The National Institute of Standards and Technology (NIST) in Gaithersburg, MD, recently issued a report on the security risk from infusion pumps. These are some excerpts from the report:

• Today, infusion pumps are usually connected to a wireless network. The network allows the pump to connect to a backend server to collect metadata, and it permits wireless updating of drug libraries and firmware. In some cases, the network also allows interaction between the pump and the electronic health record for one-way or two-way communication. Additionally, infusion pump vendors can log in remotely to troubleshoot and collect data on the pumps.

• Now that infusion pumps are network-enabled, they can be hacked by third parties or, like other medical devices with operating systems and software that connect them to a network, infected by malware, which can cause them to malfunction or operate differently than originally intended.

• Traditional security scan techniques can adversely affect the devices. Manufacturers often consider upgrades to software as a change to the device itself that requires further certification, such as Food and Drug Administration (FDA) 510(k) clearance.

Even though FDA officials have said it is not necessary to go through recertification, manufacturers are reluctant to make upgrades without further testing the devices.

• Manufacturers do not want to retest because the devices’ internal processes are costly and unmodifiable. There is no streamlined process for testing upgrades or performing partial testing. Manufacturers must perform the full suite of tests regardless of the type of change.

• Most infusion pumps have maintenance and clinical-use usernames and passwords that are hard-coded. This system creates security problems, such as an inability to revoke access codes when an employee leaves the hospital.

The full NIST report is available at