Pointing to a growing number of wireless infusion pumps entering the market, the National Institute of Standards and Technology (NIST) has released draft guidelines for healthcare systems to address cybersecurity threats.
Although infusion pumps were once standalone instruments, the influx of wireless devices has created new and potentially dangerous cybersecurity threats that could interfere with functionality—by initiating changes to prescribed drug doses—or compromise personal data by providing hackers with an additional entry point to a hospital’s network.
NIST’s National Cybersecurity Center of Excellence analyzed risk factors associated with wireless infusion pumps and developed draft guidelines that focus on using cybersecurity technology to protect vulnerable entry points. The guidelines urge hospitals to take a host of precautions, including:
- Conduct a risk assessment of any wireless devices
- Implement a physical access management program to track unique mobile media like flash drives
- Clear wireless credentials if the pump is transported to another facility
- Change wireless network authentication credentials regularly
- Employ individual pump authentication rather than a shared key
- Segment the hospital's network
The FDA has urged medical device manufacturers to build cybersecurity into any new devices or upgrades, noting that manufacturers can issue cybersecurity updates for any reason without FDA approval. Experts have argued that medical devices are the next big target for hackers.