Cyberattacks on healthcare systems are becoming more frequent
and increasingly devastating. As demonstrated by the recent
crippling ransomware attacks on hospital computers (discussed
here), the risk to patients has escalated from the theft of
sensitive data to interference with clinical care. Rapid advances
in the functionality of wireless medical devices have resulted in
tremendous benefits for patients but have also created exploitable
security gaps that stakeholders are scrambling to close (as
discussed
here).
In December, the U.S. Food and Drug Administration published final
guidance setting forth a general framework for identifying,
monitoring, and addressing cybersecurity vulnerabilities in medical
devices (as discussed
here). While all wireless technology faces cybersecurity risks,
medical devices such as wireless infusion pumps carry a unique
risk, as a hacker has the ability not only to access protected
health information but also to make changes to drug doses and
interfere with the pump's function.
Earlier this month, the National Cybersecurity Center of Excellence
(NCCoE) at the National Institute of Standards and Technology
(NIST) published a set of best practices and guidance on how to
protect against threats to wireless infusion pumps. The guide,
which is primarily intended as a "how-to" for
professionals implementing security solutions, was developed
following collaboration with healthcare stakeholders, technology
vendors, and cybersecurity vendors.
While the NCCoE's guidance offers solutions for securing the
infusion pump, server components, and the surrounding network,
NCCoE suggests that the security controls detailed in the
publication can be tailored and applied to increase security for
other types of medical devices.
"Securing Wireless Infusion Pumps In Healthcare Delivery
Organizations" (NIST Special Publication 1800-8) can be viewed
or downloaded here.
For more articles and regular updates on legislative changes, regulatory developments and other news of interest to businesses, professionals and investors in the healthcare industry, please subscribe to Day Pitney's mailing lists.
Click here for more Healthcare Blogs from Day Pitney
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.