U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

SP 1800-8 (Draft)

Securing Wireless Infusion Pumps in Healthcare Delivery Organizations

Date Published: May 2017
Comments Due: July 7, 2017 (public comment period is CLOSED)
Email Questions to: hit_nccoe@nist.gov

Author(s)

Gavin O'Brien (NIST), Sallie Edwards (MITRE), Kevin Littlefield (MITRE), Neil McNab (MITRE), Sue Wang (MITRE), Kangmin Zheng (MITRE)

Announcement

As the world rapidly embraces the Internet of Things, properly securing medical devices has grown challenging for most healthcare delivery organizations (HDOs).

That's because medical devices, such as infusion pumps, have evolved from standalone instruments that interacted only with the patient and a medical provider into devices that now connect wirelessly to a variety of systems, networks, and other platforms to enhance patient care, as part of the broader Internet of Medical Things (IoMT).

As a result, cybersecurity risks have risen. Wireless infusion pump ecosystems, which include the pump, the network, and the data stored in and on a pump, face a range of potential threats, such as unauthorized access to protected health information (PHI), changes to prescribed drug doses, and interference with a pump's intended function.

In collaboration with the healthcare community and manufacturers, the NCCoE developed cybersecurity guidance, draft NIST Special Publication 1800-8, Securing Wireless Infusion Pumps in Healthcare Delivery Organizations, which uses standards-based, commercially available technologies and industry best practices to help HDOs strengthen the security of wireless infusion pumps within healthcare facilities. The draft guide is now open for public comment.  

Abstract

Keywords

digital certificates; encryption; infusion pumps; Internet of Things; IoT; medical devices; network zoning; pump servers; questionnaire-based risk assessment; segmentation; VPN; Wi-Fi; wireless medical devices; authorization; authentication
Control Families

None selected

Documentation

Publication:
Draft SP 1800-8

Supplemental Material:
Project homepage (web)

Document History:
05/08/17: SP 1800-8 (Draft)
08/17/18: SP 1800-8 (Final)