通讯作者: 杨扬, zdyxxyy@126.com

DOI：10.12201/bmr.202408.00065

Practice of cybersecurity risk management in large hospitals based on a situational awareness platform

• 摘要：目的/意义 分析大型医院态势感知平台网络安全风险事件，发现风险事件产生的原因、提出解决方法和改善建议。方法/过程 以某大型医院为例，对态势感知平台风险事件聚合分析，筛选医院内网风险终端，通过网络定位、漏洞利用、人工排查的方式对风险终端整改加固，分析风险终端的科室分布和成因，提出改善建议。结果/结论 医技科室风险终端数量较多，风险终端形成的主要原因是缺乏管理、未做到防病毒软件的全覆盖，通过对风险终端整改和加固，态势感知平台网络安全风险事件数量明显减少。加强医院终端安全管理，提升人员网络安全意识，分区加强网络安全防护，可有效降低医院网络安全风险事件数量，提升网络安全防护能力。

  关键词： 大型医院; 态势感知平台; 网络安全; 风险终端; 

   

  Abstract: Purpose/Significance Analyze network security risk events on the situational awareness platform of large hospitals, identify the causes of risk events, propose solutions and improvement suggestions. Methods/Process Taking a large hospital as an example, Risk events are aggregated based on situational awareness platform. Risky terminals within the hospital’s internal network are identified, and they are remediated and strengthened through network localization, exploitation of vulnerabilities, and manual inspection. This paper then analyzes the distribution of these risky terminals across different departments and investigates their causes, resulting in suggestions for improvement. Results/Conclusion The medical technology departments have a higher number of risky terminals, primarily due to inadequate management and the lack of comprehensive antivirus software coverage. After the remediation and reinforcement of risky terminals, the number of cybersecurity risk events on the situational awareness platform significantly decreases. By enhancing terminal security management in the hospital, improving personnel’s cybersecurity awareness, and implementing targeted cybersecurity measures in different zones, it is possible to effectively reduce the number of cybersecurity incidents in the hospital and boost its overall cybersecurity defenses.

  Key words: large; hospital, situation; awareness platform, network; security, risky; terminal

  提交时间：2024-08-27

  版权声明：作者本人独立拥有该论文的版权，预印本系统仅拥有论文的永久保存权利。任何人未经允许不得重复使用。
• html

• 图表

• 任子健, 沈绍武, 肖勇. 我国中医医院网络安全建设现状分析与思考. 2021. doi: 10.12201/bmr.202101.00006

  臧璆, 汪春亮. 基于安全等级保护的医院网络安全优化方案实践. 2021. doi: 10.12201/bmr.202107.00010

  李智一, 肖勇, 沈绍武. 湖北省中医医院网络安全建设现状分析与思考. 2023. doi: 10.12201/bmr.202312.00014

  肖勇. 我国中医医院网络安全建设历程及展望. 2021. doi: 10.12201/bmr.202108.00001

  高杨, 高文岳. 大数据视角下医学生网络信息安全素养培养策略研究*. 2020. doi: 10.12201/bmr.202004.00030

  吕裕霞. 基于SpringCloud框架的医院档案信息化管理平台探索与应用. 2021. doi: 10.12201/bmr.202110.00037

  孟晓阳. 医院近源网络攻击风险分析及对策建议. 2024. doi: 10.12201/bmr.202406.00008

  王博远, 苏宝愉, 陈夏威, 肖革新. 食品安全风险监测信息平台框架设计. 2020. doi: 10.12201/bmr.202008.00011

  牟书娟, 张绍林, 王元元. 基于医院信息平台及总线技术的“互联网+”服务体系建设实践. 2020. doi: 10.12201/bmr.202003.00310

  徐安琪, 韩娇娇, 徐一涵, 范春. 基于数字化转型平台的智慧医院建设规划与研究. 2020. doi: 10.12201/bmr.202009.00014

• 序号	提交日期	编号	操作
  1	2024-05-09	bmr.202408.00065V1	下载

• 公开评论  匿名评论  仅发给作者 提交评论