DIGIHEALS aims to fortify healthcare cybersecurity
The Advanced Research Projects Agency, an agency within the Department of Health and Human Services (HHS), has launched the Digital Health Security (DIGIHEALS) project to strengthen cybersecurity in digital health and U.S. healthcare systems.
The agency is accepting proposals for proven methods that can be applied to healthcare system infrastructure, as well as health devices.
“The DIGIHEALS project comes when the U.S. healthcare system urgently requires rigorous cybersecurity capabilities to protect patient privacy, safety, and lives,” said ARPA-H Director Dr. Renee Wegrzyn in the announcement. “Currently, off-the-shelf software tools fall short in detecting emerging cyberthreats and protecting our medical facilities, resulting in a technical gap we seek to bridge with this initiative.”
One of the main goals of DIGIHEALS is to find a way a health system can continue to provide patient care once a cyberattack has already happened. [paper systems., link to other articles] Oftentimes, healthcare systems have to divert ambulances and emergency care, and shut down their electronic health records (EHRs) all of which can lead to an increase in patient mortality and negatively impact surrounding healthcare systems.
The project will also focus on security protocols, identifying vulnerabilities, and the implementation of automated patching in order to minimize cybersecurity vulnerabilities curtail the ability of cybercriminals to attack digital health software and mitigate or even prevent large-scale cyber attacks.
In the first six months of 2023, there were fewer healthcare cyber attacks but the breaches were bigger, according to a recent report from Critical Insights. The report found this suggests a more sophisticated and organized effort from cyber criminals.
The total number of healthcare cyber attacks decreased by 15% compared to the second half of 2022, but the total number of individuals increased by 31%.
In addition to the personal and medical impact a cyber attack can have, a healthcare system’s finances can be devastating from the inability to submit claims to insurers. This year, a rural hospital in Illinois permanently shut its doors after suffering a cyber attack that sent it into a “financial spiral.”
The nationwide effort to address healthcare cybersecurity through programs like DIGIHEALS hopes to make these consequences a problem of the past.
“By adapting and extending security, usability, and software assurance technologies, this digital health security effort will play a crucial role in addressing vulnerabilities in health systems,” said ARPA-H Program Manager Andrew Carney. “This project will also help us identify technical limitations of future technology deployments and contribute to the development of new innovations in digital security to better keep our health systems and patients’ information secure.”