An information security incident in a medical institution is equal to a national-level security threat. According to the data, more than 20% of enterprises encountered more than 50 information security incidents in 2019, while 42.4% of information security incidents caused business or medical service interruption, which may easily lead to the life-threatening risk of patients or personal data leakage. In Q1 of 2020, blackmail software threat incidents increased by 48% compared with the same period last year. In recent years, many hackers have targeted the key infrastructure to launch network attacks, resulting in large-scale interruption of people's livelihood services. How should medical institutions respond effectively?
Information Security Problems and Threats Faced by Medical Institutions
・ The system architecture and design method are outdated and the security is insufficient, and the intranet protection is weaker than the external network protection.
・ There is an account sharing problem, and the data read and write rights are not set.
・ Extortion software attacks result in service interruption and ransom circumstances.
・ Concerns about disclosure of patient's personal data.
The recent information security incidents faced by medical institutions mainly include unauthorized access, network connection interruption, system crash and malicious program attack. The research report shows that nearly 80% of the attacks cannot be detected by anti-virus software; it is necessary to understand the medical intranet architecture, implement the isolation domain and master the software and device account information, to construct a reliable security system as a foundation.
・ Access device compliance check
・ Control of non-compliant external equipment
・ Automatic check of IP, MAC, computer name, AD account number, switch, port, GPO, OS patch, virus code update, permit software, prohibited software, vulnerability and malicious program.
As medical institutions at all levels keep a multitude of personal data, they should assign designated personnel to handle security maintenance matters to prevent personal data from being stolen, tampered, damaged, lost, or leaked. In order to reach this goal, it is necessary to achieve device safety management, enforce a data security policy and develop a mature operation mechanism, retain a complete usage log; data trail; and evidence, and continuously improve the overall system of personal data security maintenance.
・ Provides the binding function of IP/Mac and computer name/asset type to record the IP usage information completely.
・ Confirms the user's identity, sets data access rights, and records the time of going online and offline.
・ Forces login in with an AD account to ensure full application of the GPO policy to prevent security vulnerabilities.
・ Records the complete switch/port usage path and quickly finds the equipment used.
・ Forces the installation of DLP software and anti-virus software in the terminal equipment to reduce the chance of data leakage.
・ Uses the AES-256 database for data trail collection, and retains the complete and encrypted backup copy for more than 5 years.
Information should be classified according to regulatory requirements; its value; and harmfulness, as well as its sensitivity to unauthorized disclosure or modification. A set of appropriate information labeling procedures; asset disposal procedures; and portable media management procedures should be developed and implemented according to the classification method adopted by the organization. When the media is no longer needed, formal procedures should be applied to eliminate them safely. The media containing information should be protected from unauthorized access, misuse, or damage during the transmission period.
・ Provides IP asset classification.
・ Automatically generates data trail.
・ Provides IP usage record and system operation record.
・ Provides important information of the IP protection mechanism to prevent data loss, destruction, forgery or alteration.
It includes the following items: access control policy, access to network and network services, user login and logout, user access configuration, privilege management, management of user's confidential authorized information, review of user's access rights, use of confidential authorized information, information access restriction, and secure login sequence.
・ Provides access control and private access device management, and reports on policy violation and abnormal events.
・ Provides IP/Mac binding management, IP/Mac time management and MAC/hardware fingerprint binding management
・ Provides the authentication mechanism.
・ Provides allowlist management and time configuration.
・ Provides the IP exception and MAC exception mechanism.
・ Provides AD management, adds or does not add AD management, AD domain logout management, online information, and rights for configurable internal and external networks.
・ Provides management, user and observer rights.