HHS to Invest $50M in Hospitals’ Cybersecurity Initiative
Hospitals are getting a much-needed hand to address cybersecurity concerns.
The Advanced Research Projects Agency for Health (ARPA-H) announced on Monday the launch of an initative to develop tools that IT teams can add to their cybersecurity efforts. As part of the Universal PatchinG and Remediation for Autonomous Defense (UPGRADE) program, the agency will be investing more than $50 million for the development of tools.
“It’s particularly challenging to model all the complexities of the software systems used in a given health care facility, and this limitation can leave hospitals and clinics uniquely open to ransomware attacks,” Andrew Carney, UPGRADE program manager, said in a statement.
“With UPGRADE, we want to reduce the effort it takes to secure hospital equipment and guarantee that devices are safe and functional so that health care providers can focus on patient care.”
The recent Change Healthcare ransomware attack and Ascension outage have highlighted the fact that the healthcare sector lags behind other sectors in cybersecurity. Such incidents have the capacity to halt the operation of an entire system, including claims submission, payment processing, and even clinical care, resulting in substantial losses for providers and health systems and potential harm to patients.
“A lot of companies may not have a plan, or an updated plan, or may not have communicated it and had it tested,” Joi Lee, manager of cyber governance, risk, and compliance for Moffitt Cancer Center previously told HealthLeaders.
“We’re in the business of treating patients, so a lot of the time, if you don’t have people that are focused on this type of stuff and know its importance, it gets thrown by the wayside. It’s not important until you need it.”