The healthcare sector has been increasingly targeted by cyberattacks, in February 2024. For instance, Change Healthcare, a UnitedHealth-owned technology firm, suffered a ransomware attack disrupting claims processing and prescription fulfillment. Similarly, Ascension, a large Catholic health system, reported a ransomware attack forcing ambulance diversions and hindering access to electronic health records. These attacks have consequences for patient care, exemplified by Lurie Children's Hospital in Chicago, which spent nearly a month restoring its Epic EHR system after a cyberattack earlier this year.
In response to these growing threats, the federal government is intensifying its focus on healthcare cybersecurity. The Department of Health and Human Services (HHS) released voluntary cybersecurity goals aimed at bolstering the industry's defenses and improving response strategies. ARPA-H, a research agency established two years ago, launched the UPGRADE project to expedite vulnerability mitigation and patch deployment. This initiative seeks to create software solutions, digital twins of hospital equipment, and custom cyber defenses. The Biden administration's proposed 2025 budget includes over $1 billion for upgrading hospital cyber defenses, with future penalties for non-compliance. ARPA-H Director Renee Wegrzyn emphasized that UPGRADE aims to reduce the time from detecting device vulnerabilities to deploying patches to just days, enhancing hospital cybersecurity and patient safety.
