First, the development of information network security in our hospital
(1) Overview: The informatization construction of our hospital started late and the foundation is weak. Since xx, with the attention and support of hospital leaders, information construction has developed rapidly. At present, the hospital has set up an independent central computer room, equipped with servers, storage, core switches, firewalls, UPS, VPN, IPS and other special equipment. There are 4 staff members, who are responsible for information network construction, information system maintenance, software and hardware equipment maintenance, etc. The systems built and operated successively include: HIS system, LIS system, physical examination system, electronic medical record and other services.
(II) Key information infrastructure: The key information infrastructure in our hospital is mainly the business system, which is responsible for the medical business process management, quality management and daily office management of the hospital. Hospital website is in hosting mode, completely separated from our hospital intranet. Formulate strict management and access rules to ensure the safe operation of the website.
(three) the main work of hospital network security:
(1) Strengthen the publicity of construction and training. In the past two years, our hospital has improved the management system and emergency plan related to information network management and security construction, formulated the post responsibilities and workflow of network and security management, and carried out information network security training with full participation. Through continuous publicity and supervision, employees have established information network security awareness, actively participated in network security protection, prevented information leakage, and ensured the safe operation of hospital information network.
(2) Improve the organization and strengthen the responsibility. As one of the important tasks of hospital management, information management is highly valued by hospital leaders. The hospital adjusted the leading group of informatization construction, with the president as the leader and relevant personnel as members. Under the leading group, there is a working group, whose members are the heads of relevant functional departments and information technology professionals. The functions and responsibilities of hospital information planning, information network construction, information network security, network emergency and personnel training are defined. In order to further implement the requirements of competent departments at all levels to strengthen the construction of network security, the hospital set up a hospital network security management team and defined its responsibilities. According to the requirements of the state and higher authorities, the functions of the hospital information network system have been continuously improved, and the security and stability of the information system have been continuously improved to meet the growing demand for information network technology services.
(3) Strengthen the management of information department. The department regularly emphasizes the information network security work and arranges personnel to participate in every information network security knowledge training as far as possible. Implement the system of regular inspection of equipment in the computer room center to eliminate hidden dangers in time. The Information Department organizes special personnel to carry out information network security inspections in various departments to remind and correct employees' irregular behaviors in daily operations and reduce hidden dangers. Daily backup and regular copy backup are adopted to ensure the data security of important hospital database data.
(4) Various protective measures to ensure the security of information network. First of all, the enterprise LAN is physically isolated from the Internet. At the same time, there is a medical insurance private network. Nong Xin is connected to the private network and enters through firewall equipment like the Internet. Second, the computers connected to the public network are all fixed IP and bound together.
Computer, and isolated from the intranet. Prevent foreign computers from entering, which will bring security risks. The computer of the financial management software system is connected to the financial private network and completely isolated from the internal network. Third, this year, new IPS equipment was purchased, and strict regional and sector management was carried out on the entrance and local intranet, limiting access rights and preventing the virus from spreading throughout the network. Fourthly, the client in the hospital LAN implements domain control management, and the installation of the client system is managed by undergraduate personnel to prevent virus infection and threat. Fifth, manage key parts, and irrelevant personnel are not allowed to enter the computer room. Complex passwords are set in the system database and kept by special personnel. Sixth, regularly monitor whether the computers in the LAN are abnormal, and prevent the virus from spreading in the network by restricting the computers in the LAN from using USB flash drives. Seventh, the server area closes unnecessary ports to improve the protection ability. Eighth, install anti-virus software on the extranet computers for office use.
Second, the main problems
Although some preventive measures and means have been taken, we still feel that the rapid development of the network and the high dependence on the network in real work have brought great pressure to our network management, especially with the expansion and increase of business and the trend that the work of higher authorities is completed through the Internet, the pressure on network and data security issues has increased sharply. After self-examination and rectification, the protection has been improved, but there are still some problems, mainly as follows: (1) With the progress of the Internet and medical care, many systems will enter through the Internet in the future, which poses a great threat to the hospital LAN and has certain security risks. The business system of the hospital is integrated into a whole and can be used in the hospital. Through the management and control of the internal LAN, the security and stability can be basically guaranteed. However, because various departments require hospitals to report relevant data in real time, although most dedicated lines complete data transmission, they also report through the public Internet, such as online booking and online and offline payment, which puts pressure on hospital management and safety protection. At present, there are relatively few safety protection equipment in hospitals, which can only be handled passively by manpower, and the resistance is limited.
(2) Information security requires a certain amount of funds, which is very stressful for hospitals. Hospitals also manage hospital information security by purchasing related equipment, but these equipment need to be constantly updated and the cost needs to be continuously invested. Moreover, because of the high price, the genuine software of major systems (operating system, database system, network antivirus) is not purchased separately, and the security is not guaranteed.
(3) Security protection itself is a difficult problem, involving many aspects. Ordinary application personnel have low ability to distinguish network threats and awareness of prevention, and are prone to hidden dangers. At present, the lack of network management professionals in hospitals is also a factor of potential safety hazards.
Three. Next steps and suggestions
Through this self-examination, we will carry out the next step of rectification, and further strengthen the information network security of our hospital by improving the system, strengthening training and purchasing more equipment. In the next step, we will still use limited funds to do a good job in security protection according to the requirements of information network security at all levels, and gradually meet the requirements of information security management.
(1) Strengthen the organization and management of information security. Improve the functions of information management institutions, adhere to regular special work meetings, and make arrangements for information network construction and security. Regular inspection, through supervision and inspection, enhance employees' awareness of safety protection.
(2) According to the actual implementation and changes, revise, improve and refine various rules and regulations, and improve everyone's safety awareness in the network environment through online publicity, on-site guidance and training, and centralized training. Identify unsafe factors in the virtual environment.
(3) Set strict access rights to reduce security risks, and prohibit intranet users from using mobile media access to prevent viruses from spreading in the network.
(4) Information security engineering should be included in the hospital information construction planning, and the requirements of grade protection should be gradually achieved through step-by-step construction. (1). Model essay on summing up ideological work of network security (three articles) (2). In 2022, which universities in China will offer the major of network security and law enforcement (III). In 2022, which universities in China will offer the major of cyberspace security (4). Primary and secondary school students' comments on network security education (five articles) (5). Network security examination question bank and answer book (6) Model essay on self-inspection report of public security network security inspection (three articles) (7). Model essay on self-examination of school network security (four articles) (8). Model essay on self-inspection report on network security of government agencies (two articles) (9). Network security slogan (10). Network security propaganda language