某三级甲等公立医院API接口安全监测实践与思考  

作　　者：孙保峰[1] 葛晓伟 杨扬[1] 李郁鸿[1] SUN Baofeng;GE Xiaowei;YANG Yang;LI Yuhong(Information Department,The First Affiliated Hospital of Zhengzhou University,Zhengzhou 450002,Henan Province,China)

机构地区：[1]郑州大学第一附属医院信息处,郑州450002

出　　处：《中国数字医学》2024年第7期115-120,共6页China Digital Medicine

基　　金：河南省医学科技攻关计划软科学重点项目(RKX202201007)。

摘　　要：目的:建立医院API接口资产台账,实现API接口的统一集中管理,并对API接口的运行状态进行实时监控,及时发现接口安全风险并整改,提升医院信息安全防护水平。方法:以某三级甲等公立医院为例,通过人工和系统识别相结合的方式,梳理医院API接口,建立台账,利用API接口监测设备对网络流量实时监测,识别安全风险并整改、加固。结果:实现了全院API接口的集中统一管理,提升了医院信息安全防护水平,保障医疗数据在信息系统间的安全共享和流通。结论:对API接口进行安全监测,有助于发现医疗机构应用系统安全风险,提升医疗机构网络安全防护能力,保障医疗数据安全。Objective To establish hospital API interface asset ledger,realize unified and centralized management of API interfaces,and monitor the operational state of API interface in real time,so as to discover and rectify interface security risks in time,improve the level of information security protection in hospitals.Methods Taking a tertiary Grade A public hospital as an example,the hospital API interfaces were sorted out and a ledger was established by integrating manual and systematic identification.By utilizing the API interface auditing equipment to monitor the network traffic in real time,identify security risks and rectify and strengthen them.Results The centralized and unified management of API interfaces in the whole hospital was realized.Through the traffic analysis of API auditing equipment,the hidden security risks existing in API interfaces were identified,rectified and strengthened,which improved the level of information security protection in the hospital and ensured the safe sharing and circulation of medical data among information systems.Conclusion The security monitoring of API interfaces is helpful to identify the security risks of application systems in medical institutions,improve their network security protection capability,and safeguard the security of medical data.

关 键 词：API接口 安全监测 资产梳理 API接口监测 风险处置 

分 类 号：R197.32[医药卫生—卫生事业管理] R319[医药卫生—公共卫生与预防医学]