Researchers at University of California San Diego School of Medicine have been awarded $9.5 million from the Advanced Research Projects Agency for Health (ARPA-H) as part of the DIGIHEALS initiative, which supports innovative research that aims to protect the United States healthcare system against hostile cyber threats.

The new award, the first ARPA-H contract award for any University of California campus, will help the researchers develop better ways to prevent and mitigate ransomware attacks.

“Health care systems are highly vulnerable to ransomware attacks, which can cause catastrophic impacts to patient care and pose an existential threat to smaller health systems,” says co-principal investigator Christian Dameff, MD, emergency medicine physician at UC San Diego Health and assistant professor at UC San Diego School of Medicine and UC San Diego Jacobs School of Engineering. “Developing protocols to protect health systems, especially rural and critical access hospitals, will help save lives and make health care better for all of us.”

The researchers will focus on identifying early indicators of cyber threats through simulated ransomware attacks, and will also create and test an emergency healthcare technology platform to be used in the event of an attack to ensure continuity of health care services.

In 2019, Dameff became medical director of cybersecurity for UC San Diego Health. He joined co-principal investigator Jeff Tully, MD, assistant clinical professor at UC San Diego School of Medicine, as heads of a newly established Center for Healthcare Cybersecurity at the university.

“UC San Diego is a world leader in healthcare cybersecurity, and this new center will keep us on the cutting edge of this critically understudied field for years to come,” says Christopher Longhurst, MD, chief medical officer and chief digital officer at UC San Diego Health.

Ransomware attacks affecting healthcare delivery have been increasing in frequency and sophistication in recent years. Because so many parts of modern health care delivery are computerized, these attacks pose a significant and direct threat to patients’ lives, not just their privacy, according to researchers.

“When I talk about cybersecurity most people only think about protecting patient data,” says Dameff. “That’s all well and good, but we need to be just as concerned about care quality and patient outcomes. The impacts of malware and ransomware don’t stop at the digital border of a hospital.”

In addition to Dameff and Tully, the project will also leverage the expertise of cybersecurity expert and MacArthur fellow Stefan Savage, PhD, who holds the Irwin and Joan Jacobs Chair in Information and Computer Science at UC San Diego Jacobs School of Engineering.

“Cybersecurity in healthcare is a huge problem that can affect each and every one of us, but few health care systems are prepared for the consequences of cyberattacks,” says Longhurst. “The new center is designed to address this unmet need, and this new research is just the beginning of that effort.”