As the healthcare sector continues to be targeted by ransomware attacks, the Department of Health and Human Services' research division announced it will invest more than $50 million in advanced healthcare cybersecurity tools.
HHS's Advanced Research Projects Agency for Health (ARPA-H) on Monday announced the Universal Patching and Remediation for Autonomous DEfense (UPGRADE) program. The goal is to build tools that help hospitals and health systems more easily discover and remediate cyber vulnerabilities within their systems.
Health Ministry Deputy Secretary Andrea Palm said in a statement that the new program will help build the Ministry's cybersecurity strategy in the healthcare sector.
“We continue to see how interconnected our nation's healthcare ecosystem is and how critical it is to protect patients and clinical operations from cyberattacks,” Palm said. “Today's announcement is an example of HHS's ongoing commitment to improving cyber resiliency across our healthcare system.”
UPGRADE program manager Andrew Kearney said a big challenge was modeling the complexity of the myriad software used in a given healthcare facility, and many facilities are exposed to ransomware attacks. Ta.
“With UPGRADE, we want to reduce the effort it takes to ensure hospitals are equipped and medical equipment is safe and functional so that healthcare providers can focus on patient care,” Carney said in a statement. “There is,” he said.
A special notice announcing the new project details how ARPA-H envisions a new program to develop “an innovative new cybersecurity platform for hospitals and health systems.” The aim is to help hospital IT teams manage the “highly complex” nature of many healthcare IT environments.
“UPGRADE envisions a semi-autonomous cyber threat mitigation platform that facilitates proactive, scalable and synchronized security updates that can adapt to any hospital environment and the broadest range of the most vulnerable equipment classes,” the special notice states.
“This software platform includes a set of tools that enable real-time assessment of potential vulnerabilities and the impact of corresponding security updates on hospital operations,” the notice continues. “This allows hospital decision makers to deploy security remediation measures without risking real operational downtime that threatens continuity of patient care.”
ARPA-H detailed how the program will focus on four different technology areas, including the creation of vulnerability mitigation software platforms; Developing “high fidelity” digital twins of hospital systems. Automatically detect cyber vulnerabilities. “Automatically develop” custom cyber defenses.
The research agency said it expects to receive multiple awards under the UPGRADE program. A Proposer's Day will be held on June 20th.
ARPA-H's new project comes amid an ongoing spotlight on cybersecurity in the healthcare sector in the wake of the Change Healthcare ransomware attack, a February cyber incident that took down the systems of a major healthcare transaction provider and paralyzed operations at hospitals and health systems across the country for weeks.
In addition to investigating the actions of Change Healthcare's parent company, United Healthcare, lawmakers are also pursuing the actions of the Department of Health, which oversees cybersecurity in the health care sector.
“We also need to evaluate the federal government's response, which plays a critical role in these efforts,” Sen. Mike Crapo (R-Idaho) said during a May 17 Senate Finance Committee hearing on the Change Healthcare breach. “HHS has a responsibility to serve as a central hub for coordination, gathering insights from other parts of government and the private sector to develop timely information about active threats and best practices for thwarting intrusions and resourcing if an attack occurs.”
HHS officials say they will enhance the role of the Office of Strategic Preparedness and Response (ASPR) to serve as a hub for the agency's cybersecurity efforts across multiple components and offices.
Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users in the European Economic Area.
