Security News > 2024 > May > HHS pledges $50M for autonomous vulnerability management solution for hospitals
As organizations in the healthcare sector continue to be a prime target for ransomware gangs and CISA warns about a vulnerability in a healthcare-specific platform being leveraged by attackers, the Advanced Research Projects Agency for Health has announced the Universal PatchinG and Remediation for Autonomous DEfense program aimed at developing a vulnerability management platform for healthcare IT teams.
CVE-2023-43208, an easily exploitable unauthenticated remote code execution vulnerability affecting NextGen HealthCare's Mirth Connect data integration platform, has been patched by the company and publicly disclosed by Horizon3.
The UPGRADE program looks for healthcare vulnerability management solution.
"Deploying security updates in hospitals is difficult because of the sheer number of internet-connected devices, limitations in health care IT resources, and low tolerance for device downtime needed to test and patch. Despite the size of the cybersecurity industry, health care sector challenges remain under addressed, even as more pieces of equipment are network-connected than ever before."
The goal of the UPGRADE program is to create a security platform that will adapt to any hospital environment, proactively and autonomously simulate/evaluate the risk and potential impact of vulnerabilities, procure or develop a patch, test it in a model environment, and deploy it in a way that's minimally disruptive to medical, IT, and other devices in use at healthcare delivery organizations.
"The program has four technical areas. Technical area 1 focuses on the creation of a vulnerability mitigation platform. Technical area 2 aims to create high-fidelity digital twins of equipment in hospital environments. Technical areas 3 and 4 seek to develop methods to rapidly and automatically detect software vulnerabilities and then confidently develop defenses for each."
News URL
https://www.helpnetsecurity.com/2024/05/23/healthcare-vulnerability-management/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-26 | CVE-2023-43208 | Unspecified vulnerability in Nextgen Mirth Connect NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. | 9.8 |