- An agency within the HHS is soliciting proposals for a new project that aims to use proven national security technologies to protect the healthcare industry from the growing threat of cyberattacks.
- The Advanced Research Projects Agency for Health said the Digital Health Security project will accept proposals through Sept. 7 on ways to boost cybersecurity in the nation’s health systems, clinical care facilities and personal health devices.
- One goal of the project, also called Digiheals, is to ensure patients can continue to access care after a cyberattack at a healthcare facility. Operations can be disrupted after a serious attack, with some cyberattacks causing facilities to permanently close their doors, according to the agency.
The effort will focus on developing security protocols, vulnerability detection and automatic patching to reduce hackers’ ability to attack healthcare software as well as finding and fixing weaknesses that affect patient safety and experience, the agency said in a press release.
“The Digiheals project comes when the U.S. healthcare system urgently requires rigorous cybersecurity capabilities to protect patient privacy, safety and lives,” ARPA-H Director Dr. Renee Wegrzyn said in a statement. “Currently, off-the-shelf software tools fall short in detecting emerging cyberthreats and protecting our medical facilities, resulting in a technical gap we seek to bridge with this initiative.”
Cybersecurity is an increasing challenge for the healthcare industry, with data breaches exposing 385 million patient records from 2010 to 2022. Breaches are also expensive for the sector, with the average cost of a data breach reaching nearly $11 million in 2023.
Hacking incidents in particular have skyrocketed over the past five years. The industry is a profitable target for ransomware, where hackers demand payment in exchange for returned access to critical hospital systems. Those threats can undermine patient safety and the hospital's ability to function.
Earlier this summer, a hospital in rural Illinois said it would permanently shut down in part due to a cyberattack that prevented the facility from billing payers for months. A ransomware attack against a California-based Prospect Medical Holdings earlier in August has cut access to key computer systems for weeks, forcing hospitals to use paper and staffers instead of electronic systems.
CommonSpirit Health, one of the country’s largest health systems, suffered a ransomware attack late last year that exposed health information of almost 624,000 people, interrupted access to medical records and delayed patient care.