Healthcare providers rely on network-connected devices, such as wireless infusion pumps, to treat patients more safely and efficiently.
But if not secured, these devices are vulnerable to tampering, intentional or not, and expose your organization and your patients to significant risk.
Is your hospital at risk?
The NCCoE has developed a free, comprehensive guide to help healthcare providers understand the risks associated with connected medical devices and guard against those risks.
While the NCCoE practice guide focuses on wireless infusion pumps, the cybersecurity principles and solution discussed can be applied to any network-connected medical device within a healthcare setting.
Find out more about the risks of unsecured network-connected medical devices.
This practice guide explains which security controls and technologies can help secure wireless infusion pumps and other medical devices. The NCCoE recommends a risk-based approach.
Risk represents the potential for loss, damage or destruction of an asset, like a wireless infusion pump, as a result of a threat exploiting a vulnerability.
An effective risk assessment includes:
assets and their status
vulnerabilities and threats
users and systems and the level of access for each
For a comprehensive look at how to conduct a risk assessment, please refer to NIST SP 800-30, Guide for Conducting Risk Assessments.
NIST SP 1800-8 identified the following concerns in its risk assessment of a typical healthcare delivery organization.
For the complete risk assessment, see NIST SP 1800-8, Volume B.
insecure network configuration
lack of an asset inventory
weak access controls
unpatched medical devices
disruption of services
If a malicious actor (threat) exploits a vulnerability in your network, the risks to your organization could include:
unauthorized access to critical systems
manipulation of infusion pumps (patient safety)
use of unsecured devices as a pivot point to other more critical systems (patient data/disruption of services)
Applying NIST Cybersecurity Framework
The NCCoE applied the NIST Cybersecurity Framework to determine which security controls could assist in mitigating these potential risks.
(ID.AM) – knowing what devices are connected to your enterprise network and whether timely patches are applied to limit vulnerabilities
Identity Management and Access Control
(PR.AC) – knowing who and what systems can access devices and what those devices are being asked to do. This can limit improper access and use of critical medical devices
(PR.DS) – protecting sensitive data from improper access and manipulation
For the complete list, see NIST SP 1800-8, Volume B
This function protects and minimizes damage against a cybersecurity attack.
Some ways to identify risks include:
This function ensures the delivery of critical IT services throughout an organization.
Some ways to protect against risks include:
This function ensures timely discovery of any cybersecurity events taking place.
Some ways to detect cybersecurity events include:
This function helps contain the impact of a detected cybersecurity event.
Some ways to respond to an attack or suspicious behavior:
This function helps restore services that were impaired during the cybersecurity event.
Some steps to take when recovering from a cybersecurity event include:
NCCoE Solution: Defense in Depth
Wireless Network Protection
Endpoint Protection/Intrusion Detection
This NCCoE approach is modular and can be adapted to best fit your organization’s needs. One example detailed in this practice guide is network segmentation.
Network segmentation groups devices into zones that are protected by an internal firewall based on the function they serve for the Healthcare Delivery Organization (HDO). By limiting access from other, less trusted areas, firewalls can more effectively protect the enterprise network.
Controlling who or what systems access specific parts of the network is also part of this layered security approach. These layers of protection ensure the ecosystem is not vulnerable to a single point of failure.
Technologies/Capabilities: Following are a sampling of technologies and capabilities deployed in the NIST SP 1800-8 practice guide to accomplish a defense-in-depth security solution.
Access Points/Wireless Local Area Network (LAN): authenticates and connects medical devices to a network and encrypts data in transit
Firewall/Router: provides network integrity protection
Switch: additional controls and enables network segmentation
Endpoint Protection: provides intrusion prevention, access controls, and application behavior controls.
Data Center Security: monitors network traffic for suspicious activity.
So how does the NCCoE solution come together to protect your organization’s network?
The following illustration offers a sample visualization of how network segmentation can be achieved to protect connected medical devices from external threats.
View of a Basic/Flat Network: Here is an example HDO network with a single firewall to protect it from external threats.
But once a device inside the HDO network is compromised, the firewall no longer helps.
Segmenting the Network: Segmentation divides the network into multiple zones – each protected by its own firewall.
Firewalls can be configured to limit who or what devices can access various zones, preventing a breach in one zone from affecting other zones.
Segmentation is a single protective measure and should be combined with other techniques, such as:
multifactor authentication for authorized users
data protection efforts
For a comprehensive guide on security controls and technologies, see the practice guide.
Establishing a product lifecycle management program is part of a holistic program for managing risks associated with devices connected to your enterprise network. Each asset should be managed from introduction to retirement. Documenting and tracking an asset’s life cycle will ensure the asset meet your organization’s mission and security goals.
Over time, the operational environment may change, and those changes may require modifications to the asset. If necessary, modifications should be in accordance to manufacturer recommendations and aligned to broader cybersecurity plans of your organization.
The NCCoE Practice Guide, NIST SP 1800-8, Securing Wireless Infusion Pumps in Healthcare Delivery Organizations, is a comprehensive resource that can help your organization implement a practical cybersecurity solution to protect your patients, business, and reputation. Read the guide today.
If you have any questions about this guide or about other NCCoE healthcare sector work, contact the project team at firstname.lastname@example.org.