UPGRADE: Healthcare’s $50M program to patch security gaps

Bottom Line

Hospital systems large and small may soon have new security tools to help them autonomously update medical devices and other healthcare equipment, thanks to a new $50 million investment from the Health Department’s Advanced Research Projects Agency for Health (ARPA-H).

What Happened

ARPA-H announced the launch of a new program called Universal PatchinG and Remediation for Autonomous DEfense (UPGRADE) and designed to address the challenge of keeping healthcare facilities safe from cyberattacks.

“Health isn’t just something that impacts an individual, and ARPA-H is investing in ways to build stronger, healthier, and more resilient health care systems that can sustain themselves between crises,” said ARPA-H Director Renee Wegrzyn, Ph.D. “UPGRADE will speed the time from detecting a device vulnerability to safe, automated patch deployment down to a matter of days, providing confidence to hospital staff and peace of mind to the people in their care.”

Key Takeaways

• ARPA-H will invest more than $50 million to create tools that will help IT teams better defend hospital environments.
• The program aims to bring together equipment manufacturers, cybersecurity experts, and hospital IT staff to develop a software suite that can automatically evaluate potential vulnerabilities, procure or develop patches, and deploy them with minimal disruption to hospital devices.
• UPGRADE is part of ARPA-H’s Digital Health Security Initiative, DIGIHEALS, which is focused on securing healthcare systems and data.

This new program is a significant development for the healthcare industry. By automating cybersecurity tasks, UPGRADE can help hospitals to improve their defenses against cyberattacks and protect patient care.

Additional Resources

• ARPA-H UPGRADE program page
• UPGRADE press release
• HHS Cybersecurity Gateway
• ARPA-H DIGIHEALS program page