NCCoE Seeks Feedback on Approach to Medical Device Security


The deadline for public comments has been extended until February 20, 2015.

The National Cybersecurity Center of Excellence has launched a new project to address the security of medical infusion pumps. The public is invited to comment on the draft use case.

Hospitals increasingly use networked technology to connect medical devices to a central system. A networked infusion pump, for example, can allow centralized control of the devices’ programming as well as automated cross checks against pharmacy records and patient data to ensure the right dose of fluids or medication are delivered at the right time, to the right patient. But these connected devices can introduce new risks in safety and security compared with standalone devices.

The Technological Leadership Institute at the University of Minnesota facilitated the NCCoE’s discussions with the medical devices community to uncover their concerns. Members of the medical devices industry made it clear that this cybersecurity issue is a priority for them.

Feedback from members of the medical device industry and health IT community will help the center to validate the technical description of this problem and make it as widely applicable as possible. The comment period will be open through January 18, 2015.

Once the comments have been addressed and the draft revised accordingly, members of the NCCoE will collaborate on an example reference design with vendors of applicable technologies, beginning with a notice in the Federal Register to invite participation. To sign up for alerts about the Federal Register notice and other happenings at the NCCoE, enter your email address in the box at the bottom of this page.

To learn more, read the press release from NIST.