NIST SPECIAL PUBLICATION 1800-8A


Securing Wireless Infusion Pumps

In Healthcare Delivery Organizations


Volume A:

Executive Summary


DRAFT


Gavin O’Brien

National Cybersecurity Center of Excellence

Information Technology Laboratory


Sallie Edwards

Kevin Littlefield

Neil McNab

Sue Wang

Kangmin Zheng

The MITRE Corporation

McLean, VA



May 2017



image0



Executive Summary

  • Broad technological advancements have contributed to the Internet of Things (IoT) phenomenon, where physical devices now have technology that allow them to connect to the internet and communicate with other devices or systems [1]. With billions of devices being connected to the internet [2], many industries, including healthcare, have or are beginning to leverage IoT devices to improve operational efficiency and enhance innovation.
  • Medical devices, such as infusion pumps [3], were once standalone instruments that interacted only with the patient or medical provider. With technological improvements designed to enhance patient care, these devices now connect wirelessly to a variety of systems, networks, and other tools within a healthcare delivery organization (HDO) – ultimately contributing to the Internet of Medical Things (IoMT).
  • As IoMT grows, cybersecurity risks have risen. According to the Association for the Advancement of Medical Instrumentation (AAMI) Technical Information Report 57 (TIR57), “this has created a new source of risk for [the] safe operation [of medical devices]” [4]. In particular, the wireless infusion pump ecosystem (the pump, the network, and the data stored in and on a pump) face a range of threats, including unauthorized access to protected health information (PHI), changes to prescribed drug doses, and interference with a pump’s function.
  • In addition to managing interconnected medical devices, HDOs oversee complex, highly technical environments, from back-office applications for billing and insurance services, supply chain and inventory management, and staff scheduling to clinical systems such as radiological and pharmaceutical support. In this intricate healthcare environment, HDOs and medical device manufacturers that share responsibility and take a collaborative, holistic approach to reducing cybersecurity risks of the infusion pump ecosystem can better protect healthcare systems, patients, PHI, and enterprise information.
  • The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) analyzed risk factors in and around the infusion pump ecosystem using a questionnaire-based risk assessment. With the results of that assessment, the NCCoE then developed an example implementation that demonstrates how HDOs can use standards-based, commercially available cybersecurity technologies to better protect the infusion pump ecosystem, including patient information and drug library dosing limits.

CHALLENGE

Technology improvements happen rapidly across all sectors. For organizations focused on streamlining operations and delivering high-quality patient care, it can be difficult to take advantage of the latest technological advances, while also ensuring new medical devices or applications are secure. For many HDOs, this can result in improperly configured information technology networks and components that increase cybersecurity risks.

Unlike prior medical devices that were once standalone instruments, today’s wireless infusion pumps connect to a variety of healthcare systems, networks, and other devices. Although connecting infusion pumps to point-of-care medication systems and electronic health records (EHRs) can improve healthcare delivery processes, using a medical device’s connectivity capabilities can create significant cybersecurity risk, which could lead to operational or safety risks. Tampering, intentional or otherwise, with the wireless infusion pump ecosystem can expose a healthcare provider’s enterprise to serious risks, such as:

  • access by malicious actors
  • loss or corruption of enterprise information and patient data and health records
  • a breach of protected health information
  • loss or disruption of healthcare services
  • damage to an organization’s reputation, productivity, and bottom-line revenue

As IoMT grows, with an increasing number of infusion pumps connecting to networks, the vulnerabilities and risk factors become more critical as they can expose the pump ecosystem to external attacks, compromises, or interference.

SOLUTION

The NCCoE has developed cybersecurity guidance, NIST Special Publication 1800-8 Securing Wireless Infusion Pumps, using standards-based commercially available technologies and industry best practices to help HDOs strengthen the security of the wireless infusion pump ecosystem within healthcare facilities.

This NIST cybersecurity publication provides best practices and detailed guidance on how to manage assets, protect against threats, and mitigate vulnerabilities by performing a questionnaire-based risk assessment. In addition, the security characteristics of wireless infusion pump ecosystem are mapped to currently available cybersecurity standards and the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. Based on our risk assessment findings, we apply security controls to the pump’s ecosystem to create a ‘defense-in-depth’ solution for protecting infusion pumps and their surrounding systems against various risk factors. Ultimately, we show how biomedical, networking, and cybersecurity engineers and IT professionals can securely configure and deploy wireless infusion pumps to reduce cybersecurity risk.

Although the NCCoE used a suite of commercially available tools and technologies to address wireless infusion pump cybersecurity challenges, this guide does not endorse any specific products, nor does it guarantee compliance with any regulatory initiatives. Your organization’s information security experts can identify solutions that will best integrate with your organization’s current tools and IT system infrastructure. Your organization may choose to adopt this solution, or one that adheres to these guidelines, or you may refer to this guide as a starting point for tailoring and implementing specific parts that best suit your organization’s risk profile and needs.

BENEFITS

The NCCoE’s practice guide to securing the wireless infusion pump ecosystem can help your organization:

  • reduce cybersecurity risk, and potentially reduce impact to safety and operational risk, such as the loss of patient information or interference with the standard operation of a medical device
  • develop and execute a defense-in-depth strategy that protects the enterprise with layers of security to avoid a single point of failure and provide strong support for availability
  • implement current cybersecurity standards and best practices, while maintaining the performance and usability of wireless infusion pumps

SHARE YOUR FEEDBACK

You can view or download the guide at https://nccoe.nist.gov/projects/use_cases/medical_devices. Help the NCCoE make this guide better by sharing your thoughts with us. We recognize that technical solutions alone will not fully enable the benefits of a cybersecurity solution, so we encourage organizations to share their lessons learned and best practices for transforming the processes associated with implementing these guidelines.

To provide comments or to learn more by arranging a demonstration of this reference solution, contact the NCCoE at hit_nccoe@nist.gov.

TECHNOLOGY PARTNERS/COLLABORATORS

Technology vendors who participated in this project submitted their capabilities in response to a call in the Federal Register. Companies with relevant products were invited to sign a Cooperative Research and Development Agreement with NIST, allowing them to participate in a consortium to build this example solution.

image2

Certain commercial entities, equipment, products, or materials may be identified in this practice guide to adequately describe an experimental procedure or concept. Such identification is not intended to imply recommendation or endorsement by NIST or NCCoE, nor is it intended to imply that the entities, equipment, products, or materials are necessarily the best available for the purpose.


The National Cybersecurity Center of Excellence (NCCoE), a part of the National Institute of Standards and Technology (NIST), is a collaborative hub where industry organizations, government agencies, and academic institutions work together to address businesses’ most pressing cybersecurity challenges. Through this collaboration, the NCCoE applies standards and best practices to develop modular, easily adaptable example cybersecurity solutions using commercially available technology

https://nccoe.nist.gov | nccoe@nist.gov | 301-975-0200


[1]Internet of Things, Gartner IT Glossary, http://www.gartner.com/it-glossary/internet-of-things/ [accessed 4/5/2017].
[2]Popular Internet of Things Forecast of 50 Billion Devices by 2020 Is Outdated, IEEE Spectrum, 2016. http://spectrum.ieee.org/tech-talk/telecom/internet/popular-internet-of-things-forecast-of-50-billion-devices-by-2020-is-outdated [accessed 4/5/2017].
[3]Defined by the Food and Drug Administration (FDA) as “a medical device that delivers fluids into a patient’s body in a controlled manner, either through the use of interconnected servers or via a standalone drug library-based medication delivery system.” https://www.fda.gov/medicaldevices/productsandmedicalprocedures/generalhospitaldevicesandsupplies/infusionpumps/default.htm [accessed 4/5/2017].
[4]Principles of Medical Device Security, Association for the Advancement of Medical Instrumentation (AAMI) Technical Information Report (TIR) 57, 2016, ix pp.