News and Events

May 16, 2018

The National Institute of Standards and Technology (NIST) has announced that it will be seeking industry input on developing use cases for its framework of cybersecurity standards related to patient imaging devices. NIST’s latest announcement is directed at eventually providing security guidance for the healthcare sector’s most common uses of data.

May 09, 2018

The National Institute of Standards and Technology’s National Cybersecurity Center of Excellence today issued a request for technical expertise and products to help improve the cybersecurity of Picture Archiving and Communications Systems, widely used for treatment and diagnosis in hospitals. In a Federal Register notice, NIST “invites organizations to provide products and technical expertise to support and demonstrate security platforms” for the cybersecurity of PACS, which comprise medical imaging technology used for storing and presenting images produced by MRIs, X-rays, CT scanners, and other devices.

May 01, 2018

This article discusses how the National Cybersecurity Center of Excellence (NCCoE) develops practical and usable cybersecurity guidance that can be adopted across industries, including the healthcare sector. The NCCoE works across public-private partnerships to create the National Institute of Standards and Technology (NIST) Special Publication (SP)1800 Series practice guides that are focused on specific industry challenges that companies can adopt for use.

April 16, 2018

The NCCoE will present and provide project demonstrations at the RSA Conference 2018 in San Francisco. Click for additional information on topics, times, and locations.

March 05, 2018

Engage with the NCCoE and NIST at the Healthcare Information and Management Systems Society (HIMSS) Annual Conference and Exhibition to learn how we are accelerating the deployment and use of secure, standards-based technologies to enhance cybersecurity. Click fore more information on our presentations and kiosk location.

January 26, 2018

NIST and the National Cybersecurity Center of Excellence (NCCoE) have been using Cooperative Research and Development Agreements (CRADAs) for joint cybersecurity efforts. Companies with relevant products were invited to sign a CRADA with NIST, allowing them to participate in a consortium to build this example solution. NIST aims to describe the process that brings together the collaborators in an open and transparent way.

November 08, 2017

To help manufacturers mitigate security risks, the National Institute of Standards and Technology and the National Cybersecurity Center of Excellence convened a coalition of technology companies to establish standards to help manufacturers and healthcare providers strengthen the security of the wireless infusion pump ecosystem. The resulting document, “Special Publication 1800-8: Securing Wireless Infusion Pumps In Healthcare Delivery Organizations” provides guidance on how to incorporate technology considerations, including cybersecurity controls, during the device design and FDA review processes.

September 15, 2017

Smiths Medical is scrambling to address cybersecurity risks involving its wireless infusion pump, a type of device that is particularly vulnerable to attack. Earlier this year the National Cybersecurity Center of Excellence (NCCoE) released a draft version of practice guides specific to wireless infusion pumps.

September 05, 2017

NIST and the Department of Health and Human Services (HHS), Office for Civil Rights (OCR) are co-hosting the 10th annual conference, Safeguarding Health Information: Building Assurance through HIPAA Security, at the Hyatt Regency, Washington, D.C. The conference will explore the current healthcare cybersecurity landscape and the (HIPAA) Security Rule. The NCCoE will provide updates on its Healthcare sector projects in two presentations. 

August 08, 2017

“The latest variation on a theme regarding this threat is what can appropriately be called a ransomworm,” said Rich Curtiss, managing consultant at Clearwater Compliance, a former hospital CIO, and liaison for cybersecurity vulnerability projects with the National Cybersecurity Center of Excellence. “This is a combination of two types of malware, ransomware and a worm. While we have become all too familiar with ransomware in the healthcare sector, we have ignored other forms of malware.”

June 27, 2017

NCCoE Director of Operations Tim McBride will speak at Cyber Hygiene for the Health Sector on Tuesday, June 27 from 8am-9:30am EST at Launch Workplaces (9841 Washingtonian Blvd Ste 200, Gaithersburg, MD 20878). Do you worry about the security of your organizations data, your customer's data, or the potential impacts of a cyber attack on your organization? McBride will join speakers Denise Anderson, President, National Health Information Sharing and Analysis Center (NH-ISAC) and Kevin Crain, CISO, UMD Health System to examine the need for good cyber hygiene in healthcare sector organizations.

June 27, 2017

One of the final frontiers of medicine is using technology to solve problems medication and traditional surgery cannot. Implantable medical devices help regulate heart rhythms, steady the tremors of Parkinson's patients, and deliver insulin. But how susceptible are they to getting hacked?

June 02, 2017

The recent Ransomware event has focused attention on the fragile state of information systems across the globe. Unfortunately, it is not because the malicious actors are leveraging advanced technology or unique exploits. It is caused by a breakdown in the day-to-day maintenance of the information technology resources which are so inextricably linked to our everyday lives. No individual industry is more affected by the form of malicious software (“Malware”) known as Ransomware than the healthcare industry. 

May 19, 2017

Earlier this month, the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) published a set of best practices and guidance on how to protect against threats to wireless infusion pumps. The guide, which is primarily intended as a “how-to” for professionals implementing security solutions, was developed following collaboration with healthcare stakeholders, technology vendors, and cybersecurity vendors.

May 11, 2017

The National Institute of Standards and Technology (NIST), in collaboration with the National Cybersecurity Center of Excellence (NCCoE), has released new guidance for healthcare delivery organizations on securing wireless infusion pumps to prevent unauthorized access.

May 11, 2017

New draft guidance from the National Institute of Standards and Technology calls for using commercially available, standards-based technologies to improve the security of wireless infusion pumps.

May 11, 2017

The National Institute of Standards and Technology (NIST), in collaboration with the healthcare community and manufacturers, has released draft guidelines designed to help healthcare delivery organizations improve wireless infusion pump cybersecurity.

May 10, 2017

The National Institute of Standards and Technology has released for public comment draft guidance on protecting medical devices that deliver fluids and medications to patients – infusion pumps – from cyber attacks.

May 10, 2017

On May 8, 2017, the National Institute of Standards and Technology (NIST), through its National Cybersecurity Center of Excellence (NCCoE), released a new draft NIST Cybersecurity Practice Guide (SP 1800-8) entitled “Securing Wireless Infusion Pumps in Healthcare Delivery Organizations.” 

May 10, 2017

The vulnerabilities of wireless medical infusion pumps (WMIP), are numerous according to NIST published report. Let’s explore accountability. Who is actually responsible for managing, maintaining and controlling wireless infusion pumps?