Why rural hospitals face greater cyberattack risks

Rural hospitals across the US are particularly vulnerable to cyberattacks, including ransomware, which can cripple operations, endanger patient care, and push struggling hospitals toward financial collapse. These hospitals often lack the financial resources and specialized cybersecurity personnel needed to defend against increasingly sophisticated cyber threats. When targeted, the impact extends to the patients in rural communities that face longer travel times for medical care, increased health risks, and greater financial strain.

According to research from the School of Public Health at the University of Minnesota on what happens to rural hospitals during a ransomware attack, “For patients seeking care who must bypass a hospital experiencing a ransomware attack, we show that travel time and distance to the next closest non-attacked hospital was 4-7 times greater for rural ransomware-attacked hospitals than for urban ransomware-attacked hospitals.” 

This shows the dangers impact cyberattacks can have on rural healthcare facilities, which are already struggling to provide the necessary services.

Limited cybersecurity resources and workforce challenges

Many rural hospitals operate on tight budgets, making it difficult to invest in the cybersecurity infrastructure necessary to protect patient data and critical systems. 

The study elaborates, “Rural hospitals have lower levels of cybersecurity preparedness. For example, they are less likely to report the use of technologies designed to minimize unauthorized access to electronic systems, such as email protection systems and multifactor authentication.” 

Ultimately, the lack of security infrastructure creates an open door for cybercriminals.

The struggle to maintain a skilled cybersecurity workforce further exacerbates the issue. Many rural areas lack trained IT professionals who specialize in cybersecurity, making it difficult for hospitals to defend against attacks. 

The study notes, “This is likely due to a combination of fewer financial resources and workforce-related challenges hiring trained cybersecurity professionals in rural areas to implement these technologies.” With fewer experts on staff, rural hospitals remain easy targets for hackers using ransomware and other forms of cyberattacks.

The disruptive impact of ransomware attacks

“An estimated 3 out of 4 ransomware attacks on hospitals result in some type of operational disruption, which is the highest rate of operational interruption for any type of healthcare provider experiencing ransomware attacks,” the study states.

These disruptions often include:

• Electronic system downtime: Critical patient data becomes inaccessible, limiting the hospital’s ability to provide immediate care.
• Cancellations of scheduled care: Appointments, surgeries and other procedures can become delayed or outright canceled.
• Ambulance diversion: “Ambulance diversion (i.e., the redirection of ambulances from the intended destination hospital to an alternative facility due to temporary capacity constraints at the former)” becomes necessary, delaying patients’ urgent medical attention.
• Revenue loss: The study found that “Reductions in revenue of 21%-28% across all types of health care provided by rural hospitals [while temporary] may have devastating consequences, given the more precarious financial position of rural hospitals compared to their urban counterparts.” Furthermore, lower revenue can push struggling hospitals closer to permanent closure.

The study also notes that system downtime can make it difficult to access and update patient charts, order follow-up care, and even allow patients to view their own medical records. Consequently, hospitals are unable to provide the same level of care, further jeopardizing patient safety.

A recent example of such disruption occurred in November 2024, when Memorial Hospital and Manor, a rural medical facility in Bainbridge, Georgia, suffered a ransomware attack that compromised the sensitive information of approximately 120,000 individuals. The attack, claimed by the Embargo ransomware group, rendered the hospital’s digital systems inoperable, forcing staff to rely on paper-based record-keeping.

The attackers reportedly exfiltrated 1.15 terabytes of data, including Social Security numbers, medical records, and insurance details, later publishing it on a dark web leak site. 

In response, Memorial Hospital and Manor notified affected individuals, reported the breach to regulatory authorities, and offered one year of complimentary credit monitoring and identity theft protection.

While the hospital has stated that there is no evidence of misuse, exposed data could be exploited for identity fraud or phishing scams. 

This attack also severely disrupted patient care with offline electronic systems offline and delayed scheduling, medication tracking, and diagnostic processes, forcing healthcare providers to work under strained conditions. For rural hospitals operating with limited staff and resources, these disruptions can have cascading effects, making it even harder to deliver effective care.

Patient risks and increased travel burden

The study explains, “During the first weeks of a ransomware attack when hospital volume is down, patients who would have received care at the attacked hospital must either forgo care or travel elsewhere.” It could be a serious problem for patients who rely on their local hospital for emergency and routine medical services.

For emergency cases like heart attacks or strokes, every minute counts. The study warns, “For rural patients experiencing emergency medical conditions such as heart attacks and strokes, wherein minimizing the time to treatment is highly predictive of survival, the additional time it takes to reach a fully functioning hospital is potentially deadly.” 

Moreover, delayed care can worsen health outcomes and mortality rates. Many patients who would typically visit a nearby rural hospital may choose to delay or avoid care altogether. 

The study suggests that this could “potentially result in higher spending and worse health outcomes in the future.” Patients who delay preventive care are more likely to develop complications that require more expensive and intensive treatment later on.

Rural hospital closures due to cyberattacks

Cyberattacks can push already struggling rural hospitals to the brink of closure, like the case of St. Margaret’s Health in Illinois, which became the first hospital to cite a cyberattack as a reason for shutting down permanently. As rural hospitals continue to face financial instability, the additional burden of a ransomware attack can be the final blow.

When a hospital shuts down, local economies suffer, jobs are lost, and access to healthcare dwindles. The study warns, “Given the ongoing issue of rural hospital closures, alongside subsequent impacts on the local economy and access to care, policymakers and rural stakeholders should pay particular attention to the impact of ransomware attacks and their implications for rural hospital viability.” 

Related: Understanding government funding for cybersecurity in telehealth

Reducing the risk of ransomware attacks

Rather than waiting until closure is imminent, rural hospitals should take proactive measures to secure patient data. Establishing cybersecurity protocols well in advance prevents breaches and safeguards patients’ protected health information (PHI).

1. Implement secure communication practices

Rural healthcare organizations must use HIPAA compliant cybersecurity solutions to mitigate the risk of ransomware attacks before financial struggles escalate. 

HIPAA compliant email solutions, like Paubox, use multi-factor authentication, advanced encryption and access controls to safeguard PHI during transmission and at rest, mitigating the risk of potential data leaks.

These solutions also uphold federal regulations, helping the organizations avoid costly HIPAA violations.

2. Transfer or archive patient records securely

Hospitals must comply with HIPAA’s 6-year retention requirement for securing patient records, as improperly stored records can lead to unauthorized access, exposing hospitals to liability and patient privacy violations.

More specifically, these hospitals must:

• Encrypt and securely transfer patient data within the hospital’s network or to an authorized external provider.
• Store archived records on a protected, monitored server with strict access controls.
• Restrict access to only authorized personnel to prevent data breaches.

3. Strengthen IT infrastructure to prevent abandoned systems

Rural hospitals often struggle to maintain up-to-date IT security, making them vulnerable to attacks. These organizations must properly decommission old systems, including regularly monitoring servers, devices, and email accounts.

For example, forgetting to update software patches can leave these hospitals susceptible to cyber threats.

So, organizations must regularly update and patch systems to close known security vulnerabilities, audit network connections, eliminate unused access points, and follow NIST-compliant data destruction methods. 

4. Restrict access for former employees immediately

Rural hospitals often operate with small IT teams, making it difficult to track and disable employee credentials immediately. Like when a terminated employee still has access to email system weeks after leaving, causing major security risks. 

To prevent unauthorized access, hospitals must:

• Disable email accounts, VPN access, and electronic health records (EHR) logins immediately when an employee leaves.
• Remove former staff from all internal communication channels and databases.
• Conduct regular audits to verify that no unauthorized access points remain.

5. Conduct cybersecurity training for employees

Employees must understand how to recognize phishing emails, protect patient data, and respond to potential security threats.

Training programs should include:

• Teaching staff to identify phishing attempts and social engineering tactics.
• Enforcing multi-factor authentication for all email and system logins.
• Providing HIPAA compliance training on securely handling electronic records.

FAQs

What is a data breach?

A breach occurs when an unauthorized party gains access, uses or discloses protected health information (PHI) without permission. Breaches include hacking, losing a device containing PHI, or sharing information with unauthorized individuals.

See also: How to respond to a data breach

What is PHI?

Protected health information (PHI) includes any information about health status, provision of health care, or payment for healthcare that can be linked to an individual.

Who does HIPAA apply to?

HIPAA applies to covered entities, which include healthcare providers, health plans, and healthcare clearinghouses. It also applies to business associates of these covered entities. These are entities that perform certain functions or activities on behalf of the covered entity.