NIST partnership focuses on infusion pump security

cybersecurity2

The National Institute of Standards and Technology and consultancy Clearwater Compliance have teamed up to improve security practices for wireless infusion pumps.

Last year, the Food and Drug Administration warned of vulnerabilities in some Hospira models; security experts also have warned that the devices can be hacked.

Infusion pumps generally have long life cycles and security often was not top of mind when they were designed, as med device security expert Kevin Fu has pointed out.

In wireless versions, dosing instructions can be sent remotely, meaning they hold patient data subject to HIPAA that must be removed before they are decommissioned. That makes full life cycle management vital, Gavin O’Brien, senior cybersecurity engineer with the NIST National Cybersecurity Center of Excellence, recently told HealthITSecurity.com.

Rather than trying to come up with solutions independently, NIST has been reaching out to hospital executives and other users for input on the problem, according to the article.

“Instead of making this a government mandate, they are trying to determine best practices, based on real- world examples,” Clearwater Compliance CEO Bob Chaput told HealthITSecurity.com.

The short-term goal is to create guidance documents for healthcare CIOs and chief information security officers; longer-term, NIST plans to create and share a software-as-a-service platform for securing the devices on an enterprise network.

It also plans to work with providers to help them better use the tools they have in place and determine whether they need other tools and software for more effective security.

Suggested Articles

Ochsner Health System is partnering with Color to launch a population health pilot program to integrate genetic information into preventive care.

Health IT company Cerner announced a definitive agreement to acquire IT consulting and engineering firm AbleVets as a wholly owned subsidiary.

Tech giant Google has tapped former Obama administration healthcare official Karen DeSalvo as its first chief health officer.