Sens. Ron Wyden, D-Ore., and Mark Warner, D-Va., are sounding the alarm over cybersecurity gaps at rural hospitals due to Medicaid funding cuts in the Big Beautiful Bill budget reconciliation package approved by Congress earlier this month.
In a July 18 letter, the senators are asking Health and Human Services (HHS) Secretary Robert F. Kennedy, Jr. and Centers for Medicare and Medicaid (CMS) Administrator Mehmet Oz for their plans to help rural hospitals protect themselves against cyberattacks.
“Trumpcare will harm the cybersecurity resiliency of rural and small hospitals just as this administration has chosen to gut cybersecurity operations at HHS,” Sens. Wyden and Warner wrote.
“As rural and small hospitals confront even lower operating margins due to Republican health care cuts, they will be less likely to prioritize spending on cybersecurity infrastructure,” the senators said. “The lack of federal oversight and resources, coupled with historic cuts to Medicaid and the ACA, only serve to increase rural and small hospitals’ cybersecurity vulnerabilities.”
Sens. Wyden and Warner explained that rural hospitals often cannot afford skilled cybersecurity teams, leaving them more vulnerable to cyberattacks.
The senators are asking Kennedy and Oz what their plans are to make sure that small and rural hospitals implement HHS’s Healthcare and Public Health (HPH) Cybersecurity Performance Goals.
These goals are voluntary and aim to help healthcare organizations prioritize the implementation of high-impact cybersecurity practices.
They also want to know if their agencies plan to provide resources – such as grant funding or technical assistance – to small and rural hospitals to meet the Cybersecurity Performance Goals.
Sens. Wyden and Warner are also looking for more details on the reconciliation bill’s “Rural Health Transformation Program,” which is slotted to receive $50 billion.
Specifically, they want to know what HHS and CMS plan to do to ensure funding spent “on technology-enabled solutions and information technology advances does not expose states or rural hospitals to cybersecurity vulnerabilities.”
“Members of Congress and the public deserve full transparency about these commitments and HHS’ plans to address the additional cybersecurity vulnerabilities that will be thrust on rural and small hospitals across the country because of the bill’s catastrophic cuts,” the senators wrote.
The two lawmakers are looking for a response to their questions by July 25.