The Department of Health and Human Services’ cutting-edge research agency announced a new initiative to better protect the nation’s hospitals from mounting cyberattacks that can put patients’ lives at risk.
Advanced Research Projects Agency for Health (ARPA-H) last week launched its Digital Health Security (DIGIHEALS) project, looking to contract for “proven technologies developed for national security and apply them to civilian health systems, clinical care facilities, and personal health devices,” according to an agency announcement.
“DIGIHEALS aims to ensure patients continue to receive care in the wake of a widespread cyberattack on a medical facility — like those that have caused hospitals to close their doors permanently,” said an agency release.
Earlier this month, a medical system with hospitals in Connecticut, Pennsylvania, Rhode Island and Southern California was disrupted by ransomware attacks that forced it to close some facilities. The attack was the latest in a growing trend of hospitals being targeted by bad actors — a scenario that can become a matter of life and death if patients are unable to receive the care they need.
A similar “IT security incident” occurred late last year affecting hospitals in Iowa, Nebraska and Washington. That came shortly after the release of a report that found that 90% of IT professionals working in health care said their facilities suffered a cyberattack in the past year, with ransomware in particular on the rise.
ARPA-H is soliciting proposals from industry through its Scaling Health Applications Research for Everyone (SHARE) broad agency announcement that it opened earlier this month.
“The DIGIHEALS project comes when the U.S. healthcare system urgently requires rigorous cybersecurity capabilities to protect patient privacy, safety, and lives,” ARPA-H Director Dr. Renee Wegrzyn said in a statement. “Currently, off-the-shelf software tools fall short in detecting emerging cyberthreats and protecting our medical facilities, resulting in a technical gap we seek to bridge with this initiative.”
According to the BAA, the DIGIHEALS project aims to accomplish three main objectives: find and patch flaws in mission-critical hospital systems; develop novel approaches to data and analytics; and improve the resiliency of digital health technology code.
“By adapting and extending security, usability, and software assurance technologies, this digital health security effort will play a crucial role in addressing vulnerabilities in health systems,” said ARPA-H Program Manager Andrew Carney. “This project will also help us identify technical limitations of future technology deployments and contribute to the development of new innovations in digital security to better keep our health systems and patients’ information secure.”
The opportunity to submit proposals under the BAA closes Sept. 7.