U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 1800-8 (Initial Public Draft)

Securing Wireless Infusion Pumps in Healthcare Delivery Organizations

Date Published: May 2017
Comments Due: July 7, 2017 (public comment period is CLOSED)
Email Questions to: hit_nccoe@nist.gov


Gavin O'Brien (NIST), Sallie Edwards (MITRE), Kevin Littlefield (MITRE), Neil McNab (MITRE), Sue Wang (MITRE), Kangmin Zheng (MITRE)


As the world rapidly embraces the Internet of Things, properly securing medical devices has grown challenging for most healthcare delivery organizations (HDOs).

That's because medical devices, such as infusion pumps, have evolved from standalone instruments that interacted only with the patient and a medical provider into devices that now connect wirelessly to a variety of systems, networks, and other platforms to enhance patient care, as part of the broader Internet of Medical Things (IoMT).

As a result, cybersecurity risks have risen. Wireless infusion pump ecosystems, which include the pump, the network, and the data stored in and on a pump, face a range of potential threats, such as unauthorized access to protected health information (PHI), changes to prescribed drug doses, and interference with a pump's intended function.

In collaboration with the healthcare community and manufacturers, the NCCoE developed cybersecurity guidance, draft NIST Special Publication 1800-8, Securing Wireless Infusion Pumps in Healthcare Delivery Organizations, which uses standards-based, commercially available technologies and industry best practices to help HDOs strengthen the security of wireless infusion pumps within healthcare facilities. The draft guide is now open for public comment.  



digital certificates; encryption; infusion pumps; Internet of Things; IoT; medical devices; network zoning; pump servers; questionnaire-based risk assessment; segmentation; VPN; Wi-Fi; wireless medical devices; authorization; authentication
Control Families

None selected


Draft SP 1800-8

Supplemental Material:
Project homepage

Document History:
05/08/17: SP 1800-8 (Draft)
08/17/18: SP 1800-8 (Final)