Industry Partners | NCCoE & NIST

Clearwater Compliance has been working closely with the National Institute of Standards and Technology (NIST) and the National Cybersecurity Center of Excellence (NCCoE) on a cybersecurity project for the healthcare sector.

As part of this collaboration, NIST has released a draft practice guide, titled NIST SP 1800-8, Securing Wireless Infusion Pumps in Healthcare Delivery Organizations, to demonstrate how healthcare delivery organizations can use best practices along with standards-based, commercially available cybersecurity technologies to better protect their wireless infusion pump ecosystem.

New Collaborative NIST Cybersecurity Guidance for Securing Wireless Infusion Pumps

Download NIST Cybersecurity Practice Guide

Why Healthcare Executives Should Care About This Practice Guide

  • Reduce risk. This guide demonstrates how an HDO can use standards-based commercially available technologies and industry best practices to strengthen the security of the wireless infusion pump ecosystem and reduce cybersecurity risk. This can also potentially reduce safety and operational risks, such as interference with the standard operation of a medical device or loss of PHI.
  • Develop and execute a defense-in-depth strategy. The guide provides guidance on how an HDO can better protect its enterprise with a layered security model to avoid a single point of failure and provide strong support for availability of critical systems and resources.
  • Detailed implementation information for your organization. The guide gives detailed information for all levels of business and technical expertise within your healthcare organization. This can help your leadership understand the cybersecurity risks surrounding wireless medical devices; help your security officers conduct risk assessments and develop mitigation plans; and help your technical staff implement improved security measures for the wireless infusion pump ecosystem.

Why Healthcare IT Professionals Should Care About This Practice Guide

  • Reduce cybersecurity risks. Healthcare IT professionals can use this guide to help reduce the cybersecurity risk to their organization through unsecured or improperly configured wireless infusion pumps. The guide shows how a variety of cybersecurity best practices (e.g. network segmentation, authentication, encryption, etc.) can better protect the pump ecosystem.
  • Map to cybersecurity standards and best practices. For healthcare IT professionals, there are a number of industry-specific standards and best practices that are critical for their healthcare organization. This guide provides a cross-walk of the example solution’s security characteristics to the NIST Cybersecurity Framework, best practices from relevant organizations, and industry standards such as the Health Insurance Portability and Accountability Act (HIPAA) Security Rule.
  • Develop and encourage new cybersecurity best practices for healthcare. The guide leverages expertise from healthcare IT thought leaders and relies on your feedback to ultimately improve the awareness of cybersecurity best practices within the industry. With your support and lessons learned from real-world implementations, the guide can serve as a starting point for developing new best practices for healthcare providers to consider when on-boarding medical devices.

About NIST SP 1800-8 Securing Wireless Infusion Pumps in Healthcare Delivery Organizations

Background

As the IoMT grows, cybersecurity risks have risen. In particular, the wireless infusion pump ecosystem (the pump, the network, and the data stored on a pump system) face a range of potential threats, such as unauthorized access to protected health information (PHI), changes to prescribed drug doses, and interference with a pump’s intended function.

To help the healthcare sector address these cybersecurity challenges, the NCCoE, together with several healthcare technology vendors, has developed cybersecurity guidance that demonstrates how HDOs can use standards-based, commercially available cybersecurity technologies to better protect the infusion pump ecosystem, including patient information and drug library dosing limits.

What is this practice guide about?

NCCoE developed a use case and practice guide to demonstrate how healthcare delivery organizations can use best practices along with standards-based, commercially available cybersecurity technologies to better protect their wireless infusion pump ecosystem.

“Reducing cybersecurity risk, developing and executing in-depth cybersecurity strategies and offering best practices for healthcare organizations especially as it applies so directly to patient safety issues is critical to Clearwater’s mission.”
Bob Chaput, CEO, Clearwater Compliance
“We are honored to collaborate with NIST on a guide that improves the awareness as cybersecurity has rapidly evolved to become a patient safety, and therefore, a significant business risk management issue for HDOs.”
Bob Chaput, CEO, Clearwater Compliance

Draft NIST SP 1800-8, Securing Wireless Infusion Pumps in Healthcare Delivery Organizations is available for public comment –

Submit comments on the NCCoE website or to hit_nccoe@nist.gov.

Comments are due on Friday, July 7.

About the National Cybersecurity Center of Excellence (NCCoE)
The National Cybersecurity Center of Excellence (NCCoE), a part of the National Institute of Standards and Technology (NIST), is a collaborative hub where industry organizations, government agencies, and academic institutions work together to address businesses’ most pressing cybersecurity challenges. This public-private partnership enables the creation of practical cybersecurity solutions for specific industries or broad, cross-sector technology challenges. Working with technology partners—from Fortune 500 market leaders to smaller companies specializing in IT security— the NCCoE develops modular, easily adaptable example cybersecurity solutions demonstrating how to apply standards and best practices using commercially available technology. The NCCoE documents these example solutions in the NIST Special Publication 1800 series, which maps capabilities to the NIST Cyber Security Framework and details the steps needed for another entity to recreate the example solution. The NCCoE was established in 2012 by NIST in partnership with the State of Maryland and Montgomery County, Md. Information is available at: https://nccoe.nist.gov.
Contact us

Looking for a Cybersecurity or Compliance Solution that can help you understand and implement a robust cybersecurity plan?

Contact us to learn more about our industry partnerships and the cybersecurity tools we offer.
Contact us