Summary Report of Hospital Network Security Inspection 1 In order to conscientiously implement the spirit of the Document Notice of the Ministry of Public Security on Self-inspection and Self-correction of Network Security Protection of Important Information Systems and Key Websites, further improve the self-inspection of network and information systems in our hospital, improve the security protection ability and level, prevent and reduce the occurrence of major information security incidents, effectively strengthen the security prevention of network and information systems, and create a good network information environment. Recently, our hospital has carried out a self-inspection on the network security of information systems and websites. The self-inspection on the network and information systems in our hospital is now reported as follows:
I. Organize the self-inspection of network and information security.
(A) the overall evaluation of self-examination
In strict accordance with the requirements of the network and information system security inspection of the Ministry of Public Security, our hospital actively strengthens organizational leadership, implements work responsibilities, improves various information system security systems, strengthens daily supervision and inspection, and comprehensively implements information system security precautions. This year, we focused on the following investigations: first, hardware safety, including lightning protection, fire prevention and power connection; The second is network security, including network structure and online behavior management. Third, application security, file transfer system, software management, etc. , forming a good and stable security network environment.
(two) actively organize the deployment of network and information security self-examination.
1, set up a leading organization for self-inspection and coordination of network and information security.
In order to ensure the efficient operation of information systems, straighten out information security management and standardize the construction of information security levels, an information security coordination leading group composed of leaders in charge, competent departments and network management departments was established.
2, clear network and information security self-inspection responsibility departments and positions.
The leaders of our hospital attach great importance to the construction of information system, and hold meetings for many times to clarify the responsible departments of information construction, so as to achieve a clear division of labor and specific responsibilities to people.
3, the implementation of network and information security self-inspection documents or programs.
The responsible departments and staff of information systems conscientiously implement the working documents or plans of the Municipal Industry and Information Committee, formulate a series of rules and regulations according to the characteristics of network and information security inspection, and implement the network and information security work.
4. Hold a work mobilization meeting, organize personnel training, and specially deploy self-inspection of network and information security.
Our hospital holds a work mobilization meeting every quarter, and regularly and irregularly trains and assesses technicians. Technicians conscientiously study and implement the spirit of relevant documents, put information security work in an important position and make unremitting efforts.
Second, the main work of information security
(A) network security management
1, earnestly implement the information security responsibility system.
Our hospital has formulated the corresponding information security responsibility investigation system, assigned posts to people, defined the division of responsibilities, and minimized the information security responsibility accidents.
2. Actively promote the construction of information security system.
(1) Strengthen the construction of personnel safety management system.
Our hospital has established safety management systems such as personnel recruitment, resignation, assessment, safety, education and training, and foreign personnel management, and trained new personnel, strengthened personnel safety management, and conducted irregular assessments.
(2) Strictly implement the computer room safety management system.
Our hospital has formulated the Computer Room Management System to strengthen the management and daily monitoring system for personnel entering and leaving the computer room, strictly implement the computer room safety management regulations, do a good job in fire prevention and theft prevention, and ensure the computer room safety.
(two) the implementation of technical safety precautions
1, network security
Our hospital is equipped with anti-virus software and network isolation card, and has taken security protection measures such as strong password, database storage and backup, mobile storage device management, data encryption, etc., which has clarified the network security responsibility and strengthened the network security work. Computers and networks are equipped with professional anti-virus software, which enhances the effectiveness of anti-virus, anti-attack and anti-leakage. In accordance with the confidentiality provisions, important classified computers are managed with power-on passwords, which are used by special personnel to prevent the mixing of classified and non-classified computers.
2. Information system security.
There is no illegal access of classified computers to the Internet and other information networks, and there is no negligence or disclosure of secrets. The implementation of the leadership review and signature system, where the information uploaded to the website, must be reviewed and signed by the relevant leaders before uploading; The second is to carry out regular security checks, mainly supervising SQL injection attacks, cross-site scripting attacks, weak passwords, operating system patch installation, application patch installation, anti-virus software installation and upgrade, Trojan virus detection, port opening, system management authority opening, access authority opening, webpage tampering, etc., and earnestly keeping a system security diary.
(3) Emergency work situation
1, carry out daily information security monitoring and early warning.
Our hospital has established a daily information security monitoring and early warning mechanism, which has improved the ability to deal with network and information security emergencies, strengthened network information security, formed a scientific, effective and rapid response emergency working mechanism, ensured the physical security, operational security and data security of important computer information systems, and minimized the harm of emergencies to website network and information security.
2. Establish a security incident reporting and response handler.
Our hospital has established and improved a graded emergency management system and improved the daily safety management responsibility system. Relevant departments perform their duties and do a good job in daily management and emergency response. Establish security incident reports and corresponding handling procedures, and carry out different reporting procedures and response handling according to the classification and grading of security incidents.
3, formulate emergency plans, regular drills and constantly improve.
Our hospital has formulated a safety emergency plan, started the corresponding emergency procedures according to the early warning information, strengthened the duty work, and made various preparations for emergency treatment. Exercise the early warning scheme regularly to continuously improve the feasibility and operability of the early warning scheme.
(4) Safety education and training
In order to ensure the safe and effective operation of our hospital's network and reduce virus intrusion, our hospital has trained the related knowledge of network security and system security. During this period, we conducted a detailed consultation on computer-related problems encountered in practical work and got a satisfactory answer.
Three. Network and information security issues
After security inspection, the overall situation of information system security in our unit is good, but there are also some shortcomings:
1, lack of information security awareness. Employees' information security education is not enough, and they lack the initiative and consciousness to maintain information security.
2. Equipment maintenance and update are not timely enough.
3. There are few professional and technical personnel, the information system security force is limited, and the technical level of information system security needs to be improved.
4. The working mechanism of information system security needs to be further improved.
Fourth, network and information security improvement measures
According to the deficiencies found in the self-examination process and the actual situation of our hospital, we will focus on the following aspects for rectification:
First, continue to strengthen information security education for all staff, and improve the initiative and consciousness of doing security work well.
Second, it is necessary to effectively strengthen the implementation of the information security system, check the implementation of the security system from time to time, and seriously investigate the responsibility of the responsible person for causing adverse consequences, so as to improve the safety awareness of personnel.
Third, we should strengthen the training of professional information technology personnel, further improve the technical level of information security work, so that we can further strengthen the security prevention and confidentiality of computer information systems.
Fourth, it is necessary to strengthen the maintenance of lines, systems and network equipment, and at the same time, in view of the rapid development of information technology, increase the updating of system equipment.
Fifth, innovate and improve the working mechanism of information security, further standardize the office order and improve the security of information work.
Verb (abbreviation of verb) Opinions and suggestions on strengthening information security.
We found some management weaknesses in the management process, and we will make improvements in the following aspects in the future:
First, the irregular and exposed lines should be rectified immediately within a time limit to do a good job in rat prevention and fire safety.
The second is to strengthen equipment maintenance and replace and repair faulty equipment in time.
Third, it is found in the self-examination that individual personnel are not aware of computer security. In the future work, we will continue to strengthen computer security awareness education and prevention skills training, so that employees can fully realize the seriousness of computer cases. Combine civil air defense with technical defense, and do a good job in network security of the unit.
Summary Report of Hospital Network Security Inspection 2 According to the spirit of superior network security management documents, xx County Education Bureau established a network information security leading group. Under the leadership of the group leader, Deputy Director Zeng, we made plans, defined responsibilities and implemented them, and conducted a comprehensive investigation on the network and information security of our system. Finding, analyzing and solving problems ensures the good operation of the network and provides a powerful information support platform for the development of education in our county.
First, strengthen leadership and set up a leading group for network and information security.
In order to further strengthen the security management of network information systems in the whole system, our bureau has set up a leading group for the security and confidentiality of network and information systems, with a clear division of labor and specific responsibilities to people. The leader of the safety work leading group is Zeng, the deputy leader is Wu Wanfu, and the members are Liu, Su Yu. The division of labor and their respective responsibilities are as follows: Deputy Director Zeng is the first person responsible for the security and confidentiality of computer networks and information systems in our bureau, and is fully responsible for the management of computer networks and information security. Wu Wanfu, director of the office, is in charge of computer network and information security management. Liu is responsible for the daily affairs of computer network and information security management, and receives information and documents issued by higher education authorities. Wang Zhichun is responsible for the daily coordination and supervision of computer network and information security management. Su Yu is responsible for network maintenance and daily technical management.
Second, improve the system to ensure that network security work has rules to follow.
In order to ensure the normal operation and healthy development of computer network in our system, strengthen the management of campus network, and standardize the network use behavior, according to the relevant provisions of the Measures for the Administration of Computer Network for Education and Scientific Research in China (Trial) and the Notice on Further Strengthening the Network Security Management of Education System in xx County, the Measures for the Administration of Network Security of Education System in xx County, the Registration Form for Online Information Publishing and Auditing, the System of Online Information Monitoring and Inspection, and the Network Security of Education System in xx County have been formulated.
Third, strengthen management and strengthen network security technical preventive measures.
The computer network of our system has strengthened technical preventive measures. First of all, Kaspersky firewall is installed to prevent viruses and reactionary bad information from invading the network. The second is to install two kinds of anti-virus software. The network manager will upgrade the virus database of anti-virus software every week, upgrade the anti-virus software in time, and solve the problems immediately when found. Third, the network is connected with the lightning protection network of the office building. The computer department strengthens doors and windows, buys fire extinguishers and puts them in a conspicuous position to ensure the lightning protection, theft prevention and fire prevention of the equipment and ensure the safety and integrity of the equipment. The fourth is to update the system and software of the server in time. Fifth, pay close attention to CERT news. Sixth, timely backup important documents and information resources. Create a system recovery file.
The network security leading group of our bureau conducts a comprehensive inspection on the implementation of environmental safety, equipment safety, information safety and management system of the whole system computer room, school office computers, multimedia classrooms and school audio-visual classrooms every quarter, so as to promptly correct existing problems and eliminate potential safety hazards.
The third part of the summary report of hospital network security inspection, our hospital actively implements the requirements of the Notice on Doing a Good Job in Network Security of Hospitals in Our County. The leaders of our hospital attached great importance to it and acted immediately, successfully completing the network information security work during the National Day.
First, attach great importance to and implement responsibilities.
Our hospital has set up a network security leading group, with the director of the Information Department as the group leader and the directors of other departments as the deputy heads and team members. Before September 2 1, submit the list of responsible leaders and liaison persons and the network security self-inspection form to the office of the network security leading group, and ask the team members to turn on their computers 24 hours a day, and be ready to reflect and report network security problems at any time.
From September 2 1 to June 10, the xx anniversary of National Day:
1. The network information security report needs 24-hour monitoring.
2. Risk prevention and control: if problems are found, they must be stopped within three minutes; Report to the network security leading group within half an hour; No problem, zero report.
3. Require all departments to report the network information security from the day before 15: 00 to the day before.
Second, strengthen safety precautions and improve risk prevention capabilities.
1. Check and upgrade the hospital office communication tool OA. Resolutely rectify the problem that users use default passwords for a long time and passwords remain unchanged for a long time.
2. The Information Department takes measures such as classification, backup and encryption of hospital data, strictly controls the access rights of data, and timely discovers and handles abnormal situations such as unauthorized access.
3, the hospital public * * * area of LED display screen, by the specialist is responsible for, modify the content requires high strength password.
Third, standardize process operation and develop good habits.
All staff are required to understand the network security situation, abide by the safety regulations, master the operation skills, and strive to improve the hospital's network security guarantee ability, and put forward six regulations for everyone to develop good network security habits.
1. It is forbidden to use unclassified machines to process confidential documents.
2. It is forbidden to process and store internal documents and materials on the external network.
3. All working computers should be provided with power-on passwords.
4. It is forbidden to set wireless devices such as wireless routers in the work network.
When people leave the work computer, cut off the network and power supply strictly.
6. It is forbidden to install non-work software such as games in the work network computer.
Summary Report of Hospital Network Security Inspection Article 4 After receiving the rectification notice of information system security, we learned from your company that the leaders of our hospital attached great importance to it and instructed the Information Department to carry out rectification as required. The rectification situation is now reported as follows.
First, the general situation of network security level protection in our hospital
According to the requirements of higher authorities and industry authorities, our hospital attaches great importance to and carries out the work related to network security level protection, mainly including information system sorting, classification, filing, level protection evaluation, safety construction rectification and so on. At present, the main information systems in our hospital are: integrated business information system. Integrated business information system is a collection of core medical business information systems of Shangcheng County People's Hospital. The functional modules of the system mainly include hospital information system (HIS), laboratory information system (LIS), electronic medical record system (EMRS) and medical image information system (PACS). Hospital information system (HIS), laboratory information system (LIS) and electronic medical record system (EMRS) were developed and built by Fujian Hongyang Software Co., Ltd. with technical support. The medical image information system,
On 20xx 1 1, our hospital has completed the grading, filing, grading protection evaluation and expert evaluation of the integrated business information system. The system security protection level is Grade II (S2A2G2), and the rating protection evaluation institution is Henan Tianqi Information Security Technology Co., Ltd., and the rating protection evaluation conclusions are basically the same, with a comprehensive score of 76.02. During the evaluation process, the Information Department has rectified the security problems that can be rectified immediately according to the suggestions of the appraisers, such as server security reinforcement, access control policy adjustment, installation of anti-virus software, and addition of security products. At present, our hospital is carrying out the evaluation of network security level protection of portal websites.
Second, the rectification of security issues
The information system security issues involved in this rectification report are the contents of hospital information system evaluation feedback entrusted by our hospital in 20xx 1 1, mainly including application server, database server operating system vulnerabilities and Oracle vulnerabilities. In view of the loopholes in the application server system, our hospital communicated with the security company in time. After the communication, some system services and ports were closed, and the necessary system upgrade package was updated to deal with it in time. In view of the security vulnerabilities in Oracle database, we communicated with security companies and software vendors. Our HIS system was put into use at the end of 20xx, and the database version is Oracle 1 1g, which was put into operation earlier, and the vulnerabilities were not fixed in time when deployed in the intranet environment.
After testing, software developers found that fixing Oracle database vulnerabilities will affect the normal operation of HIS system, and there are unknown risks. In order to ensure the safe and stable operation of the information system and reduce the security risks faced by the information system, we mainly take measures to reduce the risks caused by database security vulnerabilities, such as controlling database access rights, cutting off unnecessary connections with servers, and limiting the permissions of database administrators. The specific measures are as follows: first, different technicians should master the management authority of database server and database respectively; The second database server only allows application servers with business needs to connect, and the daily management database adopts local management mode, and the database does not provide remote access; Thirdly, the security of the database is strengthened, such as setting strong password, turning on the log audit function, and disabling the default user of the database.
Our hospital attaches great importance to network security. The hospital network has been equipped with firewall, gas wall, intrusion prevention, online antivirus software, desktop terminal management and other security products, and is purchasing security products such as gateway, fortress machine and log audit. At the same time, the hospital network security team was established, and three technicians were responsible for network security management, which greatly improved the network security management level of our hospital.
"Without network security, there is no national security". As the medical treatment center of the county, the hospital always puts information network security and medical safety in the first place, closely follows the development of the hospital and the needs of the situation, scientifically and effectively promotes the construction of network security, and accepts the supervision and management of competent departments at all levels.
Chapter V Summary Report of Hospital Network Security Inspection After receiving the Notice on Printing and Distributing the Action Plan for Network and Information Security Inspection of Health Industry in xx City, the leaders of our hospital attached great importance to it, immediately convened a meeting of heads of relevant departments, thoroughly studied and conscientiously implemented the spirit of the document, fully understood the importance and necessity of carrying out self-inspection on network and information security, and made detailed arrangements for self-inspection work. The dean in charge is responsible for arranging and coordinating relevant inspection departments, supervising and inspecting projects, and the Information Department is responsible for specific inspection and self-inspection, carefully recording the problems found in self-inspection and making timely rectification.
For a long time, our hospital has always attached great importance to network and information security in the process of informatization construction, and adopted domestic advanced safety management norms and effective safety management measures. Since August 2 1 day, the whole hospital has carried out self-inspection of network and information security, and conducted item-by-item investigation according to the corresponding characteristics of hospital Internet security and local area network security to eliminate potential safety hazards. The information security work in our hospital is reported as follows.
First, network security management:
The network of our hospital is divided into Internet and intranet, which are physically isolated to ensure their independent, safe and efficient operation. Focus on the "three major security" investigations.
1. Hardware safety, including lightning protection, fire prevention, theft prevention and UPS power connection. The HIS server room of the hospital was built in strict accordance with the standards of the room, and the staff insisted on daily inspections to eliminate potential safety hazards. His server, multi-port switch and router are all protected by UPS power supply, which can ensure the normal operation of the equipment in the case of short-term power failure and will not be damaged by sudden power failure. In addition, the USB interfaces of all computers in the local area network are completely closed, which effectively avoids poisoning or leakage caused by external media (such as U disk and mobile hard disk).
2. Network security: including network structure, password management, IP management, online behavior management, etc. Network structure includes reasonable network structure, stability of network connection and stability of network equipment (switches, routers, optical fiber transceivers, etc.). ). Each operator of HIS system has his own login name and password, and is given the corresponding operator authority. The account operated by others shall not be used, and the management system of "who uses, who manages and who is responsible" shall be implemented for the account. The Internet and LAN in the hospital have fixed IP addresses, which are uniformly distributed and managed by the hospital. It is not allowed to add new IP privately, and unassigned IP cannot access the Internet. In order to ensure that the hospital Internet can meet the normal office needs, the application software such as P2P is blocked by the router, which effectively prevents people from using the office computer to watch videos and play games online during work, and greatly improves the office utilization rate of the Internet.
Second, the database security management:
At present, the database running in our hospital is Jinwei HIS database, which is the basis for the normal operation of various services such as hospital diagnosis and treatment, pricing, charging, inquiry and statistics. In order to ensure the normal and efficient operation of various businesses in the hospital, database security management is extremely necessary. The security features of the database system are mainly aimed at the technical protection of data, including data security, concurrency control, fault recovery, database disaster recovery backup and so on. Our hospital takes the following measures for data security: (1) separate the part of the database that needs protection from other parts.
(2) Adopt authorization rules, such as account number, password, authority control and other access control methods.
(3) encrypting data and storing it in a database; If a database application wants to share data with multiple users, multiple users may access data at the same time. This event is called a concurrent event. When a user takes out data for modification, if other users take out the data again before the modification is stored in the database, the read data is incorrect. At this time, it is necessary to control this concurrent operation to eliminate and avoid this error and ensure the correctness of the data; The database management system provides a set of methods, which can find faults in time and repair them, thus preventing data from being destroyed. The database system can recover the faults occurred during the operation of the database system as soon as possible, which may be physical or logical errors. For example, data errors caused by system misoperation; Disaster-tolerant backup of database is an extremely important part of database security management, the last guarantee for effective and safe operation of database, and also an effective measure to ensure long-term preservation of database information. The backup type adopted by our hospital is full backup, which backs up the whole database every morning, including all database objects such as user tables, system tables, indexes, views and stored procedures. In the process of data backup, the master and slave servers operate normally, and the business of each client can be carried out normally, that is, hot backup.
Third, software management:
At present, the running software in our hospital is mainly divided into three categories: HIS system, common office software and antivirus software. HIS system is the most important software in our daily business, and it is the basis to ensure the normal operation of hospital diagnosis and treatment activities. Since it was launched in 20xx, it has been running stably without major security problems, and it is constantly updated and enriched according to business needs. For new employees, a training will be conducted before taking up their posts to explain the operation process and specifications of his system, including safety knowledge, to ensure that no major safety problems will occur during use. Common office software is installed and maintained by the hospital information department. Antivirus software is an effective tool to protect computer systems from viruses, Trojans, tampering, paralysis, attacks and leaks. All computers are equipped with genuine anti-virus software (Rising Anti-virus Software and 360 Security Guard), and the virus database is updated regularly to ensure that the defense capability of anti-virus software is always maintained at a high level.
Fourth, emergency response:
The server of HIS system in our hospital is safe and stable, equipped with large UPS power supply, which can ensure the server to run for eight hours in the case of large-scale power failure. Although the hospital's HIS system has been running well for a long time, and the server has not stopped for a long time, the hospital has made an emergency plan and trained the charging operators and nurses. If there is a large-scale and long-term power outage in the hospital and the HIS system cannot operate normally, manual charging, bookkeeping and medicine distribution will be temporarily started to ensure the normal and orderly diagnosis and treatment activities. When the HIS system returns to normal operation, invoices and charging items will be supplemented.
Generally speaking, the network and information security work in our hospital has been very successful, and there has never been a major security accident. All systems are running stably, and all businesses can run normally. However, the self-examination also found shortcomings, such as the shortage of hospital information technology personnel and limited information security force; Information security awareness is not enough, and individual departments lack the initiative and consciousness to maintain information security. In the future, it is necessary to strengthen the training of information technology personnel and further improve the technical level of information security; Strengthen the information security education of the staff of the whole hospital, and improve the initiative and consciousness of maintaining information security; Increase the investment in hospital informatization construction, upgrade the configuration of computer equipment, and further improve the work efficiency and the safety of system operation.
After a week's self-examination, our hospital fully realized that safety work is a project that needs constant attention, and at the same time, we should constantly innovate and change the old management methods and concepts to meet the needs of safety management under the new situation.
Summary Report of Hospital Network Security Inspection 6 In order to further strengthen the information system security management in our hospital, strengthen the awareness of information security and confidentiality, and improve the level of information security, according to the requirements of the Document Notice on Supervision and Inspection of Health System Network and Information Security in xx Province issued by the Provincial Health Planning Commission, the leaders of our hospital attached great importance to it, set up a special management organization, held a meeting of heads of relevant departments, studied deeply, and conscientiously implemented the spirit of the document. We fully realized the importance and necessity of self-inspection of network and information security, and made detailed arrangements for the self-inspection work. The dean in charge is responsible for arranging and coordinating relevant inspection departments, supervising and inspecting projects, establishing and improving the hospital network security and confidentiality responsibility system and relevant rules and regulations, strictly implementing the provisions on network information security and confidentiality, and carrying out special inspections on network information security of all departments in the hospital. The self-inspection is now reported as follows:
First, the basic situation of hospital network construction
Hospital information management system (HIS system) was upgraded by xxXX Technology Co., Ltd. in XX. Our technicians are responsible for the upgraded foreground maintenance, and the technicians of xxxx Technology Co., Ltd. are responsible for the background maintenance and accident handling.
Second, the self-inspection work
1, computer room safety inspection. Computer room safety mainly includes fire safety, electricity safety, hardware safety, software maintenance safety, door and window safety and lightning protection safety. The server room of hospital information system is built in strict accordance with the standard of computer room, and the staff insist on fixed-point inspection every day. The system server, multi-port switch and router are all protected by UPS power supply, which can ensure the normal operation of the equipment for 3 hours under the condition of power failure and will not damage the equipment due to sudden power failure.
2. LAN security check. It mainly includes network structure, password management, IP management, storage media management, etc. Each operator of HIS system has his own login name and password, and is given the corresponding operator authority. The account operated by others shall not be used, and the management system of "who uses, who manages and who is responsible" shall be implemented for the account. Hospital LANs have fixed IP addresses, which are uniformly distributed and managed by the hospital. You can't add new IP without permission, and unassigned IP can't connect to the hospital LAN. The USB interfaces of all computers in the local area network of our hospital are fully enclosed, which effectively avoids poisoning or leakage caused by external media (such as U disk and mobile hard disk).
3. Database security management. Our hospital adopts the following data security measures:
(1) Separate the part of the database that needs to be protected from other parts.
(2) Adopt authorization rules, such as account number, password, authority control and other access control methods.
(3) The database account password shall be managed and maintained by special personnel.
(4) Database users must change their passwords every six months.
(5) The server adopts virtualization for security management. When the current server has problems, switch to another server in time to ensure the normal operation of the client business.
Third, emergency response.
The server of HIS system in our hospital is safe and stable, equipped with large UPS power supply, which can ensure the server to run for about six hours in the case of large-scale power failure. Our hospital's HIS system has just been upgraded, and the server has not been down for a long time. However, the hospital has formulated an emergency plan and trained charging operators and nurses. If the HIS system can't operate normally due to a large-scale and long-term power outage in the hospital, manual charging, bookkeeping and medicine distribution will be temporarily started to ensure the normal and orderly diagnosis and treatment activities. When the HIS system returns to normal operation, invoices and fees will be supplemented.
Fourth, the existing problems
The network and information security work in our hospital has been done carefully, and there has never been a major security accident. All systems are running stably, and all businesses can run normally. However, the self-examination also found shortcomings, such as the lack of information technology personnel, limited information security force, incomplete information security training, insufficient awareness of information security, and insufficient initiative and consciousness of individual departments to maintain information security; Insufficient emergency drills; The condition of computer room is poor; Individual departments have low computer equipment configuration and long service life.
In the future, we should strengthen the training of information technology personnel, improve the technical level of information security, strengthen the information security education of hospital staff, improve the initiative and consciousness of maintaining information security, increase the investment in hospital informatization construction, improve the configuration of computer equipment, and further improve the work efficiency and the safety of system operation.