HHS launches $50M security initiative to thwart ransomware attacks at hospitals
The U.S. Department of Health and Human Services (HHS) is launching a $50 million incentive program to encourage hospitals to improve their cybersecurity. Dubbed the Universal Patching and Remediation for Autonomous Defense—or UPGRADE—program, the initiative aims to speed up vulnerability detection and patch deployment through the creation of a platform that IT leaders can use to produce a “digital twin” of devices on the hospital network and run security tests.
UPGRADE is primarily aimed at stopping future ransomware incidents, given how vulnerable hospital networks are to those attacks.
“It’s particularly challenging to model all the complexities of the software systems used in a given health care facility, and this limitation can leave hospitals and clinics uniquely open to ransomware attacks,” Andrew Carney, program manager for UPGRADE, said in a statement. “With UPGRADE, we want to reduce the effort it takes to secure hospital equipment and guarantee that devices are safe and functional so that health care providers can focus on patient care.”
The $50 million in reward money will be used to solicit developers for the platform, with HHS expecting to make payouts to numerous organizations. The ultimate goal, the statement said, is to get hospitals up to speed with consumer devices, where vulnerabilities are patched more regularly. Additionally, the HHS hopes UPGRADE will lead to automated security that can detect avenues for attack by cyber criminals before they happen, as well as identify network intrusions before hackers have a chance to shut down hospital systems.
In response to the announcement, the American Hospital Association released a statement praising the UPGRADE initiative for encouraging nationwide cooperation between hospitals, adding that hospitals currently remain vulnerable to cyberattacks because their security capabilities and available resources are uneven.