Microsoft working to help protect IT systems of rural hospitals
CHERYL SCHWEIZER | Hagadone News Network | UPDATED 3 days, 19 hours AGO
Senior Reporter Cheryl Schweizer is a journalist with more than 30 years of experience serving small communities in the Pacific Northwest. She began her post-high-school education at Treasure Valley Community College and enerned her journalism degree at Oregon State University. After working for multiple publications, she has settled down at the Columbia Basin Herald and has been a staple of the newsroom for more than a decade. Schweizer’s dedication to her communities and profession has earned her the nickname “The Baroness of Bylines.” She covers a variety of beats including health, business and various municipalities. | March 24, 2025 1:15 AM
MOSES LAKE — Information is valuable in the Information Age, to good actors and bad actors alike. And unlike precious metals or stacks of cash, people sometimes don’t know how valuable information is, or that it can be vulnerable to attack.
Erin Burchfield of Microsoft Philanthropies said rural hospitals are an example.
“Healthcare is uniquely targeted because of the value of the data,” she said.
According to Forbes magazine, health care accounted for about 23% of all data breaches in 2024. Forbes estimates the value of stolen medical records could be as much as $1,000 per record.
Hospitals, especially rural hospitals, are also targets for ransomware attacks. The nature of the business means health care organizations are more likely to pay the ransom, Forbes said.
Burchfield said most cybercriminals are more interested in stealing data to ransom it.
“Ransomware is the number one type of cyberattack that’s facing rural hospitals, and the data that we have shows that the average cost to get that data back is around $4.4 million,” she said. “If they choose not to pay, then they need to rebuild their entire IT system.”
A complete rebuild is just as expensive, and can affect patient services while a system is under repair, he said.
“The range (to rebuild) is similar, in terms of what ransomware attackers are charging, for having to rebuild everything,” Burchfield said.
A report co-written by Burchfield and two fellow employees cited the case of Sky Lakes Medical Center in Klamath Falls, Oregon. The hospital spent an estimated $10 million to rebuild its system after deciding not to pay the ransom.
Typically, cybercriminals don’t target individual hospitals, she said, but rather conduct a mass attack that hits a lot of systems at once. Criminals also benefit from advances in tech as they conduct their operations.
“There are now automated tools to conduct ransomware attacks, and there’s an entire industry that’s been created called ransomware as a service, where you can rent tools to do a cyberattack,” she said. “It was sort of mind-blowing to me, when I did more research on this, (seeing) just how pervasive this is.”
Rural hospitals are more vulnerable to attacks, she said, because they don’t always have the money to keep their information technology up to date.
“It’s not that cybercriminals are trying to target the rural hospital. It’s that when they do these spray attacks, they get through at rural hospitals because (those hospitals) lack resources,” she said.
Cybercriminals take advantage of outdated technology, but they also exploit mistakes made by people using the systems they’re attacking.
“There’s research that shows that 80% of the cyberattacks that do get through are attributable to user error,” she said. “Somebody hasn’t logged out of the system. Somebody clicks on the blue link (in a phishing email). A big issue for a lot of these hospitals is they don’t have the time to put together the basic training guidance.”
Microsoft Philanthropies has started a program to help rural hospitals, focusing on critical access hospitals. Critical access facilities meet specific federal guidelines to get the CA designation.
The program includes three hospitals in Grant and Adams counties, Burchfield said, but declined to say which participated specifically in order to not put them at risk of being targeted.
It offers a security assessment to qualifying hospitals, as well as training in how to avoid errors that might lead to security vulnerabilities. Microsoft also offers IT systems at a reduced cost to qualifying hospitals that include current security programs, and that can be updated.
MORE STORIES
EXPLAINER: Why the Colonial Pipeline hack matters
Columbia Basin Herald | Updated 3 years, 10 months ago
ARTICLES BY CHERYL SCHWEIZER
Othello man arrested after Moses Lake standoff
MOSES LAKE — An Othello man was arrested Wednesday afternoon for hit and run and outstanding warrants after he briefly barricaded himself in a Moses Lake home.
Report expected by October on Othello pool options, cost
OTHELLO — What to do about the Othello Community Pool will be the subject of a study that should be completed by October. A meeting of a community committee tasked with coming up with a recommendation is scheduled for Friday. Committee members and city officials will be meeting with consultants from NAC Architecture and Trinity NAC, Spokane, sometime in the next two weeks.

Quincy's Kondo named Coach of the Year
Mentoring athletes toward a 'positive and wholesome experience' key for Jacks coach
QUINCY — Quincy High School girls head wrestling Coach Mark Kondo said that for him being a good coach started in the classroom. “The quality that makes a good teacher translates to making a good coach, as far as being organized, as far as being able to break learning down into meaningful segments and teach that, as far as building relationships,” Kondo said.