To address the cybersecurity challenges of wireless medical infusion pumps, the National Cybersecurity Center of Excellence (NCCoE), Rockville, MD, is now inviting comments on a draft project to secure those devices. The challenges include vulnerabilities to malware or hacking and access control.

Hospitals increasingly use networked technology to connect medical devices to a central system. A networked infusion pump, for example, can allow centralized control of the devices’ programming as well as automated cross checks against pharmacy records and patient data to ensure the right dose of fluids or medication are delivered at the right time, to the right patient. But these connected devices can introduce new risks in safety and security compared with standalone devices.

The effort is a collaboration between the NCCoE at the National Institute of Standards and Technology and the Technological Leadership Institute at the University of Minnesota. Minnesota-based providers of services, manufacturers, and medical device industry associations helped to draft a use case, which provides a technical description of the challenge of securing the devices and describes desired characteristics for solutions.

Feedback from members of the medical device industry and health IT community will help the center to validate the technical description of this problem and make it as widely applicable as possible. The comment period will be open through January 18, 2015.