News and Events

Medical Device Security Focus in Recent NCCoE Collaboration

May 09, 2017

The National Cybersecurity Center of Excellence (NCCoE) recently released a draft of the NIST Cybersecurity Practice Guide, Securing Wireless Infusion Pumps in Healthcare Delivery Organizations, to help improve medical device security. NCCoE collaborated with the Technological Leadership Institute at the University of Minnesota to ensure that wireless medical infusion pumps are properly secured.

NCCoE Heralds Release of NIST SP 1800-8 Securing Wireless Infusion Pumps

May 09, 2017

The National Institute of Standards and Technology (NIST) National Center for Cybersecurity Excellence (NCCOE) has released it’s latest draft medical device related security document, entitled ‘NIST Special Publication 1800-8 Cybersecurity Special Publication 1800-8 Securing Wireless Infusion Pumps – In Healthcare Delivery Organizations‘. Authored by Gavin O’Brien, Sallie Edwards, Kevin Littlefield, Neil McNab, Sue Wang and Kangmin Zheng – the document is available as either a PDF or web-based artifact. 

New Draft Guide to Help Healthcare Delivery Organizations Improve Wireless Infusion Pump Cybersecurity

May 05, 2017

As the world rapidly embraces the Internet of Things, properly securing medical devices has grown challenging for most healthcare delivery organizations (HDOs). That’s because medical devices, such as infusion pumps, have evolved from standalone instruments that interacted only with the patient and a medical provider into devices that now connect wirelessly to a variety of systems, networks, and other platforms to enhance patient care, as part of the broader Internet of Medical Things (IoMT). As a result, cybersecurity risks have risen. Wireless infusion pump ecosystems, which include the pump, the network, and the data stored in and on a pump, face a range of potential threats, such as unauthorized access to protected health information (PHI), changes to prescribed drug doses, and...

HIMSS Annual Conference & Exhibition

February 19, 2017

The NCCoE will be participating with NIST at the 2017 Healthcare Information and Management Systems Society (HIMSS) Annual Conference & Exhibition at the Orange County Convention Center in Orlando, Fl.  for additional information on presentations, demonstration times, and exhibition location. 

NIST’s NCCoE Showcases Projects at RSA, HIMSS Conferences

February 09, 2017

The National Cybersecurity Center of Excellence (NCCoE), a part of the National Institute for Standards and Technology (NIST), will demonstrate its current projects in San Francisco Feb. 13-17 at the RSA Conference and Orlando Feb 19-23 at the Healthcare Information and Management Systems Society Annual Conference & Exhibition (HIMSS17).

Individuals and organizations interested in learning more about the NCCoE’s work and how they can participate are encouraged to visit the booth and attend the presentations and demonstrations listed below.

RSA Conference: February 13-17, 2017

Clearwater Achieves #11 Rank in Top 500 Global Cybersecurity Companies to Watch in 2017

November 29, 2016

The announcement comes at an opportune time for Clearwater as the company is experiencing record growth, a strong demand for its Cyber Risk Services (CRS) solution, a new managed solution to help hospital CIOs and CISOs safeguard their data, systems, and reputation and the company’s selection by the National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE) ...

NCCoE Speaker Series Discusses Cybersecurity in the Health Community

November 10, 2016

On Wednesday November 9, 2016, the National Cybersecurity Center of Excellence (NCCoE) hosted “Cybersecurity in the Health Community,” part of the NCCoE Speaker Series. The event brought together a variety of cybersecurity professionals to the NCCoE campus to further the discussion on cybersecurity in the healthcare environment.

AEHIX 16 Fall Forum

November 03, 2016

NCCoE Computer Scientist Gavin O'Brien will participate in the "Information Security: It's Everyone's Problem" session from 10:30m-11:30am at the AEHIX 16 Fall Forum in Phoenix, Arizona. This session explores the current threat landscape and identifies best practices for protecting the organization and information vital to patient care and business operations. This fall forum aims to bring together thought leaders from across health IA, IT, and IS specialties to network and share ideas on how IT can help bend the cost curve.

Is the Human Body the Cure for Mobile Data Security Concerns?

October 19, 2016

Both mobile device security and medical device security are increasingly popular topics in the healthcare industry. While there has not yet been a case of a hacked medical device affecting a patient, the concern for such a scenario is growing. The National Cybersecurity Center of Excellence (NCCoE) is investigating how best to improve wireless medical infusion pump security.

Safeguarding Health Information: Building Assurance through HIPAA Security

October 18, 2016

NIST and the Department of Health and Human Services' Office for Civil Rights will co-host the 9th annual Safeguarding Health Information: Building Assurance through HIPAA Security Conference on October 19-20, 2016 at the Capital Hilton, Washington, D.C. NCCoE computer scientist Gavin O'Brien will host a panel on "Addressing Healthcare Cybersecurity Challenges through Standards-based Solutions" on October 19 from 1:15pm-2:15pm.

Medical Device Cybersecurity Key Focus in NIST Partnership

September 07, 2016

A new risk assessment project designed for monitoring wireless IV medical infusion pumps hopes to further strengthen medical device cybersecurity across the healthcare industry. Gavin O’Brien, senior cybersecurity engineer with NCCoE discussed the partnership with HealthITSecurity.com and what it means for medical device cybersecurity.

NIST Selects Clearwater Compliance for Research Project to Bolster Cybersecurity of Wireless IV Medical Infusion Pumps

September 07, 2016

Clearwater Compliance, a leading healthcare cybersecurity company, will collaborate with the National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE) as part of a wide-ranging, first-of-its-kind risk assessment project focusing on wireless IV medical infusion pumps. This research project will investigate how to improve wireless IV medical infusion pumps’ security, with an end goal of helping companies and organizations increase their cyber risk assessment and management capability. The end result of this collective collaboration is a reference design and an implementation guide on how to protect wireless IV medical infusion pumps from unintended errors or unauthorized access, including malicious acts.

Why NIST Is Revising Infusion Pump Cybersecurity Guidance

March 06, 2016

The National Institute of Standards and Technology is reworking its guidance on the cybersecurity of wireless infusion pumps, with plans to release the document by the end of this year, says Gavin O'Brien, a computer scientist at NIST's National Cybersecurity Center of Excellence, which is taking charge of the project.

The upcoming guidance is a new version of a white paper that NIST first unveiled in December 2014 about the cybersecurity of wireless infusion pumps. The document is being revised based, in part, on feedback NIST received from healthcare industry stakeholders about the original white paper, which was criticized by some as being too prescriptive, O'Brien says.

Security of networked medical devices must accommodate real-world medical practice

March 02, 2016

Infusion pumps are one of the most ubiquitous medical devices in the United States, but even as they provide patients with nutrients and medication, they also provide hackers with a potential entry point into hospital networks. Nathan Lesser, Deputy Director of the National Cybersecurity Center of Excellence (NCCoE), has been working with healthcare organizations to study how best to secure networked medical devices like infusion pumps without impeding the work of doctors and nurses.

HIMSS Conference and Exhibition

February 28, 2016

The NCCoE will be co-exhibiting with NIST at the Healthcare Information and Management Systems Society (HIMSS) Conference and Exhibition from Feb. 29 to March 4, 2016.

Maryland is headed west to RSA 2016

February 27, 2016

Maryland is headed west – to San Francisco, for RSA 2016, the nation’s premier information security conference which kicks off Monday at the Moscone Center. The Maryland Department of Commerce will lead the CyberMaryland delegation to the conference, which draws more than 30,000 attendees and runs through Friday, March 4.

Pressure grows to boost security of infusion pumps

February 09, 2016

Momentum is building toward finding a way to fix security vulnerabilities in wireless medical infusion pumps, which are widely used in the nation’s hospitals.

The National Institute of Standards and Technology (NIST) is mounting the charge, announcing in late January that it’s looking for technology companies to participate in a collaborative project to improve the security of wireless infusion pumps.

The work will be conducted by the National Cybersecurity Center of Excellence (NCCoE), with the end result serving as a solution framework to beef up the security of the pumps.

How Cybersecurity National Action Plan Affects Healthcare

February 09, 2016

Earlier this week, President Barack Obama announced the implementation of the Cybersecurity National Action Plan (CNAP) in an effort to further improve the nation’s approach to cybersecurity.

In terms of healthcare cybersecurity, the increase in information sharing could be greatly beneficial, according to earlier statements from the Health Information Trust Alliance (HITRUST).

NIST seeks vendor partners to work on wireless infusion pump security

January 31, 2016

The National Institute of Standards and Technology (NIST) is looking for vendor partners to work on an example solution to securing wireless medical infusion pumps, according to a notice in the Federal Register.

NIST doesn't endorse particular products; the work will center on standards and best practices, defining the interactions between people and systems, performing a risk assessment and identifying mitigating security technologies, according to an announcement.

NIST Goes After Infusion Pump Security Vulnerabilities

January 28, 2016

The National Institute of Standards and Technology has kicked off a project focused on boosting the security of wireless infusion pumps. In an effort to be sure researchers understand the hospital environment and how the pumps are deployed, NIST’s National Cybersecurity Center of Excellence (NCCoE) plans to work with vendors in this space. The NCCoE will also collaborate on the effort with the Technological Leadership Institute at the University of Minnesota.