Feds Seek Innovative Tech Ideas for Health Sector Security

A new healthcare-focused research agency is seeking proposals for innovative cybersecurity technologies that can apply a national security approach to protecting this highly targeted civilian industry. Today’s off-the-shelf software is falling short, the agency said.

See Also: Live Webinar | Unmasking Pegasus: Understand the Threat & Strengthen Your Digital Defense

The Advanced Research Projects Agency for Health, or ARPA-H, a newly created agency within the Department of Health and Human Services, recently announced the launch of the Digital Health Security, or Digiheals, initiative. For the project, ARPA-H said it is seeking proposals “for proven technologies developed for national security” that can be applied “to civilian health systems, clinical care facilities and personal health devices.”

ARPA-H is accepting proposals for Digiheals until Sept. 7 through the Scaling Health Applications Research for Everyone, or SHARE, Broad Agency Announcement program.

ARPA-H expects to make multiple Digiheals awards, depending upon the quality of proposals received and available funding.

HHS was granted authority to establish ARPA-H under the fiscal 2022 appropriations bill, which was signed into law by President Joe Biden in March 2022. The agency’s mission is to improve the U.S. government’s ability to accelerate biomedical and health solutions.

Bolstering Sector Security

The Digiheals effort aims to help ensure that hospitals and doctors can continue to deliver healthcare services to patients in the wake of a widespread cyberattack on medical facilities, ARPA-H said.

Recent ransomware assaults have disrupted some services in the United States, forcing healthcare entities to divert ambulances and cancel or postpone patient care, which happened last week after the attack on Mississippi’s Singing River Health System. Some other cybersecurity incidents have led to the permanent closure of entities, including Illinois’ St. Margaret’s Health in June (see: Mississippi Hospital System Still Struggling Attack).

“By adapting and extending security, usability and software assurance technologies, this digital health security effort will play a crucial role in addressing vulnerabilities in health systems,” said Andrew Carney, ARPA-H program manager, in a statement.

“This project will also help us identify technical limitations of future technology deployments and contribute to the development of new innovations in digital security to better keep our health systems and patients’ information secure,” he said.

Digiheals aims to adapt for healthcare sector implementation technologies developed for national security because offerings on today’s marketplace aren’t doing the job, ARPA-H said.

“Currently, off-the-shelf software tools fall short in detecting emerging cyberthreats and protecting our medical facilities, resulting in a technical gap we seek to bridge with this initiative,” said Dr. Renee Wegrzyn, ARPR-H director, in the statement.

“The DIGIHEALS project comes when the U.S. healthcare system urgently requires rigorous cybersecurity capabilities to protect patient privacy, safety, and lives,” Wegrzyn said.

“By focusing on cutting-edge security protocols, vulnerability detection, and automatic patching, this effort seeks to reduce the ability for bad actors to attack digital health software and enable the prevention of large-scale cyberattacks,” ARPA-H said.

Besides addressing cybersecurity vulnerabilities, the Digiheals effort aims to identify and fix software-related weaknesses that affect patient safety and experience, ARPA-H said.

ARPA-H did not immediately respond to Information Security Media Group’s request for additional details pertaining to the Digiheals effort.