The U.S. Department of Health and Human Services (HHS) is launching a $50 million program to fund cybersecurity tools to protect hospitals from attacks.
This project comes as part of the urgent search for answers to address digital threats to the healthcare industry.
The Universal Patching and Remediation for Autonomous DEfense (UPGRADE) program “is designed to protect entire medical device systems and networks and enable solutions to be deployed at scale,” HHS said.
The Advanced Research Projects Agency for Health (ARPA-H), which runs the program, is seeking proposals from the private sector to build software platforms to mitigate vulnerabilities and systems to automatically detect vulnerabilities.
We also want to develop digital replicas of hospital equipment that can be tested and deployed in emergencies, as well as custom defenses for hospitals that can be created automatically.
“Modeling the full complexity of the software systems used in a particular healthcare facility is particularly difficult, and this limitation leaves hospitals and clinics vulnerable to ransomware attacks,” UPGRADE program manager Andrew Carney said in a statement. There is a possibility of exposure.”
“With UPGRADE, we want to reduce the effort it takes to equip hospitals and ensure devices are safe and functional so healthcare providers can focus on patient care.”
The announcement of this program coincided with yet another significant cyber incident impacting the sector. A cyber attack on the nonprofit healthcare system Ascension led to dozens of hospitals refusing to accept ambulances or canceling appointments, and several other medical institutions were attacked last month. The attack has been announced, and White House officials and lawmakers are considering legislation on how to respond. With an attack.
“We continue to recognize how interconnected our nation’s healthcare ecosystem is and how important it is to protect our patients and clinical operations from cyber-attacks,” said Andrea Palm, Deputy Secretary of Health. Stated.
HHS officials said in a statement Monday that one of the biggest obstacles to improving cybersecurity tools in healthcare is the diversity of internet-connected devices, many of which are taken offline for security patches. He said he couldn't do it.
Patches for devices used in hospitals and clinics also tend to take more than a year to develop, leaving them vulnerable for much longer than most consumer products, according to HHS.
Health-ISAC, a U.S. medical information sharing organization, said in a 2023 report that researchers had discovered nearly 1,000 exploitable bugs in medical products.
The agency hopes to reach a stage where remediation measures can be “automatically procured or developed, tested in model environments, and deployed with minimal disruption to devices in use in hospitals.”
ARPA-H Director Lenny Wegzin said the goal is to build “a more resilient health system that can last through a crisis.”
“UPGRADE reduces the time from detection of device vulnerabilities to secure automated patching to days, providing confidence for hospital staff and peace of mind for those receiving their care.” Wegrzyn said.
ARPA-H has launched other cybersecurity efforts in the past, including last year's Digital Health Security Initiative, which focused on protecting individual applications and devices.
recorded future
intelligence cloud.
learn more.
