Published
If you landed in an emergency department a decade ago, the hospital’s cybersecurity infrastructure was probably the last thing on your mind. Today, concerns about cyberattacks hit closer to home. In the past year, hackers have suspended care in American health clinics and disrupted medical device networks nationwide. A fictional hospital ransomware attack is even causing havoc on this season of HBO’s The Pitt.
These incidents are disturbing, but ARPA-H is on the case. We understand that the threat of health-related cyberattacks has been growing for a decade. Today, ARPA-H is investing in innovative cybersecurity solutions that keep America’s health systems safe, secure, and ready to save lives.
From electronic health records to smart medical devices, our entire healthcare framework relies on electronic health ecosystems. In any given hospital, there may be thousands of devices from many different manufacturers using a variety of applications and software, all serving critical functions for patient care. Any one of these digital tools can be vulnerable to bad actors who seek to cause harm—soft targets for hackers to bring down entire systems.
When these systems are compromised, the damage goes beyond locked computers and unresponsive networks. Real people lose access to life-saving care. Critical equipment shuts down. Medication orders vanish. Clinicians are locked out of key information in electronic health records. Hospitals must divert patients to other facilities, overwhelming strapped systems and stretching wait times across a region. A severe attack may even force a clinic to shut its doors completely. This makes cybersecurity in healthcare uniquely complex, incredibly important, and an ARPA-Hard problem we can’t shy away from. That’s why ARPA-H is funding teams to design digital protections that account for the realities of clinical care and the very real cyberthreats our clinics are up against.
One such team is behind CRASHCART—a mobile platform designed to rapidly restore essential connectivity and support critical clinical functions when ransomware compromises hospital systems. With this “digital lifeboat,” affected clinics can restore patient care in minutes—not days or weeks. The project was developed through the ARPA-H Digital Health Security (DIGIHEALS) program, which aims to catalyze creative solutions to protect the U.S. healthcare system’s electronic infrastructure. When the program launched in 2023, Program Manager Andrew Carney anticipated it would “contribute to the development of new innovations in digital security to better keep our health systems and patients’ information secure.” Less than three years later, DIGIHEALS awardees are already stress-testing solutions to that end.
Watch below as CRASHCART investigators from the University of California, San Diego, deploy the system during a simulated exercise in a real critical access hospital last month. During the drill, staff used CRASHCART to establish network functionality for a 20-bed emergency department in a record 33 minutes and 54 seconds.
CRASHCART is just one project from DIGIHEALS that focuses on reviving healthcare’s digital heartbeat. Other ARPA-H projects, including those from the Universal Patching and Remediation for Autonomous Defense (UPGRADE) program, focus on preventing cyberattacks before they occur by autonomously and continuously finding and fixing vulnerabilities hackers could otherwise exploit.
As hospital cyberattacks grab more headlines, it’s clear that malicious hackers aren’t slowing down. Fortunately, ARPA-H is also moving fast. We’re leveraging cutting-edge cybersecurity to meet the moment and shield healthcare systems.
###
STAY CONNECTED
To stay up to date on the latest ARPA-H news and opportunities for researchers and patient groups, subscribe to the Vitals newsletter, or follow the agency on X/Twitter and LinkedIn.