HHS launches $50M security initiative to thwart hospital ransomware

The U.S. Department of Health and Human Services (HHS) is launching a $50 million incentive program to encourage hospitals to improve their cybersecurity. Dubbed the Universal Patching and Remediation for Autonomous Defense—or UPGRADE—program, the initiative aims to speed up vulnerability detection and patch deployment through the creation of a platform that IT leaders can use to produce a “digital twin” of devices on the hospital network and run security tests.

UPGRADE is primarily aimed at stopping future ransomware incidents, given how vulnerable hospital networks are to those attacks.

“It’s particularly challenging to model all the complexities of the software systems used in a given health care facility, and this limitation can leave hospitals and clinics uniquely open to ransomware attacks,” Andrew Carney, program manager for UPGRADE, said in a statement. “With UPGRADE, we want to reduce the effort it takes to secure hospital equipment and guarantee that devices are safe and functional so that health care providers can focus on patient care.”