Connect with us

Hi, what are you looking for?


Cybersecurity Funding

US to Invest $50 Million in Securing Hospitals Against Cyber Threats

ARPA-H has announced a $50 million investment in tools to help IT teams better secure hospital environments.

The US government’s Advanced Research Projects Agency for Health (ARPA-H) this week announced a $50 million cybersecurity effort to help IT teams better secure hospital environments against cyberattacks.

According to ARPA-H, the large number of internet-connected devices in health facilities makes it difficult to advance cybersecurity tools in the health sector, exposing hospitals and other health organizations to potentially disruptive cyberattacks.

Taking critical hospital infrastructure offline for updates can also be disruptive, but delayed patches leave both supported and legacy devices vulnerable for long periods of time.

The new program, called Universal PatchinG and Remediation for Autonomous DEfense (UPGRADE), aims to proactively identify vulnerabilities in digital hospital environments and facilitate the automatic procurement or development of patches, as well as their testing and deployment.

“It’s particularly challenging to model all the complexities of the software systems used in a given health care facility, and this limitation can leave hospitals and clinics uniquely open to ransomware attacks,” UPGRADE program manager Andrew Carney said.

Addressing the gap, ARPA-H says, would require collaboration between IT staff, medical device makers, healthcare providers, and cybersecurity experts for creating a software suite tailored for hospital cyber-resilience.

As part of the UPGRADE program, ARPA-H will request proposals on four technical areas: building a vulnerability mitigation platform, developing high-fidelity digital twins of hospital equipment, vulnerability autodetection, and auto-development of custom defenses. 

The agency expects to award multiple grants as part of the program. Further information on UPGRADE and how interested parties can apply can be found on the program’s page.

Advertisement. Scroll to continue reading.

“ARPA-H’s UPGRADE will help build on HHS’ Healthcare Sector Cybersecurity Strategy to ensure that all hospital systems, large and small, are able to operate more securely and adapt to the evolving landscape,” HHS Deputy Secretary Andrea Palm commented.

A research funding agency reporting to the US Health and Human Services Secretary, ARPA-H supports biomedical and health breakthroughs, to deliver transformative health solutions.

Related: Healthcare Giant Ascension Hacked, Hospitals Diverting Emergency Service

Related: Cannes Hospital Cancels Medical Procedures Following Cyberattack

Related: Cyberattacks on Hospitals Are Likely to Increase, Putting Lives at Risk, Experts Warn

Related: Ransomware Attack Knocks 100 Romanian Hospitals Offline

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.


People on the Move

Gabriel Agboruche has been named Executive Director of OT and Cybersecurity at Jacobs.

Data security startup Reco adds Merritt Baer as CISO

Chris Pashley has been named CISO at Advanced Research Projects Agency for Health (ARPA-H).

More People On The Move

Expert Insights