NCCoE & NIST
Clearwater Compliance has been working closely with the National Institute of Standards and Technology (NIST) and the National Cybersecurity Center of Excellence (NCCoE) on a cybersecurity project for the healthcare sector.
As part of this collaboration, NIST has released a draft practice guide, titled NIST SP 1800-8, Securing Wireless Infusion Pumps in Healthcare Delivery Organizations, to demonstrate how healthcare delivery organizations can use best practices along with standards-based, commercially available cybersecurity technologies to better protect their wireless infusion pump ecosystem.
New Collaborative NIST Cybersecurity Guidance for Securing Wireless Infusion Pumps
Why Healthcare Executives Should Care About This Practice Guide
This guide demonstrates how an HDO can use standards-based commercially available technologies and industry best practices to strengthen the security of the wireless infusion pump ecosystem and reduce cybersecurity risk. This can also potentially reduce safety and operational risks, such as interference with the standard operation of a medical device or loss of PHI.
The guide provides guidance on how an HDO can better protect its enterprise with a layered security model to avoid a single point of failure and provide strong support for availability of critical systems and resources.
The guide gives detailed information for all levels of business and technical expertise within your healthcare organization. This can help your leadership understand the cybersecurity risks surrounding wireless medical devices; help your security officers conduct risk assessments and develop mitigation plans; and help your technical staff implement improved security measures for the wireless infusion pump ecosystem.
Why Healthcare IT Professionals Should Care About This Practice Guide
Healthcare IT professionals can use this guide to help reduce the cybersecurity risk to their organization through unsecured or improperly configured wireless infusion pumps. The guide shows how a variety of cybersecurity best practices (e.g. network segmentation, authentication, encryption, etc.) can better protect the pump ecosystem.
For healthcare IT professionals, there are a number of industry-specific standards and best practices that are critical for their healthcare organization. This guide provides a cross-walk of the example solution’s security characteristics to the NIST Cybersecurity Framework, best practices from relevant organizations, and industry standards such as the Health Insurance Portability and Accountability Act (HIPAA) Security Rule.
The guide leverages expertise from healthcare IT thought leaders and relies on your feedback to ultimately improve the awareness of cybersecurity best practices within the industry. With your support and lessons learned from real-world implementations, the guide can serve as a starting point for developing new best practices for healthcare providers to consider when on-boarding medical devices.
About NIST SP 1800-8 Securing Wireless Infusion Pumps in Healthcare Delivery Organizations
As the IoMT grows, cybersecurity risks have risen. In particular, the wireless infusion pump ecosystem (the pump, the network, and the data stored on a pump system) face a range of potential threats, such as unauthorized access to protected health information (PHI), changes to prescribed drug doses, and interference with a pump’s intended function.
To help the healthcare sector address these cybersecurity challenges, the NCCoE, together with several healthcare technology vendors, has developed cybersecurity guidance that demonstrates how HDOs can use standards-based, commercially available cybersecurity technologies to better protect the infusion pump ecosystem, including patient information and drug library dosing limits.
What is this practice guide about?
NCCoE developed a use case and practice guide to demonstrate how healthcare delivery organizations can use best practices along with standards-based, commercially available cybersecurity technologies to better protect their wireless infusion pump ecosystem.
About the National Cybersecurity Center of Excellence (NCCoE)
The National Cybersecurity Center of Excellence (NCCoE), a part of the National Institute of Standards and Technology (NIST), is a collaborative hub where industry organizations, government agencies, and academic institutions work together to address businesses’ most pressing cybersecurity challenges. This public-private partnership enables the creation of practical cybersecurity solutions for specific industries or broad, cross-sector technology challenges. Working with technology partners—from Fortune 500 market leaders to smaller companies specializing in IT security— the NCCoE develops modular, easily adaptable example cybersecurity solutions demonstrating how to apply standards and best practices using commercially available technology. The NCCoE documents these example solutions in the NIST Special Publication 1800 series, which maps capabilities to the NIST Cyber Security Framework and details the steps needed for another entity to recreate the example solution. The NCCoE was established in 2012 by NIST in partnership with the State of Maryland and Montgomery County, Md. Information is available at: https://nccoe.nist.gov.
Looking for a Cybersecurity or Compliance Solution that can help you understand and implement a robust cybersecurity plan?
We have assisted more than 400 customers to operationalize and mature their information privacy, security, compliance and information risk management programs. And in the process, we are raising the bar for safeguarding PHI, protecting millions of Americans and driving real value for the organizations we support and the healthcare industry at large.