Skip to main content

UCSD Health Using Federal Grant to Develop Ransomware Strategies

Analysis  |  By Eric Wicklund  
   October 03, 2023

The California health system is getting $9.5 million through an HHS program aimed at tackling healthcare data breaches, and will explore innovative solutions through its new Center for Healthcare Cybersecurity.

The UC San Diego School of Medicine is getting a federal grant of almost $10 million to study how to prevent and mitigate ransomware attacks.

The $9.5 million grant comes from the Health and Human Services Department's Advanced Research Projects Agency for Health (ARPA-H) as part of its DIGIHEALS initiative, which supports innovative projects aimed at addressing hostile cyber threats. The healthcare industry saw some 344 data breaches in 2022, according to the Identify Theft Resource Center, the most of any industry.

“Healthcare systems are highly vulnerable to ransomware attacks, which can cause catastrophic impacts to patient care and pose an existential threat to smaller health systems,” Christian Dameff, MD, an emergency medicine physician at UC San Diego Health, assistant professor at the UC San Diego School of Medicine and UC San Diego Jacobs School of Engineering, and co-principal investigator, said in a press release. “Developing protocols to protect health systems, especially rural and critical access hospitals, will help save lives and make healthcare better for all of us.”

The research will target ransomware attacks, which cost health systems, on average, $11 million a year, according to IBM's 2023 Cost of a Data Breach report.  Apart from the financial toll, these attacks can also affect care delivery, and can potentially cause patient harm or even death.

“During a ransomware attack, hospitals often have to switch back to inefficient pen-and-paper methods of administration, and this slows down healthcare delivery and introduces additional risks to patient safety,” Dameff said.

“When I talk about cybersecurity most people only think about protecting patient data,” he added “That’s all well and good, but we need to be just as concerned about care quality and patient outcomes. The impacts of malware and ransomware don’t stop at the digital border of a hospital.”

Jeffrey Tully, MD, an assistant clinical professor at UC San Diego School of Medicine and co-principal investigator, noted ransomware attacks can devastate small and rural health systems, with one hospital in Illinois shutting down for good.

Dameff, who in 2019 was appointed the first medical director of cybersecurity in the nation, will conduct the study through UC San Diego's new Center for Healthcare Cybersecurity, which is supported by the Joan & Irwin Jacobs Center for Health Innovation.

“Cybersecurity in healthcare is a huge problem that can affect each and every one of us, but few healthcare systems are prepared for the consequences of cyberattacks,” Christopher Longhurst, MD, chief medical officer and chief digital officer at UC San Diego Health, said in the press release. “The new center is designed to address this unmet need, and this new research is just the beginning of that effort.”

Eric Wicklund is the associate content manager and senior editor for Innovation, Technology, and Pharma for HealthLeaders.


Ransomware attacks are costing healthcare organizations millions of dollars a year, and threatening business and clinical operations. At least one small hospital was forced to close due to an attack.

The federal government has launched a program through the Health and Human Services Department's Advanced Research Projects Agency for Health (ARPA-D) to explore innovative strategies to prevent and mitigate data breaches.

The UC San Diego School of Medicine is using a $9.5 million federal grant to tackle ransomware through its newly established Center for Healthcare Cybersecurity, the first step toward creating guidelines to help health systems improve their defenses.

Get the latest on healthcare leadership in your inbox.