A National Institute of Standards and Technology (NIST) reference document is providing some of the clearest guidance from the U.S. government for securing connected medical devices, but may be setting too low a bar for securing wireless communications, according to a security expert. NIST, working with the University of Minnesota’s Technological Leadership Institute, released a draft Use Case document  (PDF) on December 18 to help health care providers “secure their medical devices on an enterprise networks.” However, in the area of communications security, the document suggests the use of WEP (Wired Equivalent Privacy), a legacy wireless security technology that can easily be cracked. NIST released the draft security use case document and is seeking feedback from the public. The drug infusion pump case study is described as the “first of a series” of similar use cases that will focus on medical device security, NIST wrote. The draft document presents a technical description of the security challenges […]