The National Institute of Standards and Technology (NIST) announced this week that it has issued draft cybersecurity guidance for hospitals to consider when using infusion pumps, particularly since infusion pumps are no longer standalone devices and many are now wireless. This increases the risk of cybersecurity threats that could potentially compromise personal information if the device is hacked, or hinder the functionality of the device. The wireless connection of medical devices is referred to as the Internet of Medical Things (IoMT).
After performing a risk analysis of wireless infusion pumps, NIST developed draft guidelines that focus on hospitals’ analysis of the devices and in particular, using technology to protect access to the devices. It then developed an example implementation that hospitals can use to implement “standards-based, commercially available cybersecurity technologies to better protect the infusion pump ecosystem, including patient information and drug library dosing limits.”
According to NIST, “Ultimately, we show how biomedical networking and cybersecurity engineers and IT professionals can securely configure and deploy wireless infusion pumps to reduce cybersecurity risk.”
NIST is seeking comment on the draft Guidelines through July 7, 2017.