![](\"https:\/\/media.wired.com\/photos\/64dd23880124a91cee27dc20\/master\/pass\/White-House-Initiative-Seeks-to-Defend-Digital-Systems-in-US-Healthcare-Security-GettyImages-674506032.png\"\/)
<\/p>\n<\/p>\n
Credit to Author: Lily Hay Newman| Date: Thu, 17 Aug 2023 10:00:00 +0000<\/strong><\/p>\n Lily Hay Newman<\/a><\/span><\/span><\/p>\n The Advanced Research<\/span> Projects Agency for Health (Arpa-H), a research support agency within the United States Department of Health and Human Services, said today that it is launching an initiative to find and help fund the development of cybersecurity technologies that can specifically improve defenses for digital infrastructure in US health care. Dubbed the Digital Health Security project, also known as Digiheals, the effort will allow researchers and technologists to submit proposals beginning today through September 7 for cybersecurity tools geared specifically to health care systems, hospitals and clinics, and health-related devices.<\/p>\n For more than a decade, health care providers in the United States and around the world have been plagued<\/a> by criminal cyberattacks, particularly ransomware attacks<\/a>, that take advantage of medical facilities\u2019 high-stakes work to attempt to extort big payouts. Efforts in recent years to crack down on and deter<\/a> cybercriminal actors have made some limited progress, but health care attacks still occur regularly<\/a>, disrupting vital services and endangering patients.<\/p>\n Health and Human Service\u2019s research agency Arpa-H doesn\u2019t specifically focus on cybersecurity innovation. The agency has programs running, for example, to spur advances in osteoarthritis treatment and medical imaging for cancer removal. But Digiheals program manager and longtime security researcher Andrew Carney says there is a dire need to make progress on digital defense tools for health care that are both effective and usable for medical facilities in practice.<\/p>\n \u201cWe\u2019re looking for rapid and stupendous progress,\u201d Carney told WIRED ahead of the announcement. \u201cWe want to ensure that the impact we have is significant but also equitably distributed. It doesn\u2019t matter if we develop a perfect cure that makes a network completely impenetrable if a rural hospital can\u2019t adopt it because of light IT staff or minimal or no security budget.\u201d<\/p>\n Digiheals is seeking broad and diverse submissions related to vulnerability detection, software hardening, and system patching, as well as the expansion or development of security protocols. The initiative will accept submissions from anyone, including academic and nonprofit researchers or commercial industry. Carney emphasizes that, ultimately, the goal is to foster novel and inventive solutions regardless of where they come from or what category they fit into.<\/p>\n \u201cWe are looking to very rapidly cast a wide net,\u201d he says. \u201cI\u2019d encourage folks even if they have ideas that don\u2019t fit cleanly or won\u2019t fit the timeline of the solicitation to come talk to us. We will make the process fit the ideas we receive as best we can.\u201d<\/p>\n Carney points out that it is particularly difficult to study the real-world conditions of cybersecurity in health care, because each medical provider\u2019s network is made up of a vast patchwork of systems, services, and devices that vary widely<\/a>. And there is no margin for error in probing individual institutions\u2019 systems or attempting to attack them intentionally to discover weaknesses. So Digiheals is also encouraging researchers to make submissions related to the types of security tools that are not working in health care settings and the reasons for these failings.<\/p>\n \u201cCurrently, off-the-shelf software tools fall short in detecting emerging cyber threats and protecting our medical facilities, resulting in a technical gap we seek to bridge with this initiative,\u201d Arpa-H director Renee Wegrzyn said in a statement. \u201cThe Digiheals project comes when the US health care system urgently requires rigorous cybersecurity capabilities to protect patient privacy, safety, and lives.\u201d<\/p>\n After years of damaging cyberattacks on hospitals and disruptions to patient care, the Digiheals initiative may feel like too little, too late. Earlier this month, a ransomware attack on the medical group<\/a> Prospect Medical Holdings, which operates in Connecticut, Pennsylvania, Rhode Island and Southern California, caused disruptions at multiple hospitals and clinics in the network. The recovery process is ongoing<\/a>. But Arpa-H is a new agency<\/a> launched by the Biden administration last year to help address a number of issues in US health care that are massively overdue for investment.<\/p>\n \u201cHealth care gets the most difficult of the challenges from every angle,\u201d Carney says. \u201cWe\u2019re constantly working at near or above capacity, and any reduction in service can have real harm very quickly. But we have an ability to move very fast on new digital defenses, and it behooves us to do so. It would be irresponsible of us not to move fast.\u201d<\/p>\n