Northeastern University Launches Hospital Cybersecurity Project Supported by ARPA-H UPGRADE for up to $19M

Northeastern University’s Archimedes Center for Healthcare and Medical Device Cybersecurity, led by Professor Kevin Fu, is launching the PATCH Project, a national initiative with a budget of up to $19 million for transformative clinical and technological innovations. Fueled by the ARPA-H UPGRADE program, the project will create hospital-scale digital twins to accelerate the discovery and remediation of cybersecurity vulnerabilities, encompassing thousands of medical devices from infusion pumps to imaging systems while ensuring uninterrupted patient care.

Dr. Kevin Fu, Professor of Electrical and Computer Engineering, Khoury College of Computer Sciences, and Bioengineering at Northeastern University, serves as a leading authority on medical device cybersecurity. His distinguished career includes groundbreaking work with the U.S. Food and Drug Administration, where he contributed expertise on securing medical technologies that millions of patients depend on daily.  The Archimedes Center for Healthcare and Medical Device Cybersecurity that he leads has been instrumental in advancing medical device security in collaboration with hospitals, manufacturers, and vendors.  
Building on this leadership, Fu recently launched a project supported by the Advanced Research Projects Agency for Health (ARPA-H) Universal PatchinG and Remediation for Autonomous DEfense (UPGRADE) initiative for up to $19 million. Called PATCH, the first 12-month phase of this ambitious project will develop digital twins of healthcare networks to accelerate vulnerability detection and remediation while maintaining uninterrupted patient care. The vision is to support hospital cybersecurity teams by expediting their ability to comprehensively characterize their hospital’s cyber network, identify vulnerabilities within that network, source remediations to mitigate the vulnerabilities, and accelerate remediation deployment.

PATCH will provide comprehensive security for a wide array of medical devices, including infusion pumps, patient monitoring systems, imaging equipment, and medication dispensers. By creating a whole hospital simulation environment, the first phase will emulate and protect upwards of 1,500 pieces of hospital equipment, ensuring scalability and adaptability for smaller healthcare settings.

 
In addition to Northeastern and academic partner University of Illinois-Urbana Champaign, PATCH includes clinical partnerships with Michigan Medicine, Massachusetts General Hospital, Beth Israel Deaconess Medical Center, University of Colorado School of Medicine, University of California San Diego Health, and the Michigan Center for Rural Health, spanning a range of hospital sizes nationwide. Critically, industry partners Medcrypt, ForAllSecure, and Virta Laboratories will drive open-source commercialization, ensuring the Vulnerability Mitigation Platforms developed can be rapidly deployed across healthcare systems to protect patient care infrastructure. PATCH will also work closely with the Association for the Advancement of Medical Instrumentation (AAMI), a community of 10,000+ professionals focused on advancing safety in medical technology, to provide channels for outreach to healthcare professionals to learn the necessary skills to maintain and secure these healthcare systems.

Learn more about the Archimedes Center for Healthcare and Medical Device Cybersecurity at coe.northeastern.edu/archimedes.