Securing Wireless Infusion Pumps

View the Practice Guide Visualization

The NCCoE has released a visualization of the NIST Cybersecurity Practice Guide, Securing Wireless Infusion Pumps in Healthcare Delivery. Use the button below to view this resource.

Access Resource »

The NCCoE released a final version of the NIST Cybersecurity Practice Guide, Securing Wireless Infusion Pumps in Healthcare Delivery Organizations on August 17, 2018.

For ease of use, the guide is available to download or read in volumes:

SP 1800-8A: Executive Summary (PDF) (web page)
SP 1800-8B: Approach, Architecture, and Security Characteristics (PDF) (web page)
SP 1800-8C: How-To Guides (PDF) (web page)

Or download the complete guide (PDF).

A two-page fact sheet is also available for download.

If you have any questions or suggestions, please email us at hit_nccoe@nist.gov.

Unlike prior medical devices that were once standalone instruments, today’s wireless infusion pumps connect to a variety of healthcare systems, networks, and other devices. Although connecting infusion pumps to point-of-care medication systems and electronic health records can improve healthcare delivery processes, this can also increase cybersecurity risk, which could lead to operational or safety risks. Tampering, intentional or otherwise, with the wireless infusion pump ecosystem can expose an HDO enterprise to serious risk factors, such as: access by malicious actors; a breach of protected health information; loss or disruption of healthcare services; and damage to an organization’s reputation, productivity, and bottom-line revenue.

SP 1800-8 provides best practices and detailed guidance on how to manage assets, protect against threats, and mitigate vulnerabilities by performing a questionnaire-based risk assessment. In addition, the security characteristics of wireless infusion pump ecosystem are mapped to currently available cybersecurity standards and the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. Based on our risk assessment findings, we apply security controls to the pump’s ecosystem to create a ‘defense-in-depth’ solution for protecting infusion pumps and their surrounding systems against various risk factors. Ultimately, we show how biomedical, networking, and cybersecurity engineers and IT professionals can securely configure and deploy wireless infusion pumps to reduce cybersecurity risk.

The NCCoE has developed cybersecurity guidance to help healthcare delivery organizations protect their networks and data.

Collaborating Vendors

Organizations participating in this project submitted their capabilities in response to an open call in the Federal Register for all sources of relevant security capabilities from academia and industry (vendors and integrators). The following respondents with relevant capabilities or product components (identified as “Technology Partners/Collaborators” herein) signed a Cooperative Research and Development Agreement to collaborate with NIST in a consortium to build this example solution.

_{Certain commercial entities, equipment, products, or materials may be identified by name or company logo or other insignia in order to acknowledge their participation in this collaboration or to describe an experimental procedure or concept adequately. Such identification is not intended to imply special status or relationship with NIST or recommendation or endorsement by NIST or NCCoE; neither is it intended to imply that the entities, equipment, products, or materials are necessarily the best available for the purpose.}