HHS to Invest $50M in Hospitals’ Cybersecurity Initiative

The Advanced Research Projects Agency for Health (ARPA-H) announced on Monday the launch of an initiative to develop tools that IT teams can add to their cybersecurity efforts. As part of the Universal PatchinG and Remediation for Autonomous Defense (UPGRADE) program, the agency will be investing more than $50 million for the development of tools.

“It’s particularly challenging to model all the complexities of the software systems used in a given health care facility, and this limitation can leave hospitals and clinics uniquely open to ransomware attacks,” Andrew Carney, UPGRADE program manager, said in a statement.

“With UPGRADE, we want to reduce the effort it takes to secure hospital equipment and guarantee that devices are safe and functional so that health care providers can focus on patient care.”

The recent Change Healthcare ransomware attack and Ascension outage have highlighted the fact that the healthcare sector lags behind other sectors in cybersecurity. Such incidents have the capacity to halt the operation of an entire system, including claims submission, payment processing, and even clinical care, resulting in substantial losses for providers and health systems and potential harm to patients.

“A lot of companies may not have a plan, or an updated plan, or may not have communicated it and had it tested,” Joi Lee, manager of cyber governance, risk, and compliance for Moffitt Cancer Center previously told HealthLeaders.