During a time of increasing uncertainty surrounding federal cyber resources, particularly under the current Trump administration, cybersecurity experts emphasize the urgent need for states to bolster their support for healthcare entities and other critical infrastructure sectors. Mike Hamilton, the field Chief Information Security Officer at Lumifi Cyber, articulated his concerns, stating that reliance on federal assistance appears to be diminishing. In a recent interview with Information Security Media Group, Hamilton remarked, “With respect to the federal government, it is increasingly looking like we’re on our own. We are going to have to fill the gaps that are left by CISA.”
The declining personnel levels within numerous federal agencies, including the Cybersecurity and Infrastructure Security Agency (CISA), have raised significant questions about the continued availability of assistance for rural hospitals and other healthcare institutions that are stretched thin in their cyber capabilities. Hamilton underscored that, during the Biden administration, CISA had played a vital role by providing regional cybersecurity advisors and resources aimed at empowering local organizations with limited cybersecurity means.
Concerns have been mounting regarding whether programs like risk and resilience assessments will be sustained, along with uncertainty about the future of CISA’s public catalog of known vulnerabilities. He urged that states need to step in to support these sectors, suggesting that one avenue could include the establishment of internships with educational institutions specializing in cybersecurity. Such interns could help mitigate risks in rural healthcare settings by monitoring logs and identifying potential security incidents.
CISA has responded, asserting that the agency continues to offer a suite of services and resources aimed at enhancing the cybersecurity posture of healthcare organizations. A spokesperson for CISA noted that they work closely with interagency partners and healthcare sector stakeholders to provide valuable tools and services, including their Cybersecurity Toolkit for Healthcare and Public Health. This toolkit features best practices, guides, and access to free vulnerability scanning services, in addition to contact information for regional CISA teams geared to lend assistance.
In relation to broader impacts on rural healthcare providers, Hamilton highlighted that cuts in funding to Medicaid and other federal programs could further complicate their cybersecurity initiatives. This grim outlook is compounded by the need for affordable programs that can bolster cybersecurity measures in these critical healthcare environments.
The discussion also touched on the evolving regulatory landscape within the healthcare cybersecurity field, an area that is increasingly coming under scrutiny. Business owners across the nation must remain alert to these shifts, understanding that the challenges faced by rural healthcare providers relate not only to their operational capabilities but also to their overall resilience against cyber threats.
Amid these challenges, Hamilton’s extensive experience—spanning over three decades in technology and management—positions him as a key voice in the conversation around enhancing cybersecurity resilience. His history includes co-founding the security firm Critical Insight and serving as the former Chief Information Security Officer for the City of Seattle. As healthcare providers grapple with these formidable cybersecurity challenges, the need for comprehensive strategies and state-level support has never been clearer.
Given the evolving nature of cyber threats, business leaders must be prepared to combat issues stemming from initial access, privilege escalation, and persistence—tactics identified within the MITRE ATT&CK framework. Understanding these adversary techniques can help organizations fortify their defenses in the face of increasingly sophisticated cyber risks.
