For any hospital or health system with a 60%+ percentage of Medicare/Medicaid patients, the upcoming cuts authorized in the Big Beautiful Bill will impact you and your cybersecurity budget. But there are proactive steps you can take to prepare for the reductions coming in 2027.
That’s the topic explored in detail in the new Fortified webinar entitled “Rethinking Your Cybersecurity Budget in Tight Times.” Hosted by Fortified CISO Russell Teague, the webinar welcomed two guests from Georgia: Stuart Samples, CTO at Northeast Georgia Health System, and Ross Youngdale, System Director of Technical and Security Services at Phoebe Health.
Reframing your Cybersecurity Budget Story
As the webinar explains, now is the perfect time to reframe cybersecurity as a patient safety/business uptime initiative, rather than viewing it merely as a cost center. Remind your senior leadership that ransomware downtime can delay diagnoses and treatment, while eroding patient trust.
It’s also a great time to remind your C-suite leaders that health systems of all sizes can be brought to their knees by just one ransomware incident. In 2024, the massive Ascension Health system suffered a $1 billion loss due to ransomware downtime, and it took the company a full year to return to profitability. For small and rural hospitals, an event of that magnitude could result in bankruptcy.
Management’s #1 Mistake
In lean financial times, hospital management’s most glaring mistake is to cut people first. Security tools are ineffective if you don’t have trained personnel to utilize them. Staff reductions leave the hospital with blind spots because there’s no one to respond to what the tools reveal.
Areas Of Concern
The webinar also reveals that there’s already considerable confusion surrounding the CMS’s newly announced $50 billion Rural Health Transformation program. States control the distribution of those dollars, but there’s uncertainty about how to get in line.
Other dark clouds on the horizon include looming HIPAA and CISA interoperability mandates because they’ll need to come with support to be effective. There needs to be a greater push for unified EHR platforms like the one introduced in the state of Washington.
7 Tips for Protecting Cybersecurity Budgets
Our trio of experts made these helpful suggestions for how to protect your cybersecurity budgets in the leaner days ahead:
- Focus on the basics – Demonstrate to management that every dollar you’re spending is helping to improve patient care and safeguard the security of protected health information (PHI).
- Don’t chase “shiny objects” like overhyped AI products – Educate senior management about AI’s double-edged sword. AI is essentially hyper-automation through API. Management needs to be aware that AI is making third-party risk evaluation more challenging – and that malicious actors are already leveraging AI against hospitals.
- Prioritize risk – Any expenditure that helps protect the availability of your EHR, pharmacy, imaging, and medical devices is a wise investment.
- Maximize the effectiveness of the tools you already have – It’s important to have regular optimization calls with your vendors. You’re already paying for these tools, so how can you utilize them more effectively?
- Determine whether MSSP outsourcing can save you money – Getting help from a fractional vCISO can be very cost-effective, freeing your staff members for other duties.
- Get up-to-date threat intelligence – Your likeliest threats are probably the ones that are just emerging. Don’t stubbornly insist on fighting the last war when you need to be looking ahead for tomorrow’s threats.
- Save money and gain new tools through early license renewals – Many vendors will reward you if you commit early to a license renewal. They’re sometimes willing to give you access to new tools and technologies in the final year of a three-year subscription.
In cybersecurity budget-conscious times, your main message to management needs to be that cybersecurity is the cornerstone of patient safety, not a compliance must-have or a money-draining cost center.
Watch the full webinar on demand here.
