Date Published: May 2017
Comments Due:
Email Questions to:
Author(s)
Gavin O'Brien (NIST), Sallie Edwards (MITRE), Kevin Littlefield (MITRE), Neil McNab (MITRE), Sue Wang (MITRE), Kangmin Zheng (MITRE)
Announcement
As the world rapidly embraces the Internet of Things, properly securing medical devices has grown challenging for most healthcare delivery organizations (HDOs).
That's because medical devices, such as infusion pumps, have evolved from standalone instruments that interacted only with the patient and a medical provider into devices that now connect wirelessly to a variety of systems, networks, and other platforms to enhance patient care, as part of the broader Internet of Medical Things (IoMT).
As a result, cybersecurity risks have risen. Wireless infusion pump ecosystems, which include the pump, the network, and the data stored in and on a pump, face a range of potential threats, such as unauthorized access to protected health information (PHI), changes to prescribed drug doses, and interference with a pump's intended function.
In collaboration with the healthcare community and manufacturers, the NCCoE developed cybersecurity guidance, draft NIST Special Publication 1800-8, Securing Wireless Infusion Pumps in Healthcare Delivery Organizations, which uses standards-based, commercially available technologies and industry best practices to help HDOs strengthen the security of wireless infusion pumps within healthcare facilities. The draft guide is now open for public comment.
Medical devices, such as infusion pumps, were once standalone instruments that interacted only with the patient or medical provider. But today’s medical devices connect to a variety of health care systems, networks, and other tools within a healthcare delivery organization (HDO). Connecting devices to point-of-care medication systems and electronic health records can improve healthcare delivery processes, however, increasing connectivity capabilities also creates cybersecurity risks. Potential threats include unauthorized access to patient health information, changes to prescribed drug doses, and interference with a pump’s function.
The NCCoE at NIST analyzed risk factors in and around the infusion pump ecosystem using a questionnaire-based risk assessment to develop an example implementation that demonstrates how HDOs can use standards-based, commercially available cybersecurity technologies to better protect the infusion pump ecosystem, including patient information and drug library dosing limits.
This practice guide will help HDOs implement current cybersecurity standards and best practices to reduce their cybersecurity risk, while maintaining the performance and usability of wireless infusion pumps.
Medical devices, such as infusion pumps, were once standalone instruments that interacted only with the patient or medical provider. But today’s medical devices connect to a variety of health care systems, networks, and other tools within a healthcare delivery organization (HDO). Connecting devices...
See full abstract
Medical devices, such as infusion pumps, were once standalone instruments that interacted only with the patient or medical provider. But today’s medical devices connect to a variety of health care systems, networks, and other tools within a healthcare delivery organization (HDO). Connecting devices to point-of-care medication systems and electronic health records can improve healthcare delivery processes, however, increasing connectivity capabilities also creates cybersecurity risks. Potential threats include unauthorized access to patient health information, changes to prescribed drug doses, and interference with a pump’s function.
The NCCoE at NIST analyzed risk factors in and around the infusion pump ecosystem using a questionnaire-based risk assessment to develop an example implementation that demonstrates how HDOs can use standards-based, commercially available cybersecurity technologies to better protect the infusion pump ecosystem, including patient information and drug library dosing limits.
This practice guide will help HDOs implement current cybersecurity standards and best practices to reduce their cybersecurity risk, while maintaining the performance and usability of wireless infusion pumps.
Hide full abstract
Keywords
digital certificates; encryption; infusion pumps; Internet of Things; IoT; medical devices; network zoning; pump servers; questionnaire-based risk assessment; segmentation; VPN; Wi-Fi; wireless medical devices; authorization; authentication
Control Families
None selected
