US government spending $50m on auto-patcher for hospital IT

digital healthcare
(Image credit: Shutterstock / elenabsl)

The United States government is offering $50 million to whoever can develop a new piece of technology that will better secure healthcare IT equipment.

Due to the sensitivity of the data it generates, the healthcare industry is one of the most attacked in the US, with ransomware actors constantly targeting hospitals and insurance companies. After identifying the problem two years ago, the Biden administration formed a new agency within the US government called Advanced Research Projects Agency for Health, or ARPA-H. 

Now, this agency has kickstarted project UPGRADE - Universal PatchinG and Remediation for Autonomous DEfense. The goal of the project is to create a software suite that will scan healthcare IT gear for vulnerabilities, apply patches where available, and develop and test mitigations where patches are unavailable. 

Securing the nation's health

The problem with keeping healthcare IT gear up to date is that it needs to be taken offline during the patching, which could leave patients vulnerable, The Register explained in its writeup. That being said, the project will require teams to build a vulnerability mitigation software platform, build digital twins for hospital gear, auto-detect flaws, and auto-develop custom defenses.

"We continue to see how interconnected our nation's health care ecosystem is and how critical it is for our patients and clinical operations to be protected from cyberattacks," HHS Deputy Secretary Andrea Palm said in a statement. "ARPA-H's UPGRADE will help build on HHS' Healthcare Sector Cybersecurity Strategy to ensure that all hospital systems, large and small, are able to operate more securely and adapt to the evolving landscape."

Besides social engineering, software vulnerabilities are one of the most common points of entry for cybercriminals, who are constantly targeting healthcare organizations. Only recently, Change Healthcare was a victim of a ransomware attack which not only disrupted its operations and possibly put patients at risk, but also forced the provider to pay $22 million in cryptocurrency.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.