Unlike prior medical devices that were once standalone instruments, today’s wireless infusion pumps connect to a variety of healthcare systems, networks, and other devices. Although connecting infusion pumps to point-of-care medication systems and electronic health records can improve healthcare delivery processes, this can also increase cybersecurity risk, which could lead to operational or safety risks. Tampering, intentional or otherwise, with the wireless infusion pump ecosystem can expose an HDO enterprise to serious risk factors, such as: access by malicious actors; a breach of protected health information; loss or disruption of healthcare services; and damage to an organization’s reputation, productivity, and bottom-line revenue.
SP 1800-8 provides best practices and detailed guidance on how to manage assets, protect against threats, and mitigate vulnerabilities by performing a questionnaire-based risk assessment. In addition, the security characteristics of wireless infusion pump ecosystem are mapped to currently available cybersecurity standards and the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. Based on our risk assessment findings, we apply security controls to the pump’s ecosystem to create a ‘defense-in-depth’ solution for protecting infusion pumps and their surrounding systems against various risk factors. Ultimately, we show how biomedical, networking, and cybersecurity engineers and IT professionals can securely configure and deploy wireless infusion pumps to reduce cybersecurity risk.