Unpacking the Impact of the White House’s Cybersecurity Allocations on Hospitals in 2025

The White House released its 2025 budget recently to demonstrate what President Biden intends to emphasize throughout the Executive Branch in the next federal fiscal year. The budget includes a number of priorities focused on lowering taxes for working Americans, countering the drug trade, and helping grow the economy. 

Also within the budget is substantial spending on cybersecurity priorities. 

These stated priorities include greater spending on securing healthcare organizations nationwide, increasing the budget of the Cybersecurity and Infrastructure Security Agency (CISA) to secure critical infrastructure nationwide, and allocating funds for the Department of Justice to improve their ability to pursue cyber criminals and cyber threats. 

Each of these plans and priorities could drive improvements in defending critical systems from attackers, interrupting the activities of cybercriminals globally, and replacing criminal websites with takedown notices. For now, let’s take a deep dive into each priority to understand its potential impact and why this perspective matters.

Healthcare Cybersecurity Spending Backstops Under-Resourced Facilities 

In the 2025 budget, the White House proposed higher spending for healthcare cybersecurity in recognition of the increase in ransomware attacks against hospitals and other medical facilities over the past few years. To start with, the budget includes $800 million to go toward helping what it calls high-need, low-resourced hospitals cover the costs of implementing cybersecurity practices and solutions. It also includes $500 million to launch an incentive program for all hospitals.

Budget has long been an issue in healthcare cybersecurity. Hospitals have historically spent 6% or less of their IT budget on defending critical systems, according to HIMSS data. There has been some increase in 2023, according to the most recent information from the HIMSS 2023 Healthcare Cybersecurity Report, but there are still hospitals with budgetary challenges limiting their spending on cyberdefense. 

The inclusion of incentives for well-resourced hospitals and programs for smaller facilities in the 2025 White House budget makes it clear that this administration understands the necessity of strong cyberdefense in the healthcare industry. Given that around 30% of rural hospitals are currently at risk of closure from one bad cyberattack, it’s imperative that these facilities find a way to invest in their defenses. 

The allocation of new funding for these hospitals to invest in their security could make the difference between continuity of care and a facility closing to leave behind a healthcare desert. The White House allocating this funding, depending on its management, could have a transformative effect on the security of smaller facilities.

Infrastructure Security and Coordination Draws White House Attention

Threat actors have repeatedly targeted critical infrastructure recently. According to the FBI’s annual Internet Crime Complaint Center report, there were 1,193 ransomware attacks against 14 critical infrastructure sectors in 2023. These attacks represent an acute danger. These firms, including oil and gas facilities, water treatment plants, electric companies, and sewer facilities face attacks from nation-state groups seeking to disrupt their government’s enemies. Disrupt operations at an electricity company or a water treatment plant, and it’s possible to sow chaos in a society. In fact, attacks against critical manufacturing companies grew 140% in 2022, making it imperative that these vital systems be protected. 

These security challenges create substantial issues for critical infrastructure companies, especially related to coordination and understanding how to best defend themselves against ransomware, malware, and disruptive attacks designed to sow chaos. It’s the job of the Cybersecurity and Infrastructure Security Agency (CISA) to ensure that critical infrastructure organizations have what they need to prevent attacks. 

To assist with CISA’s mission, the 2025 White House budget includes a $3 billion budget for the agency, an increase of $103 million over the 2023 enacted level. The funding includes: 

  • $470 million to deploy Federal network tools, including endpoint detection and response capabilities; 
  • $394 million for CISA’s internal cybersecurity and analytical capabilities; 
  • $41 million for critical infrastructure security coordination; and 
  • $116 million for critical infrastructure cyber event reporting. 

These budgetary numbers can be transformative in terms of cyberdefense coordination. CISA is instrumental in supporting critical infrastructure companies to defend their systems. Any budget that can be added to that mission could make a difference in defending the companies that keep the critical functions of modern society running.                 

More Resources to Take On Emerging Cyber Threats

The third major cybersecurity initiative in the 2025 White House budget focuses on improving the ability of the FBI to pursue cyber threats and the national defense infrastructure to perform counterintelligence. The goal of the Budget’s investment in the Department of Justice is to sustain and improve the FBI’s cyber and counterintelligence investigative functions. 

The investments include an additional $25 million to enhance those cyber response and counterintelligence capabilities. There’s also $5 million to expand a new section within the DOJ’s National Security Division that focuses on cyber threats. The additional investments that President Biden wants to make in taking on cyber threats are aligned with the National Cybersecurity Strategy that emphasizes a whole-of-nation approach to addressing ongoing cyber threats. The Budget also provides $2 million for the DOJ to support the implementation of Executive Order 14110, “Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence.”

The FBI’s takedown of Lockbit in partnership with Europol and the U.K.’s National Crime Agency in February is just the most recent example of the work that law enforcement can do to subvert the activities of cybercriminals. Increasing the funding that allows that work to be performed may not eliminate cybercrime, but it could make it substantially more difficult for threat actors and cybercrime groups to operate. 

More focus needs to be paid to the growing number of cyberattacks facing companies throughout the United States. The additional funding for cybercrime pursuit allocated in the 2025 White House budget demonstrates a recognition of the work that the DOJ continues to do with frustrating cyberattackers.

Final Thoughts

The state of modern cybersecurity is fraught with challenges. Healthcare organizations face resource constraints and a rise in attacks creating substantial difficulties in ensuring patient outcomes. Critical infrastructure faces more disruptive threats potentially impacting our society, while law enforcement plays whack-a-mole with cybercriminals worldwide. 

This new White House budget shows that President Biden and his administration understand the challenges facing the modern enterprise. Additional funding and coordination can make a difference in organizational resilience, especially in a challenging security environment.

To learn more about Asimily, download our IoT Device Security in 2024: The High Cost of Doing Nothing whitepaper or contact us today.

IoT Device Security in 2024 The High Cost of Doing Nothing | Asimily

Reduce Vulnerabilities 10x Faster with Half the Resources

Find out how our innovative risk remediation platform can help keep your organization’s resources safe, users protected, and IoT and IoMT assets secure.