Latest News

HHS agency unveils program to boost US hospitals’ cybersecurity

Written on May 31, 2024
Advanced Research Projects Agency for Health (ARPA-H), an agency of the US Department of Health and Human Services (HHS), has launched a new cybersecurity program to safeguard the country’s hospitals from cyberattacks. 

Known as Universal PatchinG and Remediation for Autonomous DEfense (UPGRADE), this program will allocate over $50m to develop tools that aid IT teams in defending hospital environments.  

The aim is to develop a software suite to detect potential vulnerabilities in digital hospital ecosystems and offer quick fixes.  

ARPA-H identifies the diversity of internet-connected devices in each facility as a significant challenge in advancing cybersecurity tools within the health sector.  

This signifies that unlike consumer products, which are regularly patched, updating critical hospital infrastructure can cause substantial disruptions while slow development/deployment of software fixes can leave supported devices exposed to risk for extended periods.  

To address this, UPGRADE will draw on the expertise of IT staff, health care providers, human factors engineers, cybersecurity experts and medical device manufacturers to develop a scalable and customized software suite for hospital cyber-resilience.  

The UPGRADE platform will assess potential vulnerabilities by testing digital hospital environment models for software weaknesses. 

Upon identification of a particular threat, a remediation, such as a patch, can be developed or produced automatically, followed by testing it in a model environment and final deployment causing minimal interruption to hospital devices.  

In addition, the program will focus on protecting all systems and networks of medical devices, ensuring the deployment of solutions at scale. 

The agency said it will soon issue a solicitation for proposals on four technical areas, including development of high-fidelity digital twins of hospital equipment, creating a vulnerability mitigation software solution, auto-developing custom defenses and auto-detecting vulnerabilities. 

Related Upcoming Events