医疗器械产品网络安全能力的归一化综合风险评价数学模型  

作　　者：吴正善 马仁俊 林斌 沈晓华 刘妍立 吴云峰 WU Zheng-shan;MA Ren-jun;LIN Bin;SHEN Xiao-hua;LIU Yan-li;WU Yun-feng(Center for Drug Evaluation and Monitoring of Fujian,Fujian Fuzhou 350003;Xiamen University,Fujian Xiamen 361005)

机构地区：[1]福建省药品审评与监测评价中心,福建福州350003 [2]厦门大学,福建厦门361005

出　　处：《中国医疗器械信息》2024年第21期14-17,共4页China Medical Device Information

基　　金：福建省药品监督管理局科技项目(项目名称:基于风险控制的医疗器械网络安全能力实现及技术审评方法研究,项目编号:2022011)。

摘　　要：医疗器械网络安全能力影响到医疗器械产品的安全性和有效性。在医疗器械产品研发和注册申报过程中,需要结合预期用途和实际医疗使用场景进行适当配置,以减小可能的风险和伤害。研究基于香农信息熵理论,结合风险矩阵方法分析在实施控制措施情况下的风险可能发生频率和危害程度,建立了医疗器械网络安全能力的归一化综合风险评价数学模型。针对放射治疗用X射线图像引导系统的人员鉴别能力的实际应用评价结果来看,在考虑医疗器械的安装地点和使用场景等因素下,通过治疗前的人员鉴别替换使用过程的二次人员鉴别等控制措施,提高了可得性,增大了归一化香农信息熵值,同时降低归一化风险伤害评分,进而大幅提升归一化综合风险的定量评分结果。研究所建立的归一化综合风险评价数学模型有利于评估在实施适当的控制措施情况下,医疗器械网络安全能力的定量变化情况,为医疗器械产品的网络安全风险管理提供可靠的度量和计算依据。The network security capabilities of medical devices affect the safety and effectiveness of the medical device products.During the development and registration process of medical device products,appropriate configurations are required to made based on the intended use and actual medical usage scenarios to reduce potential risks and harm.This study uses Shannon’s information entropy theory,combines with the risk matrix method,and analyzes the potential frequency of occurrence and severity of harm after implementing some control procedures.This study establishes a normalized comprehensive risk assessment mathematical model for the network security capabilities of medical devices.In the practical application evaluation of personnel identification capabilities for X-ray image-guided systems in radiotherapy,considering the factors such as the installation location and usage scenarios of medical devices,the control procedures of replacing the secondary personnel identification during the machine operation with the personnel identification before treatment,have improved accessibility,increased the normalized Shannon information entropy value,and simultaneously reduced the normalized risk harm score,thereby significantly improving the quantitative scoring results of the normalized comprehensive risk.The normalized comprehensive risk assessment mathematical model proposed in this study is conducive to evaluating the quantitative changes in the network security capabilities of medical devices under the implementating appropriate control procedures,by providing a reliable measurement and computational basis for the network security risk management of medical device products.

关 键 词：医疗器械 网络安全 风险管理 数学模型 信息熵 

分 类 号：TN915.08[电子电信—通信与信息系统]