医院自助终端设备网络安全风险评估及防御  被引量：1

作　　者：孙保峰[1] 李郁鸿[1] 葛晓伟 杨扬[1] SUN Baofeng;LI Yuhong;GE Xiaowei;YANG Yang(First Affiliated Hospital of Zhengzhou University,Zhengzhou 450002,Henan,China)

机构地区：[1]郑州大学第一附属医院,河南省郑州市450002

出　　处：《中国卫生信息管理杂志》2024年第4期499-505,共7页Chinese Journal of Health Informatics and Management

基　　金：河南省医学科技攻关计划软科学重点项目“公立医院多院区智慧MDT管理体系的构建与应用”(RKX202201007);河南省医学科技攻关计划项目“高质量发展趋势下大型公立医院电子病历及智慧医院效果评估和方案优化研究”(RKX202202021)。

摘　　要：目的 降低医院自助终端设备的网络安全风险,增强医院网络安全防护能力,保障信息系统稳定运行和医疗数据安全。方法 以河南省某大型三级甲等医院为例,梳理自助终端设备类型和功能,分析其网络安全风险,参照通用漏洞评分标准(CVSS3.0)进行量化评估,将其分为高风险、中风险、低风险和暂无风险4类,从人员、技术、物理3个层面进行安全整改和加固,消除院内自助终端设备的中、高风险。结果 完成了一院四区内948台自助终端设备的网络安全风险评估,通过安全整改和加固,中、高风险自助终端设备数量由692台降为0台,对整改前后存在安全风险的自助终端设备数量统计分析,差异有统计学意义(P<0.05)。结论 对自助终端设备进行网络安全风险评估、安全整改加固,有利于提升医院网络安全防护水平,保障医院信息系统稳定、安全运行。Objective To reduce the network security risks of self-service terminal devices in the hospital,enhance the hospital’s network security protection capabilities,and ensure the stable operation of information systems and the security of medical data.Methods Taking a large Grade hospital in Henan Province as an example,this paper analyzes the common security risks faced by self-service terminals and evaluates the security risks quantitatively based on the Common Vulnerability Scoring System(CVSS3.0).According to the quantitative results,the self-service terminals are classified into four categories:high risk,medium risk,low risk and no risk.Finally,strengthen security measures from the perspectives of personnel,technology and physical aspects to eliminate the medium and high risks of self-service terminal devices within the hospital.Results Complete a network security risk assessment of 948 self-services terminal devices,and reduce the number of medium and high-risk self-service terminal devices from 692 to 0 through security improvements and reinforcements.The statistical analysis of the number of self-service terminal devices with safety risks before and after rectification shows a significant difference(P<0.05).Conclusion Conducting network security risk assessments,security improvements and reinforcements on self-service terminal devices is beneficial for enhancing the hospital’s network security protection level and ensuring the stable and secure operation of hospital information systems.

关 键 词：智慧医院 自助终端设备 网络安全 风险评估 

分 类 号：R-058[医药卫生] R197.3