The U.S. Department of Health and Human Services (HHS) is initiating a $50 million program aimed at bolstering cybersecurity measures in hospitals. Dubbed the Universal Patching and Remediation for Autonomous Defense (UPGRADE), the program seeks to expedite vulnerability detection and patch deployment through the creation of a platform enabling the generation of a “digital twin” of hospital devices for security assessments. The primary objective of UPGRADE is to mitigate the risk of ransomware attacks, which have notably targeted hospital networks due to their vulnerability.
According to Andrew Carney, program manager for UPGRADE, the complexity of hospital software systems often renders them susceptible to ransomware attacks. UPGRADE aims to streamline the process of securing hospital equipment, ensuring device safety and functionality to enable healthcare providers to prioritize patient care. To incentivize the development of the platform, HHS plans to allocate the $50 million reward money to solicit contributions from developers, with payouts anticipated for multiple organizations.
The overarching goal of UPGRADE is to align hospital cybersecurity practices with those of consumer devices, where vulnerabilities are regularly patched. Additionally, the program aims to establish automated security measures capable of preemptively identifying potential cyber threats and network intrusions before they compromise hospital systems. The American Hospital Association has lauded the UPGRADE initiative for fostering nationwide collaboration among hospitals, recognizing that the current variability in security capabilities and resources leaves hospitals vulnerable to cyberattacks.
