US government spends $50 million on auto-patcher for hospital IT
The United States government is offering $50 million to anyone who can develop a new piece of technology that can better secure healthcare IT equipment.
Due to the sensitivity of the data it generates, the healthcare sector has been one of the most attacked in the US, with ransomware actors continually targeting hospitals and insurance companies. After identifying the problem two years ago, the Biden administration created a new agency within the U.S. government called the Advanced Research Projects Agency for Health, or ARPA-H.
Now this agency has launched the project UPGRADE – Universal PatchinG and Remediation for Autonomous DEfense. The goal of the project is to create a software package that scans healthcare IT equipment for vulnerabilities, applies patches where available, and develops and tests solutions where patches are not available.
Securing the health of the country
The problem with keeping healthcare IT equipment up to date is that it must be taken offline during patching, which can leave patients vulnerable. The register explained in his writing. That said, the project requires teams to build a vulnerability mitigation software platform, build a digital twin for hospital equipment, automatically detect errors, and automatically develop adaptive defenses.
“We continue to see how interconnected our nation’s healthcare ecosystem is and how critical it is that our patients and clinical operations are protected from cyberattacks,” HHS Assistant Secretary Andrea Palm said in a statement. “ARPA-H’s UPGRADE will help build on HHS’ healthcare sector cybersecurity strategy to ensure that all hospital systems, large and small, can operate more securely and adapt to the changing landscape.”
In addition to social engineering, software vulnerabilities are one of the most common entry points for cybercriminals, who continually target healthcare organizations. Just recently, Change Healthcare fell victim to a ransomware attack that not only disrupted operations and potentially endangered patients, but also forced the provider to pay $22 million in cryptocurrency.