SoS: Securing Wireless Infusion Pumps in a System of Systems

Wireless Infusion Pumps
Credit: kdshutterman/

Aristotle once said, “The whole is greater than the sum of its parts.” Two gears together can accomplish much more than one gear alone. And when you connect multiple systems together, whether of gears or computers, you can achieve even greater functionality and performance. We call these “systems of systems,” or SoS, and you can find them everywhere. Hospitals, for example.

In a hospital, there are individual computer systems for patient management, pharmacies, laboratories, imaging, and telemetry. Included in this network are the individual machines used to diagnose and treat patients such as MRIs and pacemakers. Hospitals are connecting more and more of these machines to their wireless networks so that doctors and nurses can access and control them using tablet computers as they perform their rounds.

Also among these connected medical devices are infusion pumps, which regulate medications and other fluids that patients receive intravenously. Medical professionals can program these “smart” pumps to deliver the proper dosage of medication and control how long and how quickly the medicine is given. This makes it much easier to prevent and monitor dosage errors, improving the quality of care and patient outcomes.

Transitioning to Wireless

As infusion pumps became computerized, a drug library was added to the mechanics of the device to prevent them from giving the wrong prescription or dosage. The pump’s drug library contained the upper and lower limits of all of the medications in use by the hospital and regulated which medication and dosing a patient should receive based on their needs, decreasing the probability of human error.

Wireless Infusion Pumps
Before going wireless, each infusion pump would have to be updated individually. Credit: pirke/

Here’s how the safety mechanism would work in practice: Nurse Jones visits my hospital room to give me my daily dosage of medication through the infusion pump. She accidentally keys a dosage amount that is too high, which could have resulted in me becoming very sick or even worse … overdosing. The drug library recognizes the improper dosage, prevents the infusion pump from giving me the medication, and notifies Nurse Jones about the error. The system has successfully kept me properly medicated and not dead.

Now, you may be wondering, with safety features like the drug library, why bother transitioning to wireless medical infusion pumps? Well, in order to keep the system functioning properly on the non-wireless infusion pump, the file on each device had to be manually updated—and hospitals could have thousands of infusion pumps. With the sheer number of pumps needing service, this became extremely time consuming

Now that we have wireless medical infusion pumps, all the devices can be updated all at once, saving medical practices a ton of time and money while keeping patients safe.

Wireless Security Concerns

Like other wireless devices you’re familiar with, wireless infusion pumps connect to the hospital’s wireless network via network access points, or “hotspots.” Although going wireless added a lot of benefits, like efficiency and patient safety, it was soon realized that it added vulnerabilities as well. The devices were simply not engineered to have the same security mechanisms that we have on our laptops and cellphones, such as firewalls and virus protection. The manufacturers of these devices initially thought that, since their capabilities are limited, hackers wouldn’t be interested in exploiting their vulnerabilities.

While there’s the obvious risk that hackers could take control of these devices to harm patients, less obvious is the fact that they could potentially use the pump as a gateway to access a hospital’s network and really wreak havoc.

The NCCoE Example Solution

We here at the NCCoE have identified the potential vulnerabilities associated with wireless medical infusion pumps and are constructing a practice guide that will aid companies in staying a step ahead of cyber threats.

A few of our goals for the infusion pump project are to:

  • show wireless infusion pump health care providers how to secure their devices;
  • improve the authentication that is required for access to the infusion pumps; and
  • prevent possible security risks that could result in loss of protected health information.

We have also identified some key benefits associated with implementing the NCCoE solution, such as:

  • more secure infrastructures for health care providers;
  • device protection against malware;
  • identifying minimum security requirements during the manufacturing process; and
  • manufacturers and providers remaining reputable in the eyes of the consumer.

With the use of the proposed NCCoE solution, health care providers can implement better security methods for their wireless medical infusion pumps and their deployment to minimize the risk to patients.

The NCCoE is always looking for collaborators, so if you have any questions or suggestions, please emailus. You can also sign up to receive announcements about project updates.

While we invent most technologies to solve some problem or improve our lives, there’s almost always some unanticipated trade-off or hidden cost. It’s unfortunate that people would exploit a technology to do harm that was intended to do good. Although I wish we didn’t have to protect these systems from bad actors, it makes me feel good to know that the work my colleagues and I do could potentially save lives.