ICU Medical, Inc., which makes medical devices used in infusion therapy and critical care applications, has become the first medical device manufacturer to obtain certification under the UL Cybersecurity Assurance Program (UL CAP), a new cybersecurity management program from UL designed to minimize risks by creating standardized, testable criteria for assessing software vulnerabilities and weaknesses to help reduce exploitation, address known malware, enhance security controls, and expand security awareness.
According to the company, ICU Medical earned UL CAP certification for its Plum 360 drug infusion system, which provides full interoperability with patient electronic health records (EHR), reducing the need for manual input and transcription of infusion data to better manage patient safety and clinician workflows. In addition, Plum 360 features closed-system air management to minimize patient therapy interruptions, contamination risk, and exposure to hazardous medications.
"ICU Medical continues to dedicate significant energy and resources to developing technologies that help protect vital patient and clinical data. We are grateful for the opportunity to partner with UL in in this important initiative to help make healthcare safer," says Dan Woolson, corporate vice president for infusion systems at ICU Medical.
The UL assessment uses ANSI UL 2900 medical device cybersecurity standards to assess key categories including quality management documentation, product design and use, security risk management (including safety-related controls), managing known vulnerabilities with exposures, and managing software weaknesses — as well as measures to address potential zero-day vulnerabilities.
UL has longstanding expertise in safety science, standards development, testing ,and certification, and has worked with industry, U.S. and international government agencies, academia, regulators, and other stakeholders per the ANSI consensus process to develop UL 2900 to help manufacturers address cybersecurity hygiene.
"UL is very pleased to have had such a dedicated and proactive partner as ICU Medical to help us jump-start this initiative under the US Cybersecurity National Action Plan," says Anura Fernando, principal engineer, medical systems interoperability & security at UL. "This sets the bar for establishing demonstrable, evidence-based cybersecurity hygiene across the healthcare industry."
The UL CAP certification for Plum 360 comes on the heels of the device winning 2018 Best in KLAS designation as the top performing IV smart pump by KLAS Research, a global healthcare research firm.