San Clemente, Calif.-based ICU Medical, Inc. announces that it has become the first medical device manufacturer to obtain certification under the UL Cybersecurity Assurance Program (UL CAP)—a new cybersecurity management program from UL designed to minimize risks by creating standardized, testable criteria for assessing software vulnerabilities and weaknesses to help reduce exploitation, address known malware, enhance security controls, and expand security awareness.
ICU Medical earned UL CAP certification for its Plum 360 drug infusion system that provides full interoperability with patient electronic health records (EHR), reducing the need for manual input and transcription of infusion data to better manage patient safety and clinician workflows.
Dan Woolson, corporate vice president for infusion systems at ICU Medical, Inc., spoke out about the UL certification, commenting: “ICU Medical continues to dedicate significant energy and resources to developing technologies that help protect vital patient and clinical data. We are grateful for the opportunity to partner with UL in in this important initiative to help make healthcare safer.”
The UL assessment uses American National Standards Institute (ANSI) UL 2900 medical device cybersecurity standards to assess key categories including quality management documentation, product design and use, security risk management (including safety-related controls), managing known vulnerabilities with exposures, and managing software weaknesses—as well as measures to address potential zero-day vulnerabilities.
“UL is very pleased to have had such a dedicated and proactive partner as ICU Medical to help us jumpstart this initiative under the US Cybersecurity National Action Plan,” says Anura Fernando, principal engineer, medical systems interoperability and security at UL. “This sets the bar for establishing demonstrable, evidence-based cybersecurity hygiene across the healthcare industry.”