$50M to Protect Hospitals’ Digital Security

May 20, 2024

The U.S. Department of Health and Human Services (HHS) announced a $50 million project to help hospitals defend their digital systems from cyberattacks.

On Monday, the Advanced Research Projects Agency for Health (ARPA-H) announced the launch of the Universal Patching and Remediation for Autonomous Defense (UPGRADE) program, which will invest more than $50 million to create tools for hospital information technology teams.

“We continue to see how interconnected our nation’s health care ecosystem is and how critical it is for our patients and clinical operations to be protected from cyberattacks,” said HHS Deputy Secretary Andrea Palm in a statement.

Here’s what you need to know:

• The problem:  Health care organizations use a growing array of internet-connected devices that are unique to each facility. Each device adds another layer of complexity to ensure systems are updated with the latest security updates (patching).
• The challenge:  HHS is seeking to create an “autonomous cyber-threat solution that enables proactive, scalable, and synchronized security update.”
• The risk:  Delayed software fixes can leave active devices vulnerable for over a year and unsupported legacy devices vulnerable even longer. Bad actors are looking to exploit systems that aren’t up to date.
• Technical areas:  The grant has four technical focus areas related to creation of new mitigation platforms and new methods to “rapidly and automatically detect software vulnerabilities and then confidently develop defenses for each.”
• Quotable:  “It’s particularly challenging to model all the complexities of the software systems used in a given health care facility, and this limitation can leave hospitals and clinics uniquely open to ransomware attacks,” said UPGRADE Program Manager Andrew Carney.

Additional information about the program is available online.