– Clearwater Compliance announced its partnership with NIST and the National Cybersecurity Center of Excellence (NCCoE) to help organizations improve healthcare wireless network security.
The partnership focuses on securing wireless infusion pumps. NIST released a draft practice guide, Securing Wireless Infusion Pumps in Healthcare Delivery Organizations, outlining best practices. The guide also advises healthcare organizations on how to use standards-based, commercially available cybersecurity technologies to protect their wireless network.
The guide presents methods for addressing assets, threats, and vulnerabilities, and also provides a NIST-based risk assessment. Organizations following the guide will be able to create layers of cybersecurity that work together to protect against threat sources and threat events.
The guide also helps entities follow HIPAA security standards.
Healthcare organizations can also improve in the following areas from the NCCoE guide:
- reduce cybersecurity risk, and potentially reduce impact to safety and operational risk, such as the loss of patient information or interference with the standard operation of a medical device
- develop and execute a defense-in-depth strategy that protects the enterprise with layers of security to avoid a single point of failure and provide strong support for availability
- implement current cybersecurity standards and best practices, while maintaining the performance and usability of wireless infusion pumps
“Reducing cybersecurity risk, developing and executing in-depth cybersecurity strategies and offering best practices for healthcare organizations especially as it applies so directly to patient safety issues is critical to Clearwater’s mission,” Clearwater Compliance CEO Bob Chaput said in a statement. “We are honored to collaborate with NIST on a guide that improves the awareness as cybersecurity has rapidly evolved to become a patient safety, and therefore, a significant business risk management issue for health delivery organizations.”
Wireless infusion pumps connect to many health IT infrastructure systems within an organization, giving them access to clinical data.
“Although connecting infusion pumps to point-of-care medication systems and EHRs can improve healthcare delivery processes, using a medical device’s connectivity capabilities can create significant cybersecurity risk, which could lead to operational or safety risks,” the report stated. “Tampering, intentional or otherwise, with the wireless infusion pump ecosystem can expose a healthcare provider’s enterprise to serious risks.”
Some of the risks include access by malicious outsiders, loss or corruption of EHRs and clinical data, PHI breaches, loss or disruption of healthcare services, and damage to an organization’s reputation, productivity, and bottom-line revenue.
Infusion pumps are a part of the healthcare Internet of Things (IoT), which continues to grow to include…