1. You are here:
  2. Homepage
  3. News & Insights Search
  4. NIST Kicks Off Wireless Infusion Pump Cybersecurity Project

rf-fullcolor.png

 

Regulatory News
January 25, 2016
by Michael Mezher

NIST Kicks Off Wireless Infusion Pump Cybersecurity Project

The National Institute of Standards and Technology (NIST) is launching a project to improve the cybersecurity of wireless infusion pumps.

To do so, NIST's National Cybersecurity Center of Excellence (NCCoE) is looking for vendors to provide it with the components and technical expertise required to simulate the hospital environment in which infusion pumps operate.

In a notice published in the Federal Register Monday, NIST said the goal of the project is to help health providers secure wireless infusion pumps on an enterprise network.

The project will look at the lifecycle of an infusion pump in a hospital setting, from procurement to decommissioning, as well as the types of infrastructure that interacts with the pumps, including the pump server, wireless networks and a hospital's biomedical engineering department.

NIST says its call for participants is only the start "of a process that will identify research participants and components of a laboratory environment to identify, evaluate, and test relevant security tools and controls," according to a white paper published alongside the notice.

The project will also look at how hackers can interact with the relevant hospital systems.

"Hackers may attempt to attack the pump through various vectors, including the pump, pump server, wireless network, clinical systems, and the hospital IT systems," according a scenario presented in the white paper.

When completed, the NCCoE says the project will help inform a "multi-part practice guide that will help the community evaluate the security environment surrounding infusion pumps deployed in a clinical setting."

Cybersecurity

In recent years, medical device cybersecurity has become a growing concern. News reports about security researchers discovering vulnerabilities in medical devices are more and more common.

In July 2015, FDA warned health care providers that Hospira's Symbic Infusion System could be remotely accessed and manipulated to tamper medications being delivered via the pump. While FDA noted that it was not aware of any cases where this occurred, it still advised hospitals to take steps to sure up the device's security.

On Thursday the Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) revealed another security flaw related to Hospira infusion pumps, in which a hacker could potentially exploit a vulnerability to remotely execute code on a device.

To date, FDA has issuedseveralguidance documents concerning device cybersecurity and last week held two public workshops on the subject.

NCCoE Use Case

Federal Register

Return to listing
×

Welcome to the new RAPS Digital Experience

We have completed our migration to a new platform and are pleased to introduce the updated site.

What to expect: If you have an existing login, please RESET YOUR PASSWORD before signing in. After you log in for the first time, you will be prompted to confirm your profile preferences, which will be used to personalize content.

We encourage you to explore the new website and visit your updated My RAPS page. If you need assistance, please review our FAQ page.

We welcome your feedback. Please let us know how we can continue to improve your experience.