DIGIHEALS initiative funds digital health security research
DIGIHEALS awards funding for research to improve cybersecurity and resilience in health care systems.
The ARPA-H Digital Health Security (DIGIHEALS) initiative supports innovative research that aims to protect the U.S. health care system’s electronic infrastructure against hostile threats.
Focusing on cutting-edge security protocols, vulnerability detection, and automatic patching, DIGIHEALS seeks to reduce the ability for bad actors to attack digital health software and hardware, and to enable the prevention of large-scale cyberattacks.
Funding for awardees varies in amount and is contingent upon the recipient meeting aggressive milestones specific to their project.
ARPA-H is pleased to announce the following DIGIHEALS awardees:
AMdP: Automated Medical device Patching
This project aims to develop Automated Medical device Patching (AMdP2), leveraging technologies originally developed for the Defense Advanced Research Projects Agency (DARPA) under the Assured MicroPatching (AMP) and other programs. If successful, AMdP2 will provide medical device manufacturers and cybersecurity firms with an automated firmware vulnerability detection and remediation capability.
CHALO: Cognitive Health Assistant that Learns and Organizes
Limited resources and large numbers of legacy medical devices make hospital IT infrastructure vulnerable to attack. Private communication between patients and clinicians is cumbersome. Doctors are unable to leverage the latest clinical guidance from multiple medical specialties, especially when treating patients with complex health conditions. The focus of this project is to develop a Cognitive Health Assistant that Learns and Organizes (CHALO). CHALO is developing network security, software assurance, system and data interoperation, applied cryptography, and artificial intelligence solutions to these problems. SRI and its partners plan to transition CHALO technology to enable accessible, resilient healthcare for more Americans.
H-R3P: Healthcare Ransomware Resiliency and Response Program
H-R3P seeks to develop evidence-based interventions to reduce the impact of cyberattacks on health care delivery organizations (HDOs) by identifying ransomware incidents, understanding the impacts with respect to disruption on acute clinical workflows, and deploying substitute systems during a ransomware emergency. H-R3P's goal is to develop clinician-focused tools and techniques for improving capacity for and quality of care during cyberattacks.
RxCRS: Reliable and eXplainable Cyber Reasoning System for Digital Health Security
RxCRS focuses on building new techniques to provide reliable, robust, and clear input for existing binary analysis techniques, and retrofitting them to ensure their soundness. Recent convergences in the development of program analysis, formal protocol analysis, cryptography, and biology has fostered an environment ripe for the augmentation of the binary analysis process with reliability, robustness, and clarity. RxCRS aims to reduce the effort and cost required to find and remediate vulnerabilities in legacy medical devices.
EHR-FIST: Digital Format Rehabilitation to Improve Interoperability of EHR Systems and Records
The goal of this project is to characterize the most problematic constructs in widely used electronic health record (EHR) data formats by discovering and reporting parsing bugs in existing EHR management systems. Once identified, procedures will be specified for reducing existing records into a safe form that facilitates unambiguous and secure interpretation of health records, while maintaining compatibility with existing EHR systems. EHR-FIST aims to improve the security and privacy of patient data without requiring patches to the software processing that data.
Software Bill of Materials and Software Bills of Behaviors for Effective Cyber Risk Mitigation in Healthcare Systems Comparative Study
This project seeks to perform an innovative in-depth investigation of Software Bills of Materials (SBOM) shortcomings by comparing traditional state-of-the-art SBOMs against our novel functionality and behavior-based analysis using health care-relevant datasets. The behavior-based analytical approach aims to provide a more comprehensive automated cybersecurity risk assessment for medical devices than existing approaches.