Build network security system, on the one hand, due to the authentication, encryption, listening, analysis, recording and other work, which affects the network efficiency, and reduces the flexibility of the customer's application; on the other hand, it also increases the management costs. The following is my hospital network security inspection summary report, welcome to refer to!
Hospital network security inspection summary report Part 1In order to conscientiously implement the Ministry of Public Security "on the important information systems and key websites to carry out network security protection status of self-inspection and self-inspection work of the notification" document spirit, in order to further improve the hospital network and information systems security self-inspection work to improve the ability to improve the security protection and level of prevention and reduction of the occurrence of major information security incidents, and to effectively strengthen network and information systems security prevention work, create a good network and information systems security work, create a good network and information systems security prevention work. information system security prevention work, to create a good network information environment. Recently, the hospital carried out information systems and website network security self-check, now the hospital network and information systems security self-check work report as follows:
First, the network and information security self-check work organization and development
(a) self-check of the overall evaluation
The hospital strictly in accordance with the requirements of the Ministry of Public Security on the network and information systems security inspection work, and actively strengthen the network and information systems security checking work requirements, and actively strengthen the network and information systems security checking work requirements, and actively strengthen the network and information systems security checking work requirements. Security inspection work requirements, actively strengthen the organizational leadership, the implementation of work responsibilities, improve the information system security system, strengthen the daily supervision and inspection, the full implementation of information system security prevention work. This year, we have focused on the following inspections: First, hardware security, including lightning protection, fire prevention and power connection, etc.; second, network security, including network structure, Internet behavior management, etc.; third, application security, official document transmission system, software management, etc., to form a good and stable security and confidentiality of the network environment.
(B) actively organize and deploy network and information security self-inspection work
1, specifically set up a network and information security self-inspection coordination and leadership
The establishment of the information security coordination and leadership group composed of the leaders in charge, the departments in charge, network management, to ensure that the information system is running efficiently, rationalize the management of information security and standardize the construction of information technology security level.
2, a clear network and information security self-examination of the responsible departments and jobs
The leadership of our hospital pays great attention to the construction of information systems, and has held many meetings to clarify the information technology construction of the responsible departments to achieve a clear division of labor, the responsibility is specific to the person.
3, implement the network and information security self-inspection of various working documents or programs
The information system responsible departments and staff to conscientiously implement the work of the Municipal Commission of Industry and Information Technology various working documents or programs, according to the characteristics of the work of the network and information security inspection, to develop a series of rules and regulations, the implementation of the network and information security work.
4, held a work mobilization meeting, organizing staff training, special deployment of network and information security self-inspection work
I held a quarterly work mobilization meeting, regular and occasional training of technical staff, and carry out the assessment. Technical staff to seriously study and implement the spirit of the relevant documents, the information security work to an important position, always pay attention to.
Second, the main work of information security
(a) network security management
1, conscientiously implement the information security responsibility system
I hospitals to develop a corresponding information security accountability system, post to people, a clear division of responsibility, to reduce the responsibility of the information security accidents to a minimum.
2, and actively promote the construction of information security system
(1) to strengthen the construction of personnel security management system
Our hospital has established a security management system of personnel recruitment, leaving the post, assessment, security and confidentiality, education and training, management of outsiders and other security management system, the training of new personnel, to strengthen the security management of the personnel, and to carry out the assessment from time to time.
(2) Strict implementation of the machine room safety management system
Our hospital has developed a "machine room management system" to strengthen the management of personnel in and out of the machine room and the daily monitoring system, the strict implementation of the machine room safety management regulations, and to do a good job in fire prevention and anti-theft, to ensure the safety of the machine room.
(ii) technical security prevention and implementation of measures
1, network security
Our hospital is equipped with anti-virus software, network isolation card, the use of a strong password password, database storage backup, mobile storage device management, data encryption and other security measures, a clear responsibility for network security, strengthened network security work. Professional anti-virus software has been installed in computer and network configurations to strengthen the effectiveness in anti-virus, anti-attack and anti-disclosure. And in accordance with the confidentiality provisions of the important classified computers in the implementation of the boot password management, dedicated to the special, to eliminate the mix between classified and non-classified computers.
2, information systems security
classified computers are not illegal on the Internet and other information networks, there has been no loss of confidentiality, leakage phenomenon. The implementation of the leadership review and signature system where the information uploaded to the website must be reviewed and signed by the relevant leaders before uploading; secondly, to carry out regular security checks, mainly on SQL injection attacks, cross-site scripting attacks, weak passwords, operating system patch installation, application program patch installation, anti-virus software installation and upgrading, Trojan horse virus detection, port openings, the opening of the system management privileges, the opening of access rights, web page tampering, and so on. The company has been monitoring the situation of webpage tampering, and has made a serious effort to keep a system security diary.
(C) Emergency work
1, carry out daily information security monitoring and early warning
I set up daily information security monitoring and early warning mechanism, improve the handling of network and information security emergencies public **** ability to events, strengthen network information security work, the formation of a scientific, effective, responsive emergency response mechanism, to ensure that important computer information systems, physical security, operational security and data security. Entity security, operational security and data security, minimize the harm of the website network and information security emergencies public **** events.
2, the establishment of security incident reporting and response processing procedures
Our hospital to establish and improve the hierarchical responsibility of the emergency management system, improve the day-to-day security management responsibility system. Relevant departments are responsible for their own duties and do a good job in daily management and emergency response handling. The establishment of security incident reporting and corresponding processing procedures, according to the classification and grading of security incidents, different reporting procedures, to carry out different response processing.
3, the development of emergency response plan, regular drills and continuous improvement
The hospital has developed a security emergency plan, according to the early warning information, the start of the corresponding emergency procedures, strengthen the duty duty work, and do a good job of emergency response to all the preparatory work. Regular rehearsals of the early warning program, and constantly improve the feasibility and operability of the early warning program.
(D) security education and training
In order to ensure the safe and effective operation of the hospital network, reduce virus intrusion, the hospital on network security and system security related knowledge training. During the period, people were consulted in detail on computer-related problems encountered in actual work and received satisfactory answers.
Third, the network and information security problems
After the security check, the overall situation of information system security in my unit is good, but there are some shortcomings:
1, not enough information security awareness. Employee information security education is not enough, lack of initiative and conscientiousness to maintain information security.
2, equipment maintenance, update is not timely enough.
3, fewer professional and technical staff, limited information systems security force, information systems security technology level has to be improved.
4, the information system security mechanism to be further improved.
Fourth, the network and information security improvement measures
According to the shortcomings found in the self-checking process, while combining the actuality of our hospital, we will focus on the following aspects of rectification:
First, we must continue to strengthen the information security education of the entire staff to improve the initiative and conscientiousness to do a good job of security work.
The second is to effectively strengthen the implementation of the information security system, from time to time on the implementation of the security system to check, for the adverse consequences of the responsible person, we must seriously pursue the responsibility to improve the personnel security awareness.
Third, to strengthen the training of professional information technology personnel, to further improve the technical level of information security work, so that we can further strengthen the computer information system security and confidentiality.
Fourth, to increase the line, system, network equipment maintenance and maintenance, at the same time, for the rapid development of information technology, to increase the system equipment update.
Fifth, we must innovate and improve the information security work mechanism, further standardize the office order and improve the security of information work.
Fifth, on the strengthening of information security work of the views and recommendations
We found in the management process of the existence of some management weaknesses, the future we also want to improve in the following areas:
First, for the line is not neat, exposed, and immediately rectify the line of the deadline, and do a good job to prevent the rodent
The second is to strengthen equipment maintenance, timely replacement and maintenance of faulty equipment.
Third, self-examination found that individual personnel computer security awareness is not strong. In the future, we will continue to strengthen computer security awareness education and prevention skills training, so that employees fully realize the seriousness of computer cases. The combination of human defense and technical defense, really do a good job of network security of the unit.
Hospital network security check summary report Part 2According to the spirit of the higher network security management documents, xx County Board of Education set up a network information security work leading group, under the leadership of the leader of the group Zeng Ziqiang, deputy director of the leadership of the development of the plan, clear responsibility for the implementation of the specific implementation of my system of network and information security to carry out a comprehensive investigation. Find problems, analyze problems, solve problems, to ensure that the network can better maintain good operation, for the development of education in our county to provide a strong information support platform.
First, strengthen the leadership, set up a network and information security work leading group
In order to further strengthen the system-wide network information systems security management, I set up a network and information systems security and confidentiality work leading group to achieve a clear division of labor, the responsibility for specific to the person. Security work leading group, group leader Zeng Ziqiang, deputy leader Wu Wanfu, members of Liu Linsheng, Wang Zhichun, Su Yu. Division of labor and their respective responsibilities are as follows: Zeng Ziqiang, deputy director of the Bureau of computer networks and information systems security and confidentiality of the first responsible person, fully responsible for computer networks and information security management. Office Director Wu Wanfu in charge of computer network and information security management. Liu Linsheng is responsible for the computer network and information security management of daily affairs, the higher education authorities issued information, the receipt of documents. Wang Zhichun is responsible for the daily coordination and supervision of computer network and information security management. Su Yu is responsible for network maintenance and daily technical management.
Second, improve the system to ensure that the network security work to follow
In order to ensure the normal operation of the computer network of my system and the healthy development of the system, to strengthen the management of the campus network, standardize the use of network behavior, according to "China's education and scientific research computer network management approach (for trial implementation)", "on further strengthening the education system of XX County network security management notice".
Three, strengthened management, strengthened network security technical precautions
I system computer network to strengthen the technical precautions. One is the installation of the Kaspersky firewall to prevent viruses, reactionary bad information invasion of the network. The second is the installation of two antivirus software, network administrators weekly antivirus software virus database upgrade, timely antivirus software upgrade and antivirus, found that the problem is immediately resolved. Third, the network is connected to the lightning network of the agency building, the computer is located in the department to strengthen the doors and windows, purchase fire extinguishers, placed in a prominent position, to do the equipment lightning, burglary, fire prevention, to ensure that the equipment is safe and intact. Fourth, timely update of the server system and software. Fifth, pay close attention to CERT messages. Sixth, the important documents, information resources to do timely backup. Create system recovery files.
I Bureau of network security leading group quarterly system-wide computer room, school office machines, multimedia classrooms and school classrooms of environmental security, equipment security, information security, management system implementation and other content of a comprehensive inspection, the existence of problems in a timely manner to rectify, eliminate security risks.
Hospital network security check summary report Part 3
I hospital actively implement the county party committee network information office "on doing a good job in our county hospital network security work notice" requirements, our hospital leadership attaches great importance to immediate action, the successful completion of the National Day during the network information security work.
First, attach great importance to the implementation of responsibility.
Our hospital set up a network security leadership group, the director of the Information Technology Section as team leader, the other directors of the departments and offices of the deputy leader and team members. September 21 before the responsibility of the leadership, the liaison list, the network security self-examination form sent to the Office of the Leading Group on Network Security, requiring the team members to 24-hour boot, ready to reflect at any time, to report on the preparations for the problem of network security.
National Day xx anniversary of September 21 to October 10 period:
1. Network information security reporting requirements 24-hour monitoring.
2. Risk prevention and control: found that the problem, within three minutes must be broken; within half an hour to report to the network security leading group; no problem, zero report.
3. Require each section to report every day before 15:00 hours to the previous day to the day 15:00 hours network information security.
Second, strengthen the security measures to improve risk prevention
1, the hospital office communication tools OA, vulnerability repair check upgrade. Firmly rectify the user long-term use of the default password, long-term unchanged password and other issues.
2, the information section of the hospital data to take classification, backup, encryption and other measures, strict data access rights, timely detection and disposal of unauthorized access and other anomalies.
3, the hospital public **** area of the LED screen, by a person responsible for, modify the content requires a high-strength password password.
Third, standardize the process operation, develop good habits.
Requirements for all staff should understand the network security situation, comply with security regulations, master the operating skills, and strive to improve the hospital network security capabilities, put forward everyone to develop good network security habits of the six provisions.
1, prohibit the use of non-classified machines to deal with classified documents.
2, prohibit the processing and storage of internal documents and information on the Internet.
3, all work computers should be set to boot password.
4, prohibited in the work of the network to set up wireless routers and other wireless devices.
5. Strictly do people leave the work of the computer that is disconnected from the network power.
6, prohibit the installation of games and other non-work software in the work network computer.
Hospital network security inspection summary report Part 4
I received your unit in the "information system security and other security deadline rectification notice", the hospital leadership attaches great importance to the task of the information section in accordance with the requirements of the rectification, and now the rectification of the situation is reported as follows.
Overview of our network security level protection work
According to the requirements of the higher authorities and industry authorities, our hospital attaches great importance to and carried out the network security level protection related work, the work mainly contains information systems combing, grading, filing, level protection assessment, security construction and rectification. The main information systems currently running in our hospital are: comprehensive business information system. Comprehensive business information system is the collection of core medical business information system of Shangcheng County People's Hospital, and the functional modules of the system mainly include Hospital Information System (HIS), Laboratory Information System (LIS), Electronic Medical Record System (EMRS), and Medical Imaging Information System (PACS), of which the Hospital Information System (HIS), Laboratory Information System (LIS), and Electronic Medical Record System (EMRS) are mainly implemented by Fujian Hongyang Software Co. (HIS), Laboratory Information System (LIS), Electronic Medical Record System (EMRS), which is developed and constructed by Fujian Hongyang Software Co., Ltd. and provides technical support, and Medical Imaging Information System (PACS), which is developed, constructed and provided with technical support by Shenzhen AVIC Information Technology Industry Co.
Our hospital has completed the comprehensive business information system classification, filing, level protection evaluation, expert review and other work in November 20xx, the system security protection level for the second level (S2A2G2), level protection evaluation organization for Henan Tianqi information security technology limited company, the conclusion of the level protection evaluation is basically in line with the comprehensive score of 76.02 points. During the evaluation process, the Information Section has carried out rectification of security problems that can be immediately rectified according to the suggestions of the evaluators, such as: server security reinforcement, access control policy adjustment, installation of anti-virus software, increase of security products, etc. The Information Section is currently working on the portal of the hospital. At present, the hospital is in the portal of the network security level protection assessment work.
Second, the rectification of security issues
The information system security issues involved in this rectification report is the hospital in November 20xx commissioned by Henan Tianqi company on the hospital information system evaluation feedback, mainly including application servers, database servers operating system vulnerabilities and Oracle vulnerabilities. In response to the application server system vulnerabilities, the hospital communicated with the security company in a timely manner. After the communication, the hospital closed some of the system services and ports, and updated the necessary system upgrade packages and other measures to deal with the problem in a timely manner. For the Oracle database security vulnerabilities, we communicate with security companies and software vendors, our hospital HIS system was put into use at the end of 20xx, the database version of Oracle 11g, put into operation earlier, and deployed in the intranet environment is not timely repair of vulnerabilities.
After the software development vendor testing found that repairing Oracle database vulnerabilities will affect the normal operation of the HIS system, and there is an unknown risk, in order to both ensure the safe and stable operation of the information system and to reduce the security risks facing the information system, we have mainly taken to control the database access privileges, cut off the unnecessary connection with the server, and limit the rights of the database management personnel to reduce the risk caused by the database security vulnerabilities. We mainly take measures such as controlling database access privileges, cutting off unnecessary connections with the server, and restricting the authority of database managers to reduce the risks caused by database security vulnerabilities. Specific measures are as follows: first, different technical personnel respectively grasp the database server and database management rights; second, the database server only allows the connection of application servers with business needs, the daily management of the database adopts the local management mode, and the database does not provide remote access to the outside world; third, the database has been reinforced with security, strong passwords have been set, log auditing has been turned on, and the default database user has been disabled. The third is to strengthen the security of the database, set a strong password, enable the log audit function, disable the default database user.
Our hospital attaches great importance to network security, the hospital network has been equipped with firewalls, anti-virus walls, intrusion prevention, network version of antivirus software, desktop terminal management and other security products, and is purchasing network gates, bastion machines, log auditing and other security products, while the formation of the hospital's network security team of three technicians responsible for network security management, so that the level of our network security management has increased significantly. enhancement.
"Without network security, there is no national security". As a county medical treatment center, the hospital has always put the information network security and medical safety in the first place, and constantly keep up with the development of the hospital and the needs of the situation, scientific and effective promotion of network security construction work, and accept the supervision and management of the competent departments at all levels.
Hospital network security inspection summary report Part 5After receiving the notice "on the issuance of" xx city health industry network and information security inspection action work program "of the 'notice," the hospital leadership attaches great importance to immediately convene a meeting of the relevant sections responsible for in-depth study and seriously implement the spirit of the document, and fully aware of the importance of carrying out the work of network and information security self-checking and the need for the Self-inspection work made a detailed deployment, by the competent dean is responsible for arranging, coordinating the relevant inspection departments, supervision and inspection projects, by the information section is responsible for the specific inspection and self-inspection work, and self-inspection of the problems found in the relevant records seriously, timely rectification and improvement.
For a long time, our hospital in the process of information technology construction, has been very important to the network and information security work, and to take the current domestic more advanced security management norms, effective security management measures. Since August 21, the whole hospital to carry out network and information security work self-check, according to the corresponding characteristics of the Internet security and the hospital LAN security, item by item check to eliminate security risks, is now the information security work of the hospital reported as follows.
First, network security management:
The hospital's network is divided into the Internet and the hospital LAN, the two networks to achieve physical isolation to ensure that the two networks can be independent, safe and efficient operation. The main focus is on the "three major security" investigation.
1. Hardware security, including lightning, fire, theft and UPS power connection. The hospital HIS server room is strictly in accordance with the standard construction of the room, the staff adhere to the daily inspection, remove security risks. HIS servers, multi-port switches, routers are protected by UPS power supply, which can ensure that a short period of time power outage, the normal operation of the equipment, not due to a sudden power outage caused by the damage to the equipment. In addition, all computer USB ports on the LAN are completely closed, which effectively avoids the occurrence of poisoning or leakage due to external media (e.g., USB flash drives, portable hard drives).
2. Network security: including network structure, password management, IP management, Internet behavior management, etc.; network structure, including reasonable network structure, the stability of the network connection, the stability of the network equipment (switches, routers, fiber-optic transceivers, etc.) The operator of the HIS system, each person has his own login name and password, and assign the appropriate operator's privileges, and may not use the operating account of others. Each operator of the HIS system has his/her own login name and password, and is assigned the corresponding operator privileges, and is not allowed to use other people's operating accounts. The Internet and the LAN of the hospital have fixed IP addresses, which are assigned and managed by the hospital, and it is not allowed to add new IPs privately, and it is impossible to access the Internet without assigned IPs. In order to ensure that the hospital Internet can meet the normal office needs, through the router for P2P and other applications for shielding, effectively preventing the use of office computers in the work of online video, play games, etc., greatly improving the Internet office utilization.
Second, the database security management:
Our hospital is currently running the database for the Golden Guardian HIS database, is the hospital diagnosis and treatment, pricing, charging, querying, statistics and other business can be the basis of the normal, in order to ensure that the hospital's various business operations are normal, efficient operation, the database security management is extremely necessary. The security features of the database system are mainly for the technical protection of data, including data security, concurrency control, fault recovery, database disaster recovery and backup. Our hospital takes the following measures for data security: (1) Separate the parts of the database that need to be protected from other parts.
(2) Use authorization rules, such as accounts, passwords, and access control and other access control methods.
(3) Encrypt the data and store it in the database; if the database application is to realize multi-user **** enjoyment of data, it is possible that more than one user is going to access the data at the same moment, and this kind of event is called a concurrency event. When a user to take out the data to modify, in the modification of the database before the changes are stored in the database, such as other users to take this data, then read out the data is incorrect. At this time it is necessary to control this concurrent operation, to exclude and avoid the occurrence of such errors, to ensure the correctness of the data; database management system to provide a set of methods to detect faults and repair faults in a timely manner, thereby preventing the destruction of data. Database system can be recovered as soon as possible when the database system failure in operation, may be physical or logical errors. For example, data errors caused by misoperation of the system; database disaster recovery backup is an extremely important part of database security management, is the last guarantee of effective and safe operation of the database, but also to ensure that the database information can be stored for a long time is an effective measure. The backup type adopted by our hospital is full backup, which backs up the whole database in the early morning every day, including all database objects such as user tables, system tables, indexes, views and stored procedures. In the process of backing up the data, the master and slave servers run normally, and the business of each client can be carried out normally, that is, hot backup.
Third, software management:
At present, our hospital in the operation of the software is mainly divided into three categories: HIS system, commonly used office software and antivirus software. HIS system is the hospital's daily business in the most important software, is to ensure that the hospital diagnostic and treatment activities of the basis for normal operation, since 20xx since the on-line, the operation of the very stable, no major security problems. Since its launch in 20xx, it has been running stably without any major security problems, and has been constantly updated and enriched according to business needs. For new employees, a training will be conducted before they start work, explaining to them the operating procedures and specifications of the HIS system, including security knowledge, so as to ensure that there will not be any major security problems in the process of using it. Commonly used office software are installed and maintained by the hospital information section. Antivirus software is an effective tool to safeguard the computer system against viruses, Trojan horses, tampering, paralysis, attacks and leaks. All computers, are installed with genuine antivirus software (Rising Star antivirus software and 360 security guards), and regularly update the virus database, in order to ensure that the antivirus defense capability is always maintained at a high level.
Four, emergency disposal:
Our hospital HIS system server operation is safe, stable, and equipped with a large UPS power supply, which can ensure that a large area of power outages, the server adhere to the operation of eight hours. Although the hospital's HIS system for a long time, running well, the server has not occurred for a long time downtime, but the hospital still developed an emergency disposal plan, and the charge operators and nurses have been trained, if the hospital has a large area, a long period of time power outage, the HIS system can not run normally, will temporarily start manual charging, bookkeeping, and issuing medication to ensure that diagnostic and treatment activities can be carried out in a normal and orderly manner, and the hospital has a large area of power outages. When the HIS system returns to normal operation, the invoices will be replenished and the charges will be recorded.
Overall, the hospital's network and information security work has been very successful, there has never been a major security incident, the operation of the system is stable, the business can run normally. However, the self-examination also found shortcomings, such as the current hospital information technology staff is small, information security force is limited; information security awareness is not enough, individual departments lack of initiative and conscientiousness to maintain information security. In the future, we need to strengthen the training of information technology personnel to further improve the technical level of information security; strengthen the information security education of the entire hospital staff to improve the initiative and conscientiousness of the maintenance of information security; increase the investment in the hospital's information technology construction, enhance the configuration of computer equipment, and further improve the efficiency and security of the system operation.
After a week of self-inspection, the hospital fully realized that security is a project that requires constant attention, and at the same time, we must continue to innovate and change the old management methods and concepts to adapt to the new situation of security management needs.
Hospital network security inspection summary report Part 6In order to further strengthen the security management of our information system, strengthen the awareness of information security and confidentiality, and improve the level of information security, in accordance with the Provincial Health Planning Commission, "on the network of the health system in xx province and information security supervision and inspection of the work of the notification" document requirements, the leadership of the hospital attaches great importance to the establishment of a special management organizational structure, held a meeting of the relevant departments responsible for Meeting, in-depth study and conscientiously implement the spirit of the document, fully recognize the importance and necessity of carrying out network and information security self-inspection work, the self-inspection work to do a detailed deployment, by the competent dean is responsible for arranging, coordinating the relevant inspection departments, supervision and inspection of the project, to establish and improve the hospital's network security and confidentiality of the responsibility system and the relevant rules and regulations, and strict implementation of the provisions relating to the confidentiality of network information security, and For the hospital's network information security of the various departments carried out a special inspection, is now the self-inspection report as follows:
First, the basic situation of the hospital network construction
Our hospital information management system in xx in xx in xx by xxxx technology limited company of the hospital information management system (HIS system) for upgrading. The upgraded front-end maintenance is the responsibility of our hospital's technical staff, and the back-end maintenance and outside the incident processing by xxxx technology limited liability company technicians.
Second, self-examination of the work
1, machine room safety inspection. Server room safety mainly includes: fire safety, electricity safety, hardware safety, software maintenance safety, door and window safety and lightning safety and other aspects of safety. Hospital information system server room is strictly in accordance with the standard construction of the server room, the staff adhere to the daily scheduled inspections. System servers, multi-port switches, routers have UPS power protection, which can ensure that in the event of a power outage of three hours, the equipment can run normally, not due to a sudden power failure to equipment damage.
2, local network security checks. Mainly includes network structure, password management, IP management, storage media management, etc.; HIS system operators, each with their own login name and password, and assign the appropriate operator privileges, not to use other people's operating accounts, accounts for the implementation of the "who uses, who manages, who is responsible for" management system. The hospital's local area network (LAN) has a fixed IP address, which is uniformly assigned and managed by the hospital, so it is impossible to add a new IP privately, and unassigned IPs cannot be connected to the hospital's LAN. All computer USB ports in the hospital LAN are completely closed, effectively avoiding the occurrence of poisoning or leakage due to external media (e.g. USB flash drive, portable hard disk).
3. Database security management. Our hospital takes the following measures for data security:
(1) Separate the parts of the database that need to be protected from other parts.
(2) Adopt authorization rules, such as accounts, passwords and access control and other access control methods.
(3) Database account passwords are managed and maintained by specialized personnel.
(4) Database users must change their passwords every 6 months.
(5) The server adopts virtualization for security management, and when the current server has problems, it switches to another server in time to ensure the normal operation of the client's business.
Three, emergency disposal
Our HIS system server operation is safe, stable, and equipped with a large UPS power supply, which can ensure that the server can run for about six hours in the event of a large power outage. Our HIS system has just been upgraded and put on line not long ago, and the server has not had a long downtime, but the hospital has still formulated an emergency handling plan and trained the fee operators and nurses, so that if there is a large-scale and prolonged power outage in the hospital, and the HIS system can not function normally, it will temporarily start charging fees manually, bookkeeping, and issuing medicines to ensure that diagnostic and therapeutic activities can be carried out in a normal and orderly manner, and then make up the time when the HIS system resumes normal work. When the HIS system resumes normal operation, the invoices will be retyped and the charges will be rewritten.
Fourth, there are problems
Our hospital network and information security work done more seriously, carefully, has never been a major security incidents, the system is stable, the business can run normally. However, the self-examination also found shortcomings, such as the current hospital information technology personnel, information security force is limited, information security training is not comprehensive, information security awareness is still enough, individual departments lack of initiative and conscientiousness to maintain information security; emergency drills to carry out insufficient; poor conditions of the computer room; individual departments of the computer equipment allocation is low, the service period is long.
In the future, we need to strengthen the training of information technology personnel, improve the level of information security technology, strengthen the information security education of the entire hospital staff, improve the initiative and conscientiousness of maintaining information security, increase the investment in the hospital's information technology construction, enhance the allocation of computer equipment, and further improve the efficiency of the work and the security of the system operation.