Securing Wireless Infusion Pumps: What Healthcare Facilities Should Know

In this digital age, we rely on our wireless devices for countless daily tasks. So when a wireless option was developed to join the variety of different IV pumps used by hospitals across the nation, most saw this as a positive advancement. Since IV therapy is considered to be the quickest way to deliver fluids and medications (yielding a bioavailability absorption of 100%), the progress to the use of wireless IV pumps would make it that much easier to get patients what they need. While infusion pumps and other medical equipment typically stand alone in their operation, wireless IV pumps are able to connect to various networks and even other devices. This has made access to electronic health records and point-of-care medication systems substantially easier.

That said, there are concerns brought about by these new and different types of IV pumps. Because these pumps operate on wireless networks, this could leave them potentially vulnerable to cybersecurity risks. In a healthcare environment, those risks must be taken very seriously. If these wireless systems are breached, this could result in the theft of protected health information or even the interruption of treatment services.

That's not to say these devices should not be used; in many ways, they can improve the patient experience and facility efficiency. It does mean that every organization using these wireless networks with their infusion systems must take steps to safeguard both their patients and their own reputation. That's why the National Institute of Standards and Technology (NIST)'s National Cybersecurity Center of Excellence, is set out to analyze the risk factors of wireless IV pumps. Subsequently they created helpful guidelines that hospitals and healthcare facilities can use to safeguard the most vulnerable aspects of these systems. These best practices can help facilities reduce cybersecurity risks and reduce operational and safety risk impact by helping staff members create a comprehensive and multi-layered security strategy.

The NIST stresses that hospitals and healthcare facilities should: conduct risk assessments of all wireless devices; implement physical access management programs to track devices; clear all wireless credentials in the case of transport; change wireless network authentication keys on a regular basis; use individualized pump authentication instead of shared keys; and segment or zone hospital or healthcare networks, among other suggestions. You can find the full guidance report on the NCCoE's website.

As we move forward into the age of the Internet of Things (IoT), we can agree that these wireless devices streamline our daily lives. That includes these new IV pumps that fit in perfectly with the wireless world. The downside of this interconnectivity is that there are those who want to use technology for harm. Healthcare facilities can use this technology to improve their own efficiency and the lives of their patients. It's imperative, however, that proper procedures be followed to ensure compliance and safety for all.