NIST Issues New Guidance to Enhance Wireless Infusion Pump Cybersecurity | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

NIST Issues New Guidance to Enhance Wireless Infusion Pump Cybersecurity

May 11, 2017
by Rajiv Leventhal
| Reprints

The National Institute of Standards and Technology (NIST), in collaboration with the healthcare community and manufacturers, has released draft guidelines designed to help healthcare delivery organizations improve wireless infusion pump cybersecurity.

As a press release from NIST stated, medical devices, such as infusion pumps, have evolved from standalone instruments that interacted only with the patient and a medical provider into devices that now connect wirelessly to a variety of systems, networks, and other platforms to enhance patient care, as part of the broader Internet of Medical Things (IoMT).

As such, cybersecurity risks have risen. Wireless infusion pump ecosystems, which include the pump, the network, and the data stored in and on a pump, face a range of potential threats, such as unauthorized access to protected health information (PHI), changes to prescribed drug doses, and interference with a pump’s intended function.

The new guidance, NIST Special Publication 1800-8: Securing Wireless Infusion Pumps in Healthcare Delivery Organizations, uses standards-based, commercially available technologies and industry best practices to help healthcare organizations strengthen the security of wireless infusion pumps within healthcare facilities, according to officials from NIST’s National Cybersecurity Center of Excellence. The draft guide is now open for public comment.  

Composed of three parts, the first volume can help hospital administrators better understand the cybersecurity risks of wireless infusion pumps to the hospital enterprise. The second and third volumes detail the approach, risk assessment, standards and security control mappings, and an example implementation of securing the wireless infusion pump ecosystem.

“When we initially launched this project, we received more than 200 comments from interested parties. That’s when we realized the challenges involved in properly securing wireless infusion pumps were complex and significant. We ended up working with 14 technology and manufacturing collaborators and dozens of industry stakeholders to help healthcare delivery organizations reduce their risks,” Gavin O’Brien, senior cybersecurity engineer at the NCCoE, said in a statement.

Biomedical, networking and cybersecurity engineers, along with healthcare IT professionals, can use the second and third volumes to see how the NCCoE used commercially available or open source tools to help configure and deploy wireless infusion pumps. According to O’Brien, “The ultimate goal is to implement a defense-in-depth strategy to reduce the risks.”

O’Brien said that he is confident the guide will provide valuable insights healthcare delivery organizations need to better secure their wireless infusion pump ecosystems. And, he explained, capabilities demonstrated by the NCCoE may also apply to other medical devices on wireless networks as well.

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

Dignity Health, UCSF Health Partner to Improve the Digital Patient Experience

Dignity Health and UCSF Health are collaborating to develop a digital engagement platform that officials believe will provide information and access to patients when and where they need it as they navigate primary and preventive care, as well as more acute or specialty care.

Report: Digital Health VC Funding Surges to Record $4.9 Billion in 2018

Global venture capital funding for digital health companies in the first half of 2018 was 22 percent higher year-over-year (YoY) with a record $4.9 billion raised in 383 deals compared to the $4 billion in 359 deals in the same time period last year, according to Mercom Capital Group’s latest report.

ONC Roundup: Senior Leadership Changes Spark Questions

The Office of the National Coordinator for Health IT (ONC) has continued to experience changes within its upper leadership, leading some folks to again ponder what the health IT agency’s role will be moving forward.

Media Report: Walmart Hires Former Humana Executive to Run Health Unit

Reigniting speculation that Walmart and insurer Humana are exploring ways to forge a closer partnership, Walmart Inc. has hired a Humana veteran to run its health care business, according to a report from Bloomberg.

Value-Based Care Shift Has Halted, Study Finds

A new study of 451 physicians and health plan executives suggests that progress toward value-based care has stalled. In fact, it may have even taken a step backward over the past year, the research revealed.

Study: EHRs Tied with Lower Hospital Mortality, But Only After Systems Have Matured

Over the past decade, there has been significant national investment in electronic health record (EHR) systems at U.S. hospitals, which was expected to result in improved quality and efficiency of care. However, evidence linking EHR adoption to better care is mixed, according to medical researchers.