ARPA-H announces UPGRADE program to enhance healthcare cybersecurity

The Advanced Research Projects Agency for Health (ARPA-H) announced the launch of the Universal PatchinG and Remediation for Autonomous DEfense (UPGRADE) program to improve healthcare cybersecurity.

What happened

ARPA-H unveiled the UPGRADE program to enhance and automate cybersecurity in healthcare facilities. The initiative will allocate more than $50 million to create advanced tools for IT teams to protect hospital operations and ensure the continuity of patient care amid cyber threats.

UPGRADE focuses on creating a software suite that can proactively evaluate potential vulnerabilities by probing models of hospital systems for weaknesses. When a threat is detected, the program will facilitate the automatic development, testing, and deployment of patches with minimal disruption to hospital operations. 

Going deeper

According to the ARPA-H website, the UPGRADE program is a multifaceted initiative designed to address the cybersecurity challenges in healthcare facilities through the following components:

• Vulnerability mitigation platform: UPGRADE aims to identify and mitigate vulnerabilities in hospital IT systems through real-time monitoring and automated responses to detected threats. 
• Digital twins of hospital equipment: The program will create high-fidelity digital twins of hospital equipment, to ensure effective vulnerability assessments. These virtual models will simulate real-world conditions, allowing for thorough testing of patches before deployment. 
• Automated vulnerability detection: The program will automatically detect vulnerabilities in hospital IT systems through advanced algorithms and machine learning to identify potential threats swiftly and accurately.
• Custom defense development: Once vulnerabilities are detected, UPGRADE will automatically develop custom defenses by generating, testing, and deploying patches with minimal interruption to hospital operations.
• Collaboration with experts: The success of UPGRADE depends on the collaboration of IT staff, medical device manufacturers, health care providers, human factors engineers, and cybersecurity experts. 
• Scalability and adaptability: These solutions should be scaled and adapted to different healthcare environments, from small clinics to large hospital networks, to address the diverse needs of healthcare facilities.

What was said

“We continue to see how interconnected our nation’s healthcare ecosystem is and how critical it is for our patients and clinical operations to be protected from cyberattacks. Today’s launch is yet another example of HHS’ continued commitment to improving cyber resiliency across our health care system," said HHS Deputy Secretary Andrea Palm. 

The Deputy Secretary also added, "ARPA-H’s UPGRADE will help build on HHS' Healthcare Sector Cybersecurity Strategy to ensure that all hospital systems, large and small, are able to operate more securely and adapt to the evolving landscape."

“UPGRADE will speed the time from detecting a device vulnerability to safe, automated patch deployment down to a matter of days, providing confidence to hospital staff and peace of mind to the people in their care,” added ARPA-H Director Renee Wegrzyn, Ph.D.

Furthermore, John Riggi, AHA's national advisor for cybersecurity and risk, commented, "The UPGRADE program is an innovative and welcomed 'whole of nation' approach, which will combine the expertise of the health care sector and government experts."

Why it matters

The UPGRADE program is a significant step in securing healthcare infrastructure against cyber threats. It streamlines identifying and addressing vulnerabilities, ultimately enhancing hospital systems and ensuring they can deliver essential care safely and efficiently.