September 2, 2018
The National Cybersecurity Center of Excellence (NCCoE) and the National Institute of Standards and Technology (NIST) have issued the final form of the NIST Cybersecurity Practice Guide for Acquiring Wireless Infusion Pumps in healthcare delivery companies.
Wireless infusion pumps are no longer separate appliances. They can be linked to a variety of different healthcare systems, networks, and other appliances and can be a main cybersecurity danger.
If malevolent actors are capable to gain access to the wireless infusion pump ecosystem, locations might be changed on the pumps or malware might be connected that causes the appliances to malfunction, leading to operational and safety dangers.
An attack on the appliances might lead to patients coming to harm, safeguarded health information might be disclosed, and a compromise might lead to disturbance in healthcare facilities, status damage, and substantial financial expenses.
Acquiring wireless infusion pumps is a task. Usual cybersecurity solutions such as anti-virus software might affect the capability of the appliance to perform properly and efficiently. Oftentimes, the pumps have maintenance default passcodes which, if not altered, makes them susceptible to attack. Several wireless infusion pumps can be retrieved distantly. Although this makes management easier, it is also a safety weak point. The appliances might possibly be retrieved distantly by threat actors.
The guide assists healthcare delivery companies to manage and safeguard their wireless networks and infusion pumps, alleviate weaknesses, and protect against dangers.
The guide unites standard-based commercially available technologies with industry best practices to assist healthcare delivery companies to strengthen the safety of the appliances. The guidance includes a questionnaire-based risk assessment and maps the safety features of the wireless infusion pump ecology to the HIPAA Safety Rule and the NIST Cybersecurity Framework.
By using the guide, healthcare delivery companies can create a defense-in-depth solution that will let them safeguard their wireless infusion pumps against a wide variety of different risk factors.
Braun, Smiths Medical, Ramparts, PFP Cybersecurity, MDISS, Intercede, Hospira, Digicert, Clearwater Compliance, Cisco, BD, Baxter, Symantec, and TDI Technologies all took part in the formation of the guide.
NIST Special Publication 1800-8A – Acquiring Wireless Infusion Pumps in Healthcare Delivery Companies – is available for download on this link (PDF).
The 375-page document might take some time to open, depending on the speed of your Internet connection.