New Collaborative NIST Cybersecurity Guidance for Securing Wireless Infusion Pumps
Why Healthcare Executives Should Care About This Practice Guide
Reduce risk. This guide demonstrates how an HDO can use standards-based commercially available technologies and industry best practices to strengthen the security of the wireless infusion pump ecosystem and reduce cybersecurity risk. This can also potentially reduce safety and operational risks, such as interference with the standard operation of a medical device or loss of PHI.
Develop and execute a defense-in-depth strategy. The guide provides guidance on how an HDO can better protect its enterprise with a layered security model to avoid a single point of failure and provide strong support for availability of critical systems and resources.
Detailed implementation information for your organization. The guide gives detailed information for all levels of business and technical expertise within your healthcare organization. This can help your leadership understand the cybersecurity risks surrounding wireless medical devices; help your security officers conduct risk assessments and develop mitigation plans; and help your technical staff implement improved security measures for the wireless infusion pump ecosystem.
Why Healthcare IT Professionals Should Care About This Practice Guide
Reduce cybersecurity risks. Healthcare IT professionals can use this guide to help reduce the cybersecurity risk to their organization through unsecured or improperly configured wireless infusion pumps. The guide shows how a variety of cybersecurity best practices (e.g. network segmentation, authentication, encryption, etc.) can better protect the pump ecosystem.
Map to cybersecurity standards and best practices. For healthcare IT professionals, there are a number of industry-specific standards and best practices that are critical for their healthcare organization. This guide provides a cross-walk of the example solution’s security characteristics to the NIST Cybersecurity Framework, best practices from relevant organizations, and industry standards such as the Health Insurance Portability and Accountability Act (HIPAA) Security Rule.
Develop and encourage new cybersecurity best practices for healthcare. The guide leverages expertise from healthcare IT thought leaders and relies on your feedback to ultimately improve the awareness of cybersecurity best practices within the industry. With your support and lessons learned from real-world implementations, the guide can serve as a starting point for developing new best practices for healthcare providers to consider when on-boarding medical devices.
About NIST SP 1800-8 Securing Wireless Infusion Pumps in Healthcare Delivery Organizations
As the IoMT grows, cybersecurity risks have risen. In particular, the wireless infusion pump ecosystem (the pump, the network, and the data stored on a pump system) face a range of potential threats, such as unauthorized access to protected health information (PHI), changes to prescribed drug doses, and interference with a pump’s intended function.
To help the healthcare sector address these cybersecurity challenges, the NCCoE, together with several healthcare technology vendors, has developed cybersecurity guidance that demonstrates how HDOs can use standards-based, commercially available cybersecurity technologies to better protect the infusion pump ecosystem, including patient information and drug library dosing limits.
What is this practice guide about?
NCCoE developed a use case and practice guide to demonstrate how healthcare delivery organizations can use best practices along with standards-based, commercially available cybersecurity technologies to better protect their wireless infusion pump ecosystem.