Health Law Highlights

HHS Agency Launches Program to Improve Cyber Resiliency in Hospitals

Summary of article from The HIPAA Journal, by Steve Adler:

The Advanced Research Projects Agency for Health (ARPA-H), a Department of Health and Human Services (HHS) agency, has initiated a cybersecurity program aimed at enhancing and automating cybersecurity in U.S. hospitals. The program, called Universal PatchinG and Remediation for Autonomous DEfense (UPGRADE), will invest over $50 million to develop software tools to bolster network defenses against cyberattacks. The software will help identify and mitigate vulnerabilities in hospital systems, intending to reduce the time devices remain vulnerable from several months to a few days. ARPA-H is seeking proposals for the creation of a vulnerability mitigation platform, development of digital twins of hospital equipment, and methods for auto-detecting vulnerabilities and auto-developing defenses. The UPGRADE program is part of HHS’s broader strategy to improve cyber resilience across the healthcare sector.