NIST Issues New Guidance to Enhance Wireless Infusion Pump Cybersecurity | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

NIST Issues New Guidance to Enhance Wireless Infusion Pump Cybersecurity

May 11, 2017
by Rajiv Leventhal
| Reprints

The National Institute of Standards and Technology (NIST), in collaboration with the healthcare community and manufacturers, has released draft guidelines designed to help healthcare delivery organizations improve wireless infusion pump cybersecurity.

As a press release from NIST stated, medical devices, such as infusion pumps, have evolved from standalone instruments that interacted only with the patient and a medical provider into devices that now connect wirelessly to a variety of systems, networks, and other platforms to enhance patient care, as part of the broader Internet of Medical Things (IoMT).

As such, cybersecurity risks have risen. Wireless infusion pump ecosystems, which include the pump, the network, and the data stored in and on a pump, face a range of potential threats, such as unauthorized access to protected health information (PHI), changes to prescribed drug doses, and interference with a pump’s intended function.

The new guidance, NIST Special Publication 1800-8: Securing Wireless Infusion Pumps in Healthcare Delivery Organizations, uses standards-based, commercially available technologies and industry best practices to help healthcare organizations strengthen the security of wireless infusion pumps within healthcare facilities, according to officials from NIST’s National Cybersecurity Center of Excellence. The draft guide is now open for public comment.  

Composed of three parts, the first volume can help hospital administrators better understand the cybersecurity risks of wireless infusion pumps to the hospital enterprise. The second and third volumes detail the approach, risk assessment, standards and security control mappings, and an example implementation of securing the wireless infusion pump ecosystem.

“When we initially launched this project, we received more than 200 comments from interested parties. That’s when we realized the challenges involved in properly securing wireless infusion pumps were complex and significant. We ended up working with 14 technology and manufacturing collaborators and dozens of industry stakeholders to help healthcare delivery organizations reduce their risks,” Gavin O’Brien, senior cybersecurity engineer at the NCCoE, said in a statement.

Biomedical, networking and cybersecurity engineers, along with healthcare IT professionals, can use the second and third volumes to see how the NCCoE used commercially available or open source tools to help configure and deploy wireless infusion pumps. According to O’Brien, “The ultimate goal is to implement a defense-in-depth strategy to reduce the risks.”

O’Brien said that he is confident the guide will provide valuable insights healthcare delivery organizations need to better secure their wireless infusion pump ecosystems. And, he explained, capabilities demonstrated by the NCCoE may also apply to other medical devices on wireless networks as well.

Get the latest information on Cybersecurity and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

Cardiac Monitoring Companies Will Pay $13.45 Million to Resolve False Claims Act Allegations

Companies involved in remote heart monitoring through the use of the Pocket ECG device have agreed to pay the Justice Department $13.4 million to resolve allegations that they violated the False Claims Act by billing Medicare for higher and more expensive levels of cardiac monitoring services than requested by the ordering physicians.

HHS Will Award $195 Million to Health Centers to Leverage Health IT

HHS announced the availability of $195 million in a new funding opportunity for community health centers to expand access to mental health and substance abuse services focusing on the treatment, prevention and awareness of opioid abuse in all U.S. states.

Senators Push for Timeline, Planning on VA-Cerner EHR Project

Three U.S. senators have written a letter to Veterans Affairs (VA) Secretary David Shulkin, M.D. and Defense Secretary James Mattis asking for a timeline for VA’s Cerner EHR project and for plans to ensure that the technology systems of the VA and DoD will be integrated.

Anil K Jain, M.D. Appointed to Health IT Advisory Committee

Anil K. Jain, M.D., IBM vice president and chief health informatics officer, has been appointed by Senate Majority Leader Mitch McConnell to the 25-member Health Information Technology Advisory Committee as mandated by the 21st Century Cures Act.

Orange Care Group, Memorial Team Up to Share Epic’s Population Health Platform

Miami-based Orange Care Group’s accountable care organizations (ACOs) and independent physician association have announced a collaboration with South Florida-based Memorial Healthcare System to adopt Epic's Healthy Planet platform.

Expanding a Population Health Tool That Provides City-Level Data

A new data visualization tool that helps cities understand the health status of their populations will soon expand from four pilot cities to hundreds of cities nationwide.