I. Our hospital information network security work carried out
(a) Overview: Our hospital information construction started late, the foundation is weak. In the hospital leadership of the importance of support, since the beginning of xx year information technology construction to rapid development. At present, the hospital set up a separate central server room, equipped with servers, storage, core switches, firewalls, UPS, VPN, IPS and other specialized equipment. The staff is 4 people, responsible for the hospital's information network construction, information system maintenance, hardware and software equipment maintenance and other work. The successive construction and operation of the system are: HIS system, LIS system, physical examination system, electronic medical records and other services.
(ii) critical information infrastructure: our hospital critical information infrastructure is mainly business-class systems, responsible for the hospital's medical business process management and quality management, hospital daily office management. The hospital's website is hosted in a hosting mode, completely separated from the hospital's intranet, and strict management and access rules have been formulated to ensure the safe operation of the website.
(C) the main work of the hospital network security:
(1) strengthen the construction and training publicity. Our hospital in the past two years to improve the information network management and security construction of the relevant management system, emergency preparedness, the development of network and security management job responsibilities, workflow, carried out a full participation in the information network security training, through continuous publicity and supervision, so that employees to establish the information network security awareness, take the initiative to participate in the network security protection, to prevent the leakage of information, to ensure that the operation of the hospital's information network security.
(2) sound organization, strengthen the responsibility. Information management as one of the important work of hospital management, hospital leadership attaches great importance. The hospital has adjusted the information construction leading group, headed by the president, the relevant personnel as members. The leading group set up a working group under the leading group, with the heads of relevant functional departments and information technology professionals as members. Functional responsibilities including hospital information planning, information network construction, information network security, network emergency response, personnel training and other aspects have been clearly defined. In order to further implement the requirements of competent departments at all levels emphasizing on strengthening network security construction, the hospital has set up a hospital network security management group with clear responsibilities. Against the requirements of the state and the relevant departments at higher levels, the hospital information network system functions are constantly improved, and the security and stability of the information system are constantly enhanced to meet the increasing demand for information network technology services.
(3) Strengthen the information section management. Regularly within the section of the information network security work to emphasize, as far as possible to arrange for personnel to participate in every information network security knowledge training. Implementation of the computer room center equipment regular inspection system, timely elimination of hidden dangers. The Information Section organizes special people to carry out information network security inspections in the department, reminding and correcting staff of irregularities in daily operation to reduce hidden dangers. Important hospital database data using daily backup, and regular copy backup to ensure data security.
(4) A variety of protective measures to ensure information network security. The first is the physical isolation of the business LAN from the Internet. At the same time connected to the special network of medical insurance, new agriculture and special network, and the same as the Internet through the firewall equipment to enter. Secondly, the computers accessing the public network are all fixed IP and bound computers
and isolated from the intranet. Prevent the entry of foreign computers, bringing security risks. Financial management software system computers connected to the financial network and intranet completely isolated. Third, this year, the purchase of a new IPS equipment, strictly control the entrance, the local intranet subregional segmentation management, restriction of access rights, to avoid the spread of viruses throughout the network. Fourth, the hospital LAN in the client are implemented in the domain control management, the client system installation are under the special management of the prevention of virus infections and threats. Fifth, the key parts of the key management, computer room is not allowed to enter the unrelated personnel, system databases are set up complex passwords, special custodian. Sixth, the regular monitoring of the LAN computer anomaly, by restricting the use of USB flash drives in the LAN computer to prevent the spread of viruses in the network. Seventh, the server area is closed to non-essential ports to enhance the protection capability. The company has also installed anti-virus software for the computers on the external network used by the office.
Second, the main problems
Despite taking certain precautions and means, we still feel that the rapid development of the network, and the reality of work on the network of the high degree of dependence on the network, to our network management has brought a lot of pressure, especially with the expansion and increase in business, as well as the trend of the work of the higher departments to complete the work required through the Internet, the network and data security The pressure of network and data security issues has increased steeply. Protection has improved through self-examination and rectification, but there are still some problems, mainly in: (a) With the advancement of the Internet + medical care, the future will be more systems will be accessed through the Internet, the hospital LAN will bring a great threat to the existence of certain security risks. The hospital's business system is unique, applied within the hospital, through the management and control of the internal LAN, can basically guarantee the security and stability. However, as various departments require hospitals to report relevant data in real time, although most of the dedicated line to complete the data transmission, but also through the public **** Internet reporting such as online booking, online and offline payment, etc., the hospital's management and security protection brings pressure. The hospital's current security protection equipment is relatively small, relying only on human passive processing, limited ability to resist.
(ii) Information security requires a certain amount of financial investment, which puts pressure on the hospital. Hospitals also through the purchase of related equipment on the hospital's information security for certain management, but these devices need to be constantly updated, the need for costs constantly invested, and because the price is too high and did not separately purchase the main system (operating system, database system, network antivirus) of the licensed software, there is no guarantee for security.
(C) security protection itself is a difficult problem, involving more points, the ordinary application of the ability to identify network threats and preventive awareness is not high, but also prone to hidden danger. And the current lack of hospital network management professional and technical personnel is also a factor in the existence of security protection risks.
Third, the next steps and recommendations
Through this self-examination, we will carry out the next step of rectification, through the improvement of the system, strengthen the training, the purchase of additional equipment, etc., so that the hospital information network security further strengthened. The next step we will still be against all levels of departments of the information network security requirements, the use of limited funds to do a good job of security protection, and gradually meet the requirements of information security management.
(a) Strengthen the information security organization and management. Improve the function of the information management organization, adhere to the regular thematic work conference, arrange the deployment of information network construction and security and other work. Inspection is normalized, through supervision and inspection, to enhance staff awareness of security protection.
(b) According to the actual implementation and changes in the situation, revise and improve the refinement of all kinds of rules and regulations, through the network propaganda, on-site guidance training, centralized training and other ways to improve the safety awareness of everyone in the network environment. Identify unsafe factors in the virtual environment.
(C) strict access rights settings to reduce security risks, strictly prohibit intranet users to use mobile media access, to eliminate the spread of viruses within the network.
(d) the development of hospital information technology construction plan to include information security projects, through step-by-step phased construction, and gradually meet the requirements of the level of protection. (I). Network security ideology work summary sample (three) (ii).2022 what universities in the country to open network security and law enforcement majors () (iii).2022 what universities in the country to open cyberspace security majors () (iv). Cybersecurity Education for Elementary and Middle School Students Afterthought Sample (5) (v). Cybersecurity Exam Questions and Answers Book (vi). Public Security Network Security Inspection Self-inspection Report Sample (3) (vii). School network security self-inspection report sample (four) (viii). Organizations and units of network security self-inspection report sample (two) (IX). The network security publicity slogan (ten). The network security publicity phrases