HHS launches $50M security initiative to thwart ransomware attacks at hospitals

The U.S. Department of Health and Human Services (HHS) is launching a $50 million incentive program to encourage hospitals to improve their cybersecurity. Dubbed the Universal Patching and Remediation for Autonomous Defense—or UPGRADE—program, the initiative aims to speed up vulnerability detection and patch deployment through the creation of a platform that IT leaders can use to produce a “digital twin” of devices on the hospital network and run security tests.

UPGRADE is primarily aimed at stopping future ransomware incidents, given how vulnerable hospital networks are to those attacks.

“It’s particularly challenging to model all the complexities of the software systems used in a given health care facility, and this limitation can leave hospitals and clinics uniquely open to ransomware attacks,” Andrew Carney, program manager for UPGRADE, said in a statement. “With UPGRADE, we want to reduce the effort it takes to secure hospital equipment and guarantee that devices are safe and functional so that health care providers can focus on patient care.”

The $50 million in reward money will be used to solicit developers for the platform, with HHS expecting to make payouts to numerous organizations. The ultimate goal, the statement said, is to get hospitals up to speed with consumer devices, where vulnerabilities are patched more regularly. Additionally, the HHS hopes UPGRADE will lead to automated security that can detect avenues for attack by cyber criminals before they happen, as well as identify network intrusions before hackers have a chance to shut down hospital systems.

In response to the announcement, the American Hospital Association released a statement praising the UPGRADE initiative for encouraging nationwide cooperation between hospitals, adding that hospitals currently remain vulnerable to cyberattacks because their security capabilities and available resources are uneven.

Chad Van Alstin Health Imaging Health Exec

Chad is an award-winning writer and editor with over 15 years of experience working in media. He has a decade-long professional background in healthcare, working as a writer and in public relations.

Around the web

Compensation for heart specialists continues to climb. What does this say about cardiology as a whole? Could private equity's rising influence bring about change? We spoke to MedAxiom CEO Jerry Blackwell, MD, MBA, a veteran cardiologist himself, to learn more.

The American College of Cardiology has shared its perspective on new CMS payment policies, highlighting revenue concerns while providing key details for cardiologists and other cardiology professionals. 

As debate simmers over how best to regulate AI, experts continue to offer guidance on where to start, how to proceed and what to emphasize. A new resource models its recommendations on what its authors call the “SETO Loop.”