Published: June 13, 2026
Infusion pump cybersecurity is a high-scrutiny area for the FDA in 2026. Pumps are connected Class II devices that deliver dose-critical therapy, so the FDA's February 3, 2026 final premarket cybersecurity guidance and Section 524B drive an expanded threat model, hardened wireless and drug-library interfaces, full SBOM with VEX, and penetration testing focused on dose-modification and authentication-bypass scenarios.
The FDA has treated infusion pumps as a focal point for medical device cybersecurity since the Hospira Symbiq advisory in 2015. A decade later, pumps remain among the most frequently called-out devices in CISA medical advisories and the most common subject of penetration tests that find dose-modification, hardcoded credential, and wireless authentication failures. Under Section 524B and the FDA's February 3, 2026 final premarket cybersecurity guidance, infusion pump submissions face a deeper review than most Class II devices. This post explains what reviewers look for, where pumps draw deficiency questions, and how to structure the cybersecurity package.
Key Takeaways
- Infusion pumps are connected Class II devices and are cyber devices under Section 524B.
- Threat models must address dose modification, drug library tampering, and wireless authentication bypass.
- The SBOM must trace third-party components in the pump, the drug library server, and the gateway.
- Penetration testing for pumps typically requires both protocol-level and physical-attack coverage.
- Pumps are a recurring subject of CISA medical advisories, so postmarket monitoring evidence is scrutinized.
Table of Contents
- Why Infusion Pumps Get Extra Cybersecurity Scrutiny
- Threat Model Focus Areas the FDA Expects
- The Section 524B Evidence Set for an Infusion Pump
- Penetration Testing Scope That Satisfies Reviewers
- Common Deficiency Patterns on Infusion Pump Submissions
- How Blue Goat Approaches Infusion Pump Submissions
- FAQ
Why this matters
Infusion pumps deliver life-sustaining therapy, run for years in clinical environments, and connect to hospital networks, drug-library servers, and central monitoring stations. The FDA's February 3, 2026 final premarket cybersecurity guidance ties the depth of the cybersecurity package to the device's risk profile and attack surface, and pumps sit at the high end of both. CISA's ICS Medical Advisories database lists multiple infusion pump advisories every year, often involving authentication bypass, hardcoded credentials, or unencrypted wireless protocols. AAMI SW96:2023 informs the security risk activities inside the IEC 62304 lifecycle, and IEC 60601-2-24 governs the safety basics for infusion equipment. A submission that does not address the pump-specific attack surface, the drug-library trust boundary, and wireless authentication will draw deficiencies during substantive review.
Why Infusion Pumps Get Extra Cybersecurity Scrutiny
Dose-Critical Therapy on a Hospital Network
Pumps are unusual in that a software or protocol manipulation can directly change a patient-affecting therapy parameter. Reviewers know this, and the cybersecurity package is read with that consequence in mind. A vulnerability that would be informational on a documentation device is high-severity on a pump because the failure mode reaches the patient.
A History of CISA Medical Advisories
CISA has issued advisories on multiple pump families over the past decade, including issues affecting Baxter, BD, Becton Dickinson Alaris, Hospira, ICU Medical, and Smiths Medical product lines. Reviewers ask sponsors to acknowledge prior advisory patterns in the threat model and to show how the current design addresses each pattern class (hardcoded credentials, weak wireless authentication, command injection on drug-library endpoints, exposed maintenance interfaces).
Threat Model Focus Areas the FDA Expects
Dose Modification and Drug Library Tampering
The threat model must explicitly address adversary scenarios that change a programmed dose, a drug library entry, or a hard limit. STRIDE decomposition for pumps typically isolates the drug-library import path, the pump-to-server pairing protocol, the maintenance interface, and the wireless stack as distinct trust boundaries with their own threat lists.
Wireless and Pairing Protocols
Wireless authentication is the most frequent finding source on pump penetration tests. The threat model needs to describe the wireless stack (Wi-Fi, Bluetooth, proprietary), the pairing or enrollment ceremony, the key management lifecycle, and the fallback behavior if authentication fails. [KEY REQUIREMENT] The FDA expects the threat model to enumerate the cryptographic primitives, the key sizes, and the rotation policy, not just to assert that traffic is encrypted.
The Section 524B Evidence Set for an Infusion Pump
SBOM, VEX, and the Drug-Library Server
A pump SBOM must cover the embedded firmware, the gateway, and any drug-library server software the manufacturer distributes. VEX statements then triage each component against known vulnerabilities, including any KEV catalog entries that affect dependencies in the stack. Reviewers compare the SBOM against the architecture views to confirm coverage.
Architecture Views That Show Trust Boundaries
The architecture views must show the pump, the gateway, the drug-library server, the hospital network segment, and any cloud service. Each interface needs a labeled trust boundary, an authentication mechanism, and a reference to the threat model entries it covers. A single block diagram is rarely sufficient; reviewers expect deployment, data flow, and trust-boundary views.
Labeling That Supports Secure Operation
See also: CAN Bus and CANopen Vulnerabilities in Medical Devices, 510(k) Cybersecurity Deficiencies That Trigger FDA Holds, and When to Hire a Device Security Consultant vs. Build In-House.
Pump labeling must give hospital biomedical engineering teams the information they need to deploy securely: network requirements, authentication setup, patching cadence, end-of-support dates, and any compensating controls. The FDA's Feb 3, 2026 guidance treats labeling as a cybersecurity control, not a marketing artifact.
Penetration Testing Scope That Satisfies Reviewers
Protocol and Network Layer
Pen testing for pumps includes wireless protocol analysis, server-side API fuzzing, authentication bypass attempts, and traffic interception. Findings on hardcoded credentials, weak session management, or unencrypted command channels are nearly always considered substantive.
Physical and Maintenance Interfaces
Many pump deficiencies originate at the physical maintenance interface: exposed JTAG, debug serial, or service-mode menus. The pen test scope must cover these interfaces, document any tamper-evidence claims in the labeling, and confirm that service-mode access requires authenticated, audited credentials.
Drug-Library and Configuration Tampering
A complete pen test attempts to inject or modify drug-library entries, alter hard limits, and bypass pharmacy review workflows. Reviewers look for evidence that the manufacturer tested these adversary-aligned scenarios, not just generic application vulnerabilities.
Common Deficiency Patterns on Infusion Pump Submissions
| Deficiency pattern | Why it shows up | What reviewers want instead |
|---|---|---|
| Threat model omits drug-library path | Treated as a config feature, not an attack surface | Explicit STRIDE decomposition for the library import and pump-side trust |
| Wireless protocol described as "encrypted" | No primitives, key sizes, or rotation policy | Named primitives, key lengths, key lifecycle, and fallback behavior |
| Pen test scope skipped physical interfaces | Tester only had network access | Documented physical-interface testing or justified exclusion |
| SBOM excludes drug-library server | Treated as a separate product | Single SBOM covering all components the manufacturer ships |
| No reference to prior CISA pump advisories | Sponsor treats history as out of scope | Explicit acknowledgement and a "how we addressed" mapping |
How Blue Goat Approaches Infusion Pump Submissions
We treat infusion pump submissions as high-scrutiny work and structure the cybersecurity package around the pump's specific attack surface: drug-library trust, wireless authentication, maintenance interfaces, and gateway-to-server communication. Threat models are decomposed per trust boundary, the SBOM covers every shipped component, and the penetration test scope includes physical interfaces and drug-library tampering. Our team holds CISSP, OSCP, and prior military red-team credentials, and our submission work is grounded in Section 524B, the FDA's February 3, 2026 final premarket cybersecurity guidance, AAMI SW96:2023, and IEC 81001-5-1. If the FDA raises cybersecurity deficiencies after our submission, we resolve them at no additional cost. Start with our medical device penetration testing services or review the FDA premarket cybersecurity submission checklist.
FAQ
Are infusion pumps automatically cyber devices under Section 524B?
Connected infusion pumps almost always meet the Section 524B definition because they include validated software, network capability (wireless, Ethernet, or both), and the potential to be vulnerable to cybersecurity threats. Standalone, non-connected pumps may fall outside the definition, but most modern pumps do not.
What standards apply to infusion pump cybersecurity?
IEC 60601-2-24 covers the safety basics for infusion equipment. AAMI SW96:2023 governs medical device security risk management. IEC 81001-5-1 covers security activities for health software. ISO 14971 governs overall risk management. The FDA's Feb 3, 2026 final premarket cybersecurity guidance ties the cybersecurity submission content to all of these.
Does the FDA require pen testing for infusion pumps?
The Feb 3, 2026 guidance lists security testing, including penetration testing, as a required element of the cybersecurity submission content. For infusion pumps, the scope is read against the device's attack surface, which usually means protocol, network, physical interface, and drug-library coverage.
How should we handle prior CISA advisories on similar pumps?
Acknowledge them in the threat model and map each advisory pattern to a control or design decision in the current device. Reviewers consistently flag submissions that ignore the public advisory history for a device family.
What is the most common single deficiency on a pump submission?
Weak treatment of wireless authentication. Sponsors describe traffic as encrypted without naming the cryptographic primitives, key sizes, key lifecycle, or fallback behavior. Reviewers expect that level of specificity in the threat model and the architecture views.
Ready to make your infusion pump submission FDA-ready?
If you are preparing a 510(k) or De Novo for a connected infusion pump and want the threat model, SBOM, and penetration testing scope to match the scrutiny the FDA applies to this device class, we can help. If the FDA raises cybersecurity deficiencies after our submission, we resolve them at no additional cost. Schedule a discovery call.
Christian Espinosa, Founder, Blue Goat Cyber, CISSP, OSCP. Christian has led FDA premarket cybersecurity submissions for connected infusion and dose-delivery devices and previously commanded military red-team operations. Read more at christian-espinosa.