Leave Hospitals Exposed
Most small and rural facilities lack proper security personnel and tools. 73% lack a strong cybersecurity infrastructure, and 68% have no full-time cybersecurity lead.
“Small and rural hospitals are on the frontline of America’s healthcare cybersecurity crisis.”
Doug Brown, Black Book Research.
Cyber Threats Increase as Medicaid Cuts Force Spending Reductions
Sixteen percent of hospitals have delayed or cut cybersecurity spending due to funding concerns. These delays are widening their exposure to attacks.
Many Hospitals Lack Cyber Monitoring and Response Plans
Only 28% of hospitals have tested their response plans. Most rely on untrained IT staff to manage incidents without 24/7 threat detection.
Crisis on the Frontline of Healthcare Cybersecurity
“Small and rural hospitals are on the frontline of America’s healthcare cybersecurity crisis,” said Doug Brown, founder of Black Book Research. Hospitals still use outdated systems, such as Windows Server 2012. At 69% of facilities, cybersecurity gets less than 4% of the IT budget.
Urban Hospitals Echo the Concern
All twelve urban safety-net hospital executives surveyed stated that cybersecurity would be one of the first items to be cut if Medicaid funding is reduced.
“This dangerous trend is consistent… cybersecurity is the first line-item cut—even though administrators recognize the catastrophic risks involved,” Brown said.
One Minute Watch – Healthcare Cyber Insurance: NIST Framework Adoption Reduces Premiums by 33%
Top Cybersecurity Vendors Supporting Small Hospitals
Hospitals rely on five main cybersecurity vendors:
- Microsoft: Offers subsidized tools via its Rural Hospital Cybersecurity Program.
- Lumifi (Critical Insight): Specializes in MDR and SOC-as-a-Service.
- Censinet: Provides risk management for third-party compliance.
- Cisco Secure: Delivers comprehensive threat protection solutions.
- Fortified Health Security: Offers managed services and consulting tailored to healthcare.
Strategic Partnerships Needed for Cyber Resilience
“If not urgently addressed, this cybersecurity gap threatens the health and privacy of millions of rural Americans,” Brown emphasized.
Survey Accuracy and National Representation
The report reflects responses from 187 out of 1,796 rural hospitals, with a 95% confidence level and a ±6.8% margin of error.
RELATED NEWS
