HHS launches $50M security initiative to thwart ransomware attacks at hospitals

The U.S. Department of Health and Human Services (HHS) is launching a $50 million incentive program to encourage hospitals to improve their cybersecurity. Dubbed the Universal Patching and Remediation for Autonomous Defense—or UPGRADE—program, the initiative aims to speed up vulnerability detection and patch deployment through the creation of a platform that IT leaders can use to produce a “digital twin” of devices on the hospital network and run security tests.

UPGRADE is primarily aimed at stopping future ransomware incidents, given how vulnerable hospital networks are to those attacks.

“It’s particularly challenging to model all the complexities of the software systems used in a given health care facility, and this limitation can leave hospitals and clinics uniquely open to ransomware attacks,” Andrew Carney, program manager for UPGRADE, said in a statement. “With UPGRADE, we want to reduce the effort it takes to secure hospital equipment and guarantee that devices are safe and functional so that health care providers can focus on patient care.”

The $50 million in reward money will be used to solicit developers for the platform, with HHS expecting to make payouts to numerous organizations. The ultimate goal, the statement said, is to get hospitals up to speed with consumer devices, where vulnerabilities are patched more regularly. Additionally, the HHS hopes UPGRADE will lead to automated security that can detect avenues for attack by cyber criminals before they happen, as well as identify network intrusions before hackers have a chance to shut down hospital systems.

In response to the announcement, the American Hospital Association released a statement praising the UPGRADE initiative for encouraging nationwide cooperation between hospitals, adding that hospitals currently remain vulnerable to cyberattacks because their security capabilities and available resources are uneven.

Chad Van Alstin Health Imaging Health Exec

Chad is an award-winning writer and editor with over 15 years of experience working in media. He has a decade-long professional background in healthcare, working as a writer and in public relations.

Around the web

When regulating AI-equipped medical devices, the FDA might take a page from the Department of Transportation’s playbook for overseeing AI-equipped vehicles. These run the gamut from assisting human drivers to fully taking the wheel. 

Kit Crancer, RBMA board member, speaks with Radiology Business about key legislative developments on the Hill that will affect the specialty. 

California-based Acutus Medical has said its ongoing agreement to manufacture and distribute left-heart access devices for Medtronic is the company's only source of revenue.