Infusion pumps, which deliver medications to patients, are among the most network-connected medical devices. While connecting infusion pumps to clinical systems can improve healthcare delivery processes, it can also expose healthcare facilities to operational or safety risks, such as (1) a breach of protected health records, (2) changes to prescribed drug dosage, and (3) disruption of healthcare services by malicious actors.
To address this issue, the cybersecurity experts at the National Cybersecurity Center of Excellence (NCCoE) worked with several infusion pump manufacturers and technology and service providers to assess the risks and produced a publicly available practical guide, NIST Special Publication (SP) 1800-8, Securing Wireless Infusion Pumps. The guide informs healthcare organizations on risks associated with deploying and operating wireless infusion pumps, and how to improve their cybersecurity. SP 1800-8 provides detailed guidance on asset management, threat protection, and vulnerability mitigation, and conforms to industry standards and best practices.