News Detail

National Medical Institution Network Information Security Management Measures Will Be Promulgated

Issuing time:2021-08-16 09:53

"The national medical institution network information security management measures are being drafted and will be issued soon." A source told the "Economic Information Daily" reporter at the China Internet Conference recently that after the outbreak of the new crown epidemic, global medical and health data were frequently hacked. , China has begun to attach importance to the value of medical and health data, hoping to improve the overall security level of medical and health data through legislative, strengthened supervision and other multi-dimensional methods.

  Medical and health data are widely used

  Medical and health data are widely used in various scenarios in daily life. For example, use big data to efficiently analyze drug components, dosage time, etc., to find the best combination of rational drug use; to find the cause of the disease through scientific analysis of a large amount of clinical data, and to perform clinical cause analysis and chronic disease monitoring; through a large number of gene sequences analysis, Genomics analysis for rapid screening and prediction of diseases and potential genetic defects; after remote disease data collection of patients, combined with a large number of clinical etiological data analysis to achieve remote medical diagnosis and treatment; data collection through smart wearable devices to achieve human vital signs detection, Early warning of potential health risks, health management; application of big data and other algorithms to formulate medical insurance payment standards, and perform accurate medical insurance decision-making analysis based on this, etc.

Wang Kai, deputy director of the Institute of Hospital Management of the National Health Commission, said that the medical industry is related to the national economy and people’s livelihood. Once medical data is tampered with, destroyed or leaked, it will inevitably pose a serious threat to the reputation of medical institutions, the privacy and health of both doctors and patients, and even Affect the harmony and stability of the society.

Wei Kai, deputy director of the Institute of Cloud Computing and Big Data of the China Academy of Information and Communications Technology, told reporters that based on the sensitivity of medical big health data, since 2016, the state has successively introduced many medical and health data security policies to regulate, including the "Regarding the Promotion and Guiding Opinions on Standardizing the Application and Development of Big Data in Health and Medical Care", "Management Measures for Internet Diagnosis and Treatment", "Management Measures for Internet Hospitals", "Management Regulations for Telemedicine Services", "National Health and Medical Big Data Standards, Security and Service Management Measures", Regulations on the Management of Human Genetic Resources, the Data Security Law and other laws and regulations.

   "Even with so many regulations, medical and health data security incidents are frequent, and the data security situation is very serious." He said, especially after the epidemic, the risk of data security has further intensified.

   Health data security risks have increased after the epidemic

   In April 2020, the World Health Organization issued a statement stating that the number of cyber attacks during the epidemic has increased by 5 times year-on-year. Qi Anxin Group released a series of cyber security reports that pointed out that after the outbreak of the epidemic in 2020, the medical and health industry has surpassed government, finance, defense, energy, telecommunications and other fields for the first time in the history of the epidemic, becoming a global APT (hackers aimed at stealing core information and targeting customers). Network attacks and intrusive behaviors). 23.7% of APT events worldwide are related to the healthcare industry. For the first time, China surpassed the United States, South Korea, the Middle East and other countries and regions, becoming the primary regional target of global APT activities.

   Xiao Xinguang, Chairman of Antiy Technology Group, revealed that during the fight against the epidemic, my country's health care system, vaccine research institutions, scientific research institutes, etc. have frequently encountered network intrusion attacks. In April 2020, the source code of the experimental data of the Chinese medical company's AI detection technology was stolen and sold by hackers.

  During the epidemic, incidents of personal and patient information leaks from medical institutions are more frequent. In January 2020, the leader of an urban health management department forwarded the new crown patient report through WeChat. In November 2020, the leader of an urban health management department forwarded the “Suspected Close Investigation Situation Profile” WeChat to remind a unit within the jurisdiction to do a good job of epidemic prevention, causing the unit within the jurisdiction to mass-publish this information.

   In addition, remote network diagnosis and treatment methods are generally accepted after the epidemic, and many hospitals across the country are applying for Internet hospitals and smart hospitals. Industry insiders pointed out that due to the use of the Internet to transmit diagnostic data, photos and other information, the unsafe risks of medical and health data may be further aggravated.

   It is reported that the current medical and health insecurity risks are mainly reflected in eight aspects.

   One is online medical data: health and medical data such as inspection reports, diagnosis results, past medical history, etc. have risks of illegal access, theft, tampering, and malicious upload due to vulnerability attacks, virus infections, etc.;

   The second is the access data of medical consortium: the medical consortium and third-party service organization personnel may be exposed to the risk of leakage of important information such as the privacy of doctors and patients during the process of accessing and browsing sensitive data;

   The third is clinical scientific research data: clinical scientific research data involves demographic data, inspection information, inspection information, drug orders, diagnostic information, cases, and patient reports. Once leaked during the transmission process, the consequences will be very serious;

  Fourth is medical insurance data: medical insurance data involves docking with third-party institutions, and faces security risks in the links of system docking, data transmission, data use, data storage, and data destruction;

  Fifth, medical equipment maintenance data: When medical equipment manufacturers perform remote medical equipment maintenance, the data will face security risks such as unauthorized access, insecure links, privacy data leakage, and improper maintenance record keeping;

   Sixth is the data of the health big data center: the lack of classification and grading mechanism leads to hidden data security risks such as illegal login, unauthorized access, abnormal access, pseudo-inquiry, batch theft, and plaintext leakage;

   Seven is wearable health device data: wearable device data has different levels of security risks in the collection, storage, and use stages;

   Eight is medical and health APP data: mobile applications involve many online health and medical services, and there are hidden dangers of leaking personal health status data, payment data, health resource data, and public health information.

   Multi-dimensional improvement of the overall level of data security

"There are also some health-sensitive data that are also illegally exiting the country. The leader of a well-known domestic hospital reached a cooperation agreement with a foreign company to illegally launch a sensitive data scientific research project. The foreign company has remote and unrestricted access to the scientific research project sample data. "An industry insider pointed out that in the face of complex situations, medical institutions and other relevant departments need to improve the overall level of medical and health data security in multiple dimensions.

  Wei Kai pointed out that on the one hand, we should strengthen supervision and promote the formulation and improvement of data security management measures for the health industry. On the other hand, it has formulated and improved a supporting standard system for medical and health data security, established an industry cooperation mechanism, and coordinated innovation and open sharing.

"Beijing Health Commission has formulated the Beijing Internet Hospital Supervision Platform, which requires that all medical institutions in Beijing that provide Internet diagnosis and treatment services need to connect with the supervision platform and accept platform supervision." said Zheng Pan, deputy director of the Beijing Health Commission Information Center, as of June this year. In May, Beijing approved 19 Internet hospitals, all of which have been connected to the monitoring platform.

It is reported that the contents of the Internet hospital supervision platform include upgrading the established electronic registration platform for medical administration and management, realizing the management of medical resources such as institutions, doctors, nurses electronic certification, ambulances, and medical advertisements; building a medical service and practice supervision platform, Realize the real-time dynamic supervision of Internet hospital approval and Internet diagnosis and treatment; build a medical service and practice supervision platform, build a medical service, diagnosis and treatment behavior information collection system and a data display system, and realize the supervision of medical resources and medical services of physical medical institutions.

Share to:
Add:Room 3-21401, Wangting International, No. 80 Gaoxin Road, High-tech Zone, Xi'an
HOME            SUPPORT           PRODUCTS            ABOUT US           NEWS