WIRELESS INFUSION PUMPS must provide a steady inflow of life-saving or life-sustaining medications, but these critical devices come with significant risks that every healthcare orga- nization must address. To operate effectively and efficiently, infusion pumps often must be linked to a network and to the internet, which brings the risk of malicious manipulation that can result in patient harm, data breaches, and can even expose an entire organization’s computer system to ransom- ware. Federal regulatory agencies have put attention on these key security issues, leading to conclusions on practical take- aways for healthcare organizations. The risks of wireless medical devices have received dramatic attention, including an episode of the TV series Homeland,
where a hacked cardiac pacemaker was manipulated to assassinate the vice president. While the portrayal in the Homeland
episode may have been dramatized for effect, it reflects very real
Government Issues Warnings, Guidance
Networked medical devices have been on the cybersecurity
radar screen for some time and received attention in the 2017
report from the Health Care Industry Cybersecurity Task Force.
The report identified a number of patient risks that can result
from inadequate security on medical devices, including unauthorized alteration of data or operating parameters and denial
of service attacks which can render a device inoperable and lead
to exfiltration of patient data.
In September 2017, the Food and Drug Administration (FDA)
issued a recall for almost a half million pacemakers.
2 In that
same month came news about infusion pumps’ vulnerability.
The FDA has been issuing guidance about the risks associ-
ated with infusion pumps for some time and has a webpage
dedicated to this issue.
4 Mitigating risks to wireless infusion
pumps has received more attention recently. In October 2018,
the FDA issued a draft update of its 2014 guidance concern-
ing Premarket Submissions for Management of Cybersecu-
rity in Medical Devices.
5 In November 2018, the FDA issued a
“FDA In Brief” document highlighting its oversight efforts for
infusion pumps and other medical devices.
The FDA guidance is directed at manufacturers of all types
of medical devices and provides information to manufacturers
about cybersecurity issues that the FDA will examine in future
pre-market reviews of devices. However, the guidance has helpful information about issues that healthcare organizations currently face in deploying and maintaining wireless devices, discussed later in this article.
In August 2018, the National Cybersecurity Center of Excellence (NCCoE) finalized the draft guidance it first issued last
year on securing wireless infusion pumps.
7 The NCCoE guidance is targeted for clinical and administrative leaders, as well
as the IT staff who run their networks. The 375-page report has
detailed information about technical measures to secure infusion pumps. For a good visual representation of the suggested
system architecture consult the second page of NCCoE’s Summary, which is linked on the webpage where NCCoE’s guidance
8 The guidance stresses that the architecture for
these solutions uses commercially available hardware and software and was developed with input from the vendors.
A fundamental takeaway from NCCoE is the need to come to
grips with common vulnerabilities of these devices, listed in Appendix B of NCCoE’s guidance, including:
Infusion pumps may stay in service beyond the point at
By William R. Shenton, JD