ARPA-H (the Advanced Research Projects Agency for Health), an agency under HHS, announced on May 20th the launch of a new cybersecurity effort aimed at helping IT teams secure and defend hospital and other healthcare networks. The program, Universal PatchinG and Remediation for Autonomous DEfense (or UPGRADE), is receiving over $50M in government funding to counter the increase in cyberattacks and ransomware targeting the healthcare industry.
Why UPGRADE?
This year’s cyberattacks against Change Healthcare and the Ascension health system have had serious and ongoing repercussions for healthcare providers and facilities, pharmacies, and patients alike. Both victims were large and so the effects were widespread, affecting operations (in both senses of the word) and finances and patient health. As Change Healthcare’s parent company UnitedHealth opted to pay the ransom in hopes of getting back up and running quickly, a precedent has been set and ransomware gangs may view the healthcare industry as more of a viable target now.
UPGRADE has as its goal the creation of an autonomous cyberthreat solution that can adapt to any hospital environment across multiple electronic devices. The program intends to work with equipment manufacturers, cybersecurity experts, and hospital IT staff. This group will develop a software suite to secure entire systems and networks of medical equipment for “hospital cyber-resilience.”
“It’s particularly challenging to model all the complexities of the software systems used in a given healthcare facility, and this limitation can leave hospitals and clinics uniquely open to ransomware attacks,” UPGRADE Program Manager Andrew Carney noted. The program will seek proposals to address creating a software platform to mitigate vulnerabilities, developing high-fidelity twins of hospital equipment, detecting vulnerabilities automatically, and developing custom defenses automatically.