HHS to Invest $50M in Cybersecurity for the Healthcare Industry

The Advanced Research Projects Agency for Health (ARPA-H), a Department of Health and Human Services (HHS) agency, announced in a news release on May 20 the launch of the Universal PatchinG and Remediation for Autonomous DEfence (UPGRADE) program. This effort will invest over $50 million in tool creation for cybersecurity in healthcare systems.

According to the press release, UPGRADE will “enable proactive evaluation of potential vulnerabilities by probing models of digital hospital environments for weaknesses in software.” Once a threat is identified, a patch can be tested and implemented with minimum interruption.

“With UPGRADE, we want to reduce the effort it takes to secure hospital equipment and guarantee that devices are safe and functional so that health care providers can focus on patient care,” UPGRADE program manager Andrew Carney explained in a statement.

Cyberattacks on healthcare have been a growing concern for the industry and policymakers. A recent study showed that the healthcare sector has an increasing risk of cyberattack exposure. Health systems are still recovering from recent data breaches with Change Healthcare and Ascension.

“We continue to see how interconnected our nation’s healthcare ecosystem is and how critical it is for our patients and clinical operations to be protected from cyberattacks," said HHS Deputy Secretary Andrea Palm in a statement. "ARPA-H’s UPGRADE will help build on HHS' Healthcare Sector Cybersecurity Strategy to ensure that all hospital systems, large and small, are able to operate more securely and adapt to the evolving landscape," she added.