- The National Institute of Standards and Technology (NIST) has released the final version of its guidelines to help healthcare organizations guard against cybersecurity threats to wireless infusion pumps.
- Wireless infusion pumps face risks ranging from unauthorized access to protected health information to interference with a pump’s function and drug dosing, the agency said.
- The 375-page publication aims to show biomedical engineers and IT professionals how to use standards-based, commercially available technologies to securely configure wireless infusion pumps to reduce cybersecurity risk.
Vulnerability of medical devices to hackers has long been a concern of the healthcare industry and regulators. Last month, after a congressional committee looking into the issue asked for input from the healthcare industry, numerous providers and trade groups submitted comments calling for a coordinated effort to protect devices and electronic health records from cyberattacks.
Congress is particularly concerned about the vulnerability of older, legacy technologies to security threats. The American Medical Association told the committee that 83% of physician practices have reported experiencing some form of a cybersecurity attack.
FDA is accelerating efforts to protect the security of connected medical devices with a plan to reduce vulnerabilities over a product’s lifecycle. The agency's Medical Device Safety Action Plan seeks requirements for manufacturers to build security updates into products and other protections, but has encountered resistance from companies fearing the proposed new obligations could become too burdensome.
Infusion pumps, which are used to deliver drugs directly into patients’ bloodstreams, have been viewed as particularly susceptible to cyber attacks because of their widespread use.
NIST, in its guide, said healthcare organizations focused on streamlining operations and delivering high-quality patient care may find it hard to incorporate the latest technological advances for securing medical devices.
Infusion pumps, once standalone devices, are now increasingly connected to the computer networks of health systems, where they are exposed to potential external attacks or interference.
A number of companies and groups collaborated with NIST to develop the guide, including B. Braun Medical, Baxter, Becton Dickinson, Cisco, Clearwater Compliance, DigiCert, Hospira, Intercede, PFP Cybersecurity, Ramparts, Smiths Medical, Symantec, TDi Technologies, and the Medical Device Innovation, Safety and Security Consortium.