Wireless Infusion Pump Security
Infusion pumps were once standalone instruments that interacted only with the patient or medical provider. With technological improvements designed to enhance patient care, new wireless versions of the pumps are connected to a variety of systems, networks and other devices-which can introduce cybersecurity risks. Through collaboration with industry, NIST's National Cybersecurity Center of Excellence (NCCoE) demonstrated one approach that health care providers can use to enhance security and improve the safety and delivery of health care to patients.
Wireless infusion pumps with weak cybersecurity can expose a health care enterprise to system breaches that pose serious operational and safety risks.
- access by malicious actors;
- breach of
protected health information;
- loss or disruption of health care
- damage to reputation, productivity and revenue.
The NCCoE collaborated with health care providers, IT companies and device manufacturers to develop cybersecurity guidance that would help strengthen the security of the wireless infusion pump ecosystem within health care facilities.
The NCCoE guidance is based on commercial off-the-shelf technologies that meet industry standards, as well as existing NIST/industry guidance and best practices.
Securing Wireless Infusion Pumps in Healthcare Delivery Organizations, NIST Special Publication 1800-8, shows how biomedical, networking, cybersecurity and IT professionals can configure and deploy wireless infusion pumps to reduce cybersecurity risk. In addition, the work on this project resulted in the discovery of security features that would benefit other medical products. NCCoE's work has led several wireless infusion pump manufacturers to begin incorporating increased security capabilities into the next generation of pumps.
The Wireless Infusion Pump project is one of several conducted by
NCCoE and its partners. NCCoE is a collaborative hub where industry
organizations, government agencies and academic institutions work
together to address businesses' most pressing cybersecurity issues. This
public-private partnership enables the creation of practical
cybersecurity solutions for specific industries, as well as for broad,
cross-sector technology challenges.