The informatization of medical services is an international development trend. It is also an important content and necessary path of China's medical reform. With the rapid development of information technology, more and more enterprises and medical institutions are joining the wave of medical informatization construction.
Behind the popularity of internet healthcare, medical information security issues are closely related. In recent years, information security incidents in the medical industry such as extortion, mining, and medical information leakage targeting hospitals have emerged one after another, and hospital information systems have become one of the key targets of illegal hackers.
This report is released by Tencent Smart Security Research, and the Information Management Professional Committee of the China Hospital Association (CHIMA) provides a survey report on the informationization status of the medical industry. Based on big data, both parties conducted an objective and quantitative assessment of the security situation of the medical industry, conducted an in-depth analysis of typical security threats and potential security risks faced by the medical industry, and attempted to guide industry security governance and avoid potential security risks, Improve the level of safety management.
The report is based on security big data and third-party authorized or publicly available information and data, combined with sampling analysis/survey reports and other methods, and comprehensively organized and analyzed. It mainly selects large and medium-sized hospitals with high informatization level and strong management level as reference objects, covering 956 tertiary and first-class hospitals, 7 third-party medical service platforms, including 92 authorized websites, 79 patient apps (Android version) and other external network assets. In addition, this report also refers to the '2017 2018 Survey Report on the Informatization Status of Chinese Hospitals' (hereinafter referred to as the 'Survey Report') released by the Information Management Professional Committee of the Chinese Hospital Association (CHIMA).
Since the promulgation of the Cybersecurity Law of the People's Republic of China, under the guidance of the Health Commission, the level of hospital information security construction in China has been continuously improving. Overall, the national medical industry index is at a good level (759 points).
However, since 2018, the frequency of attacks on China's medical system has shown a significant upward trend, and the medical information security environment is not optimistic. The threat of security issues such as hacker intrusion attacks and information leakage to public institutions such as hospitals cannot be ignored.
From the perspective of the security index, the awareness of information security construction in the medical industry is weak, and core data lacks effective security protection. The main problems are:
There are many open asset ports in the cyberspace, which pose significant risks. For example, the proportion of remote login services is as high as 50%;
There are many security risks associated with external computers, which may provide opportunities for unauthorized visitors;
The vulnerability of online service platforms and third-party medical service platforms can increase the risk of medical data leakage;
The medical industry has become the main target of ransomware attacks, posing a challenge to the continuity of medical business.