DIGIHEALS initiative funds digital health security research

DIGIHEALS awards funding for research to improve cybersecurity and resilience in health care systems.

The ARPA-H Digital Health Security (DIGIHEALS) initiative supports innovative research that aims to protect the U.S. health care system’s electronic infrastructure against hostile threats.

Focusing on cutting-edge security protocols, vulnerability detection, and automatic patching, DIGIHEALS seeks to reduce the ability for bad actors to attack digital health software and hardware, and to enable the prevention of large-scale cyberattacks.

Funding for awardees varies in amount and is contingent upon the recipient meeting aggressive milestones specific to their project.

ARPA-H is pleased to announce the following DIGIHEALS awardees:

AMdP: Automated Medical device Patching

This project aims to develop Automated Medical device Patching (AMdP2), leveraging technologies originally developed for the Defense Advanced Research Projects Agency (DARPA) under the Assured MicroPatching (AMP) and other programs. If successful, AMdP2 will provide medical device manufacturers and cybersecurity firms with an automated firmware vulnerability detection and remediation capability.

  • Date Awarded
  • Amount Awarded Up to $16M
  • Prime Awardee Institution Systems & Technology Research LLC
  • Principal Investigator Thomas Sherman
  • Location Woburn, MA

CHALO: Cognitive Health Assistant that Learns and Organizes

Limited resources and large numbers of legacy medical devices make hospital IT infrastructure vulnerable to attack. Private communication between patients and clinicians is cumbersome. Doctors are unable to leverage the latest clinical guidance from multiple medical specialties, especially when treating patients with complex health conditions. The focus of this project is to develop a Cognitive Health Assistant that Learns and Organizes (CHALO). CHALO is developing network security, software assurance, system and data interoperation, applied cryptography, and artificial intelligence solutions to these problems. SRI and its partners plan to transition CHALO technology to enable accessible, resilient healthcare for more Americans.

  • Date Awarded
  • Amount Awarded Up to $9.8M
  • Prime Awardee Institution SRI International
  • Principal Investigator Linda Briesemeister, Ph.D.
  • Location Menlo Park, CA

H-R3P: Healthcare Ransomware Resiliency and Response Program

H-R3P seeks to develop evidence-based interventions to reduce the impact of cyberattacks on health care delivery organizations (HDOs) by identifying ransomware incidents, understanding the impacts with respect to disruption on acute clinical workflows, and deploying substitute systems during a ransomware emergency. H-R3P's goal is to develop clinician-focused tools and techniques for improving capacity for and quality of care during cyberattacks.

  • Date Awarded
  • Amount Awarded Up to $9.5M
  • Prime Awardee Institution University of California San Diego
  • Principal Investigator Christian Dameff, M.D. and Jeffrey Tully, M.D.
  • Location San Diego, CA

RxCRS: Reliable and eXplainable Cyber Reasoning System for Digital Health Security

RxCRS focuses on building new techniques to provide reliable, robust, and clear input for existing binary analysis techniques, and retrofitting them to ensure their soundness. Recent convergences in the development of program analysis, formal protocol analysis, cryptography, and biology has fostered an environment ripe for the augmentation of the binary analysis process with reliability, robustness, and clarity. RxCRS aims to reduce the effort and cost required to find and remediate vulnerabilities in legacy medical devices.

  • Date Awarded
  • Amount Awarded Up to $10M
  • Prime Awardee Institution Arizona State University
  • Principal Investigator Ruoyu Wang, Ph.D.
  • Location Tempe, AZ

EHR-FIST: Digital Format Rehabilitation to Improve Interoperability of EHR Systems and Records

The goal of this project is to characterize the most problematic constructs in widely used electronic health record (EHR) data formats by discovering and reporting parsing bugs in existing EHR management systems. Once identified, procedures will be specified for reducing existing records into a safe form that facilitates unambiguous and secure interpretation of health records, while maintaining compatibility with existing EHR systems. EHR-FIST aims to improve the security and privacy of patient data without requiring patches to the software processing that data.

  • Date Awarded
  • Amount Awarded Up to $1.8M
  • Prime Awardee Institution Narf Industries LLC
  • Principal Investigator Michael Locasto, Ph.D.
  • Location San Diego, CA

Software Bill of Materials and Software Bills of Behaviors for Effective Cyber Risk Mitigation in Healthcare Systems Comparative Study

This project seeks to perform an innovative in-depth investigation of Software Bills of Materials (SBOM) shortcomings by comparing traditional state-of-the-art SBOMs against our novel functionality and behavior-based analysis using health care-relevant datasets. The behavior-based analytical approach aims to provide a more comprehensive automated cybersecurity risk assessment for medical devices than existing approaches.

  • Date Awarded
  • Amount Awarded Up to $3M
  • Prime Awardee Institution Karambit.AI, Inc
  • Principal Investigator Andrew Hendela
  • Location Annandale, VA