UPGRADE Awardees

The ARPA-H Universal Patching and Remediation for Autonomous Defense (UPGRADE) program aims to create new tools to help hospitals’ information technology teams better detect and remediate cyber-threats.

Funding for awardees varies in amount and is contingent upon the recipient meeting aggressive milestones specific to their project.

The UPGRADE performer teams working to fortify medical devices against cyber threats are led by:

  • Aarno Labs, in Boston, seeks to revolutionize how hospitals address software vulnerabilities by providing formally verified, automatically generated remediations that can be deployed easier and with limited interruption.
  • Galois, in Dayton, Ohio, aims to use novel algorithms to address discovered medical device cybersecurity vulnerabilities, through existing device and network modifications, while minimizing impact on patient care.
  • The Georgia Institute of Technology, in Atlanta, will create a platform to help hospital IT teams automatically find, track, and fix vulnerabilities, and will use emulation to cover many types of medical devices. It will also automate how fixes are developed, tested, and deployed, making the process easier for users.
  • Hawksbill, in Honolulu, will develop a first-of-its-kind model of cognitive behaviors and decision-making processes of expert hackers to create the next-generation of vulnerability detection tools for healthcare settings.
  • HRL, in Malibu, Calif., aims to build an automated vulnerability detection system that seeks to mimic expert hackers’ workflows based on passively collected biometric data for validation.
    Northeastern University, in Boston, seeks to develop a comprehensive set of high-fidelity digital twins for devices across an entire hospital system to better help understand patching impacts and help IT-staff, administrators, and clinical staff make informed decisions to preserve patient safety and limit disruptions to hospital operations.
  • Red Balloon Security, in New York City, will use its proprietary tools to help streamline the ability to analyze medical device software, which uses unique, complicated software packaging.
    Siemens Healthineers, in Malvern, Pa., seeks to develop a healthcare defense solution that will enable hospital systems, especially under-resourced facilities, to identify, prioritize, plan, and deploy security upgrades at scale for their connected medical equipment.
  • Trail of Bits, in New York City, seeks to help supplement hospitals’ limited IT staff and resources by creating a novel, Artificial Intelligence/Machine Learning-driven, automated vulnerability remediation system to create and validate multiple distinct remedies for vulnerabilities discovered in medical devices.
    Vanderbilt University, in Nashville, Tenn., will empower hospitals to protect themselves against exploitable software vulnerabilities in medical devices by developing a Vulnerability Mitigation Platform to interface with a digital twin system of medical devices.