中国卫生信息管理杂志2024,Vol.21Issue(4) :499-505.DOI:10.3969/j.issn.1672-5166.2024.04.04

医院自助终端设备网络安全风险评估及防御

Assessment and Defense of Network Security Risks for Self-Service Terminals in the Hospital

孙保峰 李郁鸿 葛晓伟 杨扬
中国卫生信息管理杂志2024,Vol.21Issue(4) :499-505.DOI:10.3969/j.issn.1672-5166.2024.04.04
  • NETL
  • NSTL
  • 万方数据

医院自助终端设备网络安全风险评估及防御

Assessment and Defense of Network Security Risks for Self-Service Terminals in the Hospital

孙保峰 1李郁鸿 1葛晓伟 1杨扬1
扫码查看

作者信息

  • 1. 郑州大学第一附属医院,河南省郑州市,450002
  • 折叠

摘要

目的 降低医院自助终端设备的网络安全风险,增强医院网络安全防护能力,保障信息系统稳定运行和医疗数据安全.方法 以河南省某大型三级甲等医院为例,梳理自助终端设备类型和功能,分析其网络安全风险,参照通用漏洞评分标准(CVSS3.0)进行量化评估,将其分为高风险、中风险、低风险和暂无风险4类,从人员、技术、物理3个层面进行安全整改和加固,消除院内自助终端设备的中、高风险.结果 完成了一院四区内948台自助终端设备的网络安全风险评估,通过安全整改和加固,中、高风险自助终端设备数量由692台降为0台,对整改前后存在安全风险的自助终端设备数量统计分析,差异有统计学意义(P<0.05).结论 对自助终端设备进行网络安全风险评估、安全整改加固,有利于提升医院网络安全防护水平,保障医院信息系统稳定、安全运行.

Abstract

Objective To reduce the network security risks of self-service terminal devices in the hospital,enhance the hospital's network security protection capabilities,and ensure the stable operation of information systems and the security of medical data.Methods Taking a large Grade hospital in Henan Province as an example,this paper analyzes the common security risks faced by self-service terminals and evaluates the security risks quantitatively based on the Common Vulnerability Scoring System(CVSS3.0).According to the quantitative results,the self-service terminals are classified into four categories:high risk,medium risk,low risk and no risk.Finally,strengthen security measures from the perspectives of personnel,technology and physical aspects to eliminate the medium and high risks of self-service terminal devices within the hospital.Results Complete a network security risk assessment of 948 self-services terminal devices,and reduce the number of medium and high-risk self-service terminal devices from 692 to 0 through security improvements and reinforcements.The statistical analysis of the number of self-service terminal devices with safety risks before and after rectification shows a significant difference(P<0.05).Conclusion Conducting network security risk assessments,security improvements and reinforcements on self-service terminal devices is beneficial for enhancing the hospital's network security protection level and ensuring the stable and secure operation of hospital information systems.

关键词

智慧医院/自助终端设备/网络安全/风险评估

Key words

smart hospital/self-service terminal device/network security/risk assessment

引用本文复制引用

基金项目

河南省医学科技攻关计划软科学重点项目(RKX202201007)

河南省医学科技攻关计划项目(RKX202202021)

出版年

2024
中国卫生信息管理杂志
卫生部统计信息中心

中国卫生信息管理杂志

CSTPCD
影响因子:1.2
ISSN:1672-5166
参考文献量14
段落导航相关论文