This audio is automatically generated. Please let us know if you have back.
Diving brief:
- An HHS agency revealed a new cybersecurity program Monday aims to better protect hospitals as the healthcare industry faces growing cyber threats that can derail patient care.
- The initiative, which comes from the Advanced Research Projects Agency for Health, will invest more than $50 million to build a software suite which could automatically scan model hospital environments for vulnerabilities that could be exploited by hackers and quickly develop and deploy patches.
- The project aims to help hospitals keep their wide range of internet-connected devices up to date, avoiding attacks and technology outages that can last for weeks and threaten patient safety.
Dive overview:
Cyber attacks against the health sector are on the rise and the industry has already faced several major attacks this year.
In February, the UnitedHealth-owned technology company Changing healthcare was hit by a ransomware attack, disrupting key tasks such as claims processing, provider payments, eligibility checks and prescription filling.
A few months later, Ascension, a major Catholic health system that operates 140 hospitals across the country, reported that it facing its own ransomware attack. The facilities were forced to divert ambulancessome pharmacies cannot fill prescriptions and providers may not have access to electronic health records.
Attacks on hospitals may have serious consequences for patient care, and the consequences of a cyberattack can sometimes last for weeks. In one example, earlier this year, it was necessary Lurie Children's Hospital in Chicago about a month to restore its Epic EHR after an attack forced the vendor to take its IT systems offline.
Hospitals face significant challenges in keeping their many connected devices up to date to address security concerns, according to ARPA-H, an agency. created two years ago to finance biomedical and health research.
While vendors can update consumer products in days or weeks, rolling out a large-scale patch in healthcare can take up to a year because hospitals can't keep the devices offline for a long time and have limited computing resources.
The new project, called UPGRADE, will seek out experts in four areas: creating vulnerability mitigation software, developing “digital twins” of hospital equipment, automatic vulnerability detection and creating personalized cyber defenses.
“UPGRADE will accelerate the time between the detection of a device vulnerability and the automated and secure deployment of patches by up to days, bringing confidence to hospital staff and peace of mind to those receiving care,” said the director of ARPA-H, Renee Wegrzyn, in a press release. statement.
The project comes as the federal government has signaled increased attention to healthcare cybersecurity. Earlier this year, HHS voluntary cybersecurity goals published for industry that aim to help organizations protect themselves and improve their response in the event of an attack.
Regulators also want to require cybersecurity standards for hospitals. The Biden administration proposed budget for 2025 It would dedicate more than $1 billion over ten years to help hospitals improve their cyber defenses — and potentially add penalties for those who fail to follow basic practices.