The Advanced Research Projects Agency for Health (ARPA-H) this week announced the launch of a new cybersecurity effort that will invest more than $50 million to create autonomous tools for IT teams to better defend hospital environments.
The Universal PatchinG and Remediation for Autonomous DEfense (UPGRADE) program will enable proactive evaluation of potential vulnerabilities, and once a threat is detected, it will automatically deploy a patch with minimum interruption to the hospital’s devices, ARPA-H explained on May 20.
“Health isn’t just something that impacts an individual, and ARPA-H is investing in ways to build stronger, healthier, and more resilient health care systems that can sustain themselves between crises,” said ARPA-H Director Renee Wegrzyn. “UPGRADE will speed the time from detecting a device vulnerability to safe, automated patch deployment down to a matter of days, providing confidence to hospital staff and peace of mind to the people in their care.”
ARPA-H said it plans to issue a solicitation that will seek performer teams to submit proposals on four technical areas: creating a vulnerability mitigation software platform, developing high-fidelity digital twins of hospital equipment, auto-detecting vulnerabilities, and auto-developing custom defenses.
UPGRADE expects to make multiple awards that bring together equipment manufacturers, cybersecurity experts, and hospital IT staff to develop a tailored and scalable software suite for hospital cyber resilience. This broad effort intends to secure whole systems and networks of medical equipment to ensure mitigations can be deployed at scale, ARPA-H said.
“It’s particularly challenging to model all the complexities of the software systems used in a given health care facility, and this limitation can leave hospitals and clinics uniquely open to ransomware attacks,” said UPGRADE Program Manager Andrew Carney. “With UPGRADE, we want to reduce the effort it takes to secure hospital equipment and guarantee that devices are safe and functional so that health care providers can focus on patient care.”
“ARPA-H’s UPGRADE will help build on HHS’ Healthcare Sector Cybersecurity Strategy to ensure that all hospital systems, large and small, are able to operate more securely and adapt to the evolving landscape,” said HHS Deputy Secretary Andrea Palm.
ARPA-H will hold a virtual proposer’s day for UPGRADE on June 20, 2024.
