On July 4, just five hours after Joey Chestnut mowed down 70.5 hot dogs, President Trump signed legislation taking a big bite out of Medicaid.
To pay for Big Beautiful’s tax cuts, the bill reduces federal Medicaid spending by approximately $1 trillion from 2025 to 2034, according to estimates from nonprofit Kaiser Family Foundation (KFF). The bill limits state-provider tax arrangements (cutting $191 billion, according to the KFF analysis) and state-directed Medicaid payments (cutting $149 billion, the KFF says).
A June 24 examination from the Congressional Budget Office calculated that the bill’s Medicaid provisions would lead to 7.8 million uninsured individuals by 2034, and lower funds would result in states “reducing provider payment rates, reducing the scope or amount of optional services, and reducing Medicaid enrollment.”
With less money, Michael Hamilton, field CISO of Lumifi Cyber, sees rural hospitals (which rely heavily on Medicaid for revenue) sacrificing in an area they can ill afford to cut: cybersecurity.
“They’re not going to be investing in, ‘Hey, let’s get better at patching.’ They’re just going to try and keep their IT networks alive,” Hamilton told us.
“We are going to start seeing some ransomware or other kinds of extortion events that ultimately end up putting these hospitals out of business or forcing them into a fire sale.”
A Medicaid aide. Tim Powers faced ransomware when he was an executive at a Nevada hospital in 2021; the incident led to downed systems and encrypted files (and a monthlong move to pen and paper, Powers told us).
Now as CFO at nonprofit Idaho Hospitals Association, Powers acts as a “Medicaid guru,” assisting orgs with financial issues and helping facilities as new legislation impacts resources.
While Powers hopes orgs don’t compromise on cybersecurity services, it wouldn’t surprise him to see cyber cuts.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
“It’s all about patient care, and ‘Where can I put my best resources and efforts to take care of the patients in my community?’” Powers said. When hospitals consider costs associated with implementing a cybersecurity initiative, “they might think twice about it.”
Ready or got. A Microsoft-led white paper, released in March 2025, examined over 250 US rural hospitals and determined many struggle with basic cybersecurity practices like email security (65% of respondents admitted), multifactor authentication (69%), and network segmentation (62%).
In 2024, Microsoft launched its Cybersecurity Program for Rural Hospitals—a project offering US facilities free security assessments, training resources, and security-product discounts. More than 375 of the roughly 2,000 US rural hospitals are participating in Microsoft-funded cybersecurity assessments, the white paper revealed.
A Georgetown University study released in January found that in 15 states, at least 20% of working-age adults living in small towns and rural areas are covered by Medicaid.
“Large reductions in federal Medicaid funding would put the residents of small towns and rural communities and their healthcare systems at serious risk,” the report concluded.
Almost half (48%) of rural hospitals operated at a loss in 2023, according to the American Hospital Association (AHA). Total hospital expenses grew 5.1% in 2024, another recent AHA post revealed: labor spend accounted for 56% of hospital costs, drugs took up 9%, and “supplies” reached 13%.
In 2026, according to the July 4 bill, $50 billion over the next five years will be available through a Rural Health Transformation Program, following application proposals from states.
“We will be competing for those dollars with other entities. So, we have to put our best foot forward to make certain our members have front-and-center access to that cash available to them and cyber is a big piece of that,” Powers told us.