Enhance the Cybersecurity of Your IV Pumps and Safety Software

Protect the confidentiality, integrity, and availability of patient infusion data with the first IV smart pump and safety software system to receive UL Cybersecurity Assurance Program (UL CAP) certification. 

Keeping Your IV Patient Data Secure

Learn how industry-leading cybersecurity features built into our Plum 360 infusion system and ICU Medical MedNet safety software can help you protect your IV patient data from cyber intrusion.

The Challenge

The cybersecurity risk associated with connected medical devices leads to heightened concern from regulatory bodies, healthcare professionals, and the media.

The confidentiality, integrity, and availability of patient infusion data are critical to the safe and efficient delivery of patient care. Cybersecurity risks associated with this data are at the core of concerns from those who are intimately involved with the protection of reliable, actionable patient data.

Cybersecurity used to mean simply protecting the perimeter of a hospital’s IT system with firewalls. The increasing sophistication of cybercrime, including ransomware, means hospitals need to focus on threat detection from the inside too. Every point where a user can enter a system—including through connected medical devices—needs to be appropriately secured.

From a regulatory perspective, organizations such as the US Food and Drug Administration (FDA) expect manufacturers to analyze, control, and share cybersecurity risks. The FDA has released guidance for pre-market submissions and post-market management of cybersecurity for medical devices as an integral part of the product life cycle.

Also, healthcare professionals and organizations increasingly view cybersecurity as a key differentiator in the procurement process and are demanding that vendors adhere to the latest cybersecurity standards and perform ongoing vulnerability testing on their products to assure security. Watchdog groups have pointed to this as a critical issue to address, with ECRI identifying cybersecurity as the #1 health hazard in 2019.

Recent high-profile vulnerability announcements and cyber ransom events have raised the awareness of healthcare cybersecurity among the general public. It’s a serious issue and only going to get increasingly significant as hackers look for more high-profile targets to disrupt.

Our Solution

Only ICU Medical offers UL 2900-1 and UL 2900-2-1 certified connectivity for its Plum 360 infusion pump, the cybersecurity standard recognized by the National Institute of Standards and Technology (NIST) and FDA.

ICU Medical takes the issue of cybersecurity very seriously. We are constantly vigilant in adhering to the latest industry standards and view cybersecurity as an ongoing process of continuous improvement, not a static event. With more than a decade of experience integrating infusion pumps and IV safety software onto hospital networks, we have seen a lot, learned a lot, and look forward to continuing to build our expertise to provide our customers with access to the highest level of device and software cybersecurity.

Defense by design

At ICU Medical, we make sure your infusion data is encrypted both at rest and in transit. No patient ID information is stored on the pump, but instead is managed by the ICU Medical MedNet safety software. All network transfers are encrypted, and hardened system access, including no unsecured ports of entry on the pump, provides added security.

ul

The ICU Medical Plum 360 is the first medical device to earn UL Cybersecurity Assurance Program (UL CAP) certification 2900-1 and 2900-2-1, and ICU Medical MedNet is the first safety software to receive UL CAP 2900-2-1 certification.

UL CAP is a cybersecurity management program from UL designed to minimize risks by creating standardized, testable criteria for assessing software vulnerabilities and weaknesses to help reduce exploitation, address known malware, enhance security controls, and expand security awareness.

fips

We are certified compliant with Federal Information Processing Standard (FIPS) 140-2, federal information processing standards required by the federal government in the US and Canada.

nccoe

We actively participate in the National Cybersecurity Center of Excellence, a division of the National Institute for Science and Technology, to help develop a comprehensive cybersecurity practice guide.

Policy dictates action: ICU Medical’s holistic approach to cybersecurity

At ICU Medical, cybersecurity isn’t an afterthought or event—it's an ongoing process. We take a multidisciplinary and holistic approach to make sure our products are secure right from the start, and we maintain a continuous feedback loop to assure we stay abreast of any market, customer, or technological changes that necessitate further enhancements to our products.

ICU Medical partners with third-party cybersecurity evaluation firms—also known as “white hat hackers”—to subject our products to various scans and attack scenarios as part of an in-depth cybersecurity evaluation.

We know our hospital partners—as well as more nefarious entities—are going to subject our products to rigorous and ongoing scans to check if the software and supporting servers are secure. By proactively working with white hat subject matter experts, we can confidently place our products in the many clinical environments we support every day.

Cybersecurity Resources and Links

Strengthening Security in Cyber

See how the UL Cybersecurity Assurance Program certification is helping hospitals maintain the security and safety of their patients by creating a true cybersecurity standard. 

Related Products

Infusion System

Plum 360

View Details
IV Safety Software

ICU Medical MedNet

PCA Infusion System

LifeCare PCA

View Details