Cybersecurity for Infusion Devices in a Digital Healthcare World

By George Gray, an exhibitor at the HIMSS Interoperability Showcase™ at the 2018 HIMSS Global Conference & Exhibition, and CTO & VP of Research & Development, Ivenix, Inc.

It’s time for the 2018 HIMSS Global Conference & Exhibition — synonymous with handshakes, new connections, information sharing and the latest health IT technology advancements. Equally important is ensuring that patient data and network access is protected and safe, as health IT interoperability dramatically increases.

Today, the infusion pump market is moving rapidly towards network-driven automated programming, sharing data with electronic health records, and communicating alarms and alerts to third-party systems for transmission to nurses’ smartphones and central stations. To most providers, the value of this open communication is clear. However, what may not be as obvious is the need for a robust cybersecurity platform working in tandem with this open communication to ensure an infusion pump is also not increasingly open to attack.

Infusion Pump Cyberthreats

In today’s health system, infusion pumps significantly outnumber hospital beds and represent an enormous multi-faceted cyberattack surface. Cybersecurity is a vital component of an infusion system in the digital healthcare age. In a recent article in AAMI Horizons, I explored infusion pump cyberthreats as well as strategies to secure pumps and hospital networks.

Pump security breaches can result in inadvertent exposure of protected health information, unauthorized control of pump operation and direct attack vectors into the enterprise. As noted in the article, “the ability to communicate can be a vulnerability in itself if data requests are not isolated from the delivery of medications.”

Security vulnerabilities have been noted with several infusion devices currently on the market. Although manufacturers can develop software patches for these vulnerabilities, the most effective security safeguards are developed as an integral part of the system itself.

Preventing Security Breaches

Strategies to prevent security breaches include:

• Bi-directional device/IT authentication

• Disabling nonsecure communication mechanisms

• Encrypted communication

• Limited pump physical connection points

• Passcode pump protection

• Secure wireless and communication protocols

Before acquiring new infusion technology, providers should become educated about the changing demands of pump cybersecurity, talk in-depth with infusion pump vendors and review all required disclosure statements carefully.


Experience these up-and-coming digital innovations at the HIMSS Interoperability Showcase™.