Measures for the management of network information security of medical institutions nationwide will be promulgated

2025年1月25日 | admin | history

  "The national management measures for network information security of medical institutions are being drafted and will be introduced soon." A source recently told the Economic Information Daily at the China Internet Conference that after the outbreak of the COVID-19 epidemic, the global medical and health data were frequently attacked by hackers, and China began to pay attention to the value of medical and health data, hoping to improve the overall security level of medical and health data through multi-dimensional methods such as legislation and strengthening supervision.

  Medical health data is widely used.

  Medical and health data are widely used in various scenes of daily life. For example, through big data, we can efficiently analyze the ingredients, dosage and time, and find the best combination of rational drug use; Through a large number of clinical data for scientific analysis to find the cause, and clinical cause analysis and chronic disease monitoring; Genomic analysis of rapid screening and prediction of diseases and potential genetic defects through a large number of gene sequence analysis; After collecting remote disease data from patients, combined with a large number of clinical etiology data analysis, remote medical diagnosis and treatment is realized; Collect data through smart wearable devices to realize the detection of human vital signs, early warning of potential health risks and health management; Apply big data and other algorithms to formulate medical insurance payment standards, and conduct accurate medical insurance decision analysis based on this.

  Wang Kai, deputy director of the Institute of Hospital Management of the Health and Health Commission, said that the medical industry is related to the national economy and people’s livelihood. Once medical data is tampered with, destroyed and leaked, it will definitely pose a serious threat to the reputation of medical institutions, the privacy and health safety of both doctors and patients, and even affect social harmony and stability.

  Kai Wei, deputy director of the Institute of Cloud Computing and Big Data of China ICT Institute, told the reporter that based on the sensitivity of medical big health data, since 2016, the state has successively issued a number of medical health data security policies to regulate, including Guiding Opinions on Promoting and Regulating the Development of Health Medical Big Data Applications, Administrative Measures for Internet Diagnosis and Treatment, Administrative Measures for Internet Hospitals, Administrative Regulations for Telemedicine Services, and Administrative Measures for National Health Medical Big Data Standards, Security and Services.

  "Even with so many regulations, medical and health data security incidents occur frequently, and the data security situation is very serious." He said that especially after the epidemic, the risk of data security has further intensified.

  Health data security risks have intensified after the epidemic.

  In April 2020, the World Health Organization issued a statement saying that the number of cyber attacks during the epidemic increased five times year-on-year. Chianxin Group released a series of network security reports, pointing out that after the outbreak of the epidemic in 2020, the medical and health industry surpassed the government, finance, national defense, energy, telecommunications and other fields for the first time in the history, and became the primary target of global APT (cyber attacks and invasions launched by hackers for the purpose of stealing core data). 23.7% of APT events in the world are related to the medical and health industry. China surpassed the United States, South Korea, the Middle East and other countries and regions for the first time and became the primary regional target of global APT activities.

  Xiao Xinguang, chairman of Antian Science and Technology Group, revealed that during the fight against the epidemic, China’s health care system, vaccine research institutions, research institutes, etc. have frequently encountered network intrusion attacks. In April, 2020, the source code of China medical company AI testing Covid-19 technology experiment data was stolen and sold by hackers.

  During the epidemic period, information leakage incidents of individuals and patients in medical institutions are more frequent. In January, 2020, the leaders of a city health management department forwarded the COVID-19 patient report through WeChat. In November, 2020, in order to remind a unit within its jurisdiction to do a good job in epidemic prevention, the leader of an urban health management department forwarded the "Brief Introduction of Suspected Secret Access Investigation" to WeChat, causing the units within its jurisdiction to send this information in large numbers.

  In addition, the remote network diagnosis and treatment method has been widely accepted after the epidemic, and many hospitals across the country are applying for Internet hospitals and smart hospitals. Insiders pointed out that the unsafe risk of medical and health data may be further aggravated due to the use of the network to transmit diagnostic data, photos and other information.

  It is reported that the current medical health insecurity risks are mainly reflected in eight aspects.

  First, online medical data: health medical data such as inspection reports, diagnosis results and past medical history are at risk of illegal access, stealing, tampering and malicious uploading due to vulnerability attacks and virus infections;

  Second, medical associations access data: in the process of accessing and browsing sensitive data, medical associations and third-party service organizations may lead to the risk of disclosure of important information such as doctor-patient privacy;

  Third, clinical research data: clinical research data involves demographic data, inspection information, inspection information, drug orders, diagnostic information, cases and patient reports. Once leaked during transmission, the consequences will be very serious;

  Fourth, medical insurance data: medical insurance data involves docking with third-party institutions, and faces security risks in system docking, data transmission, data use, data storage, data destruction and other links;

  Fifth, medical equipment maintenance data: when medical device manufacturers maintain telemedicine equipment, the data will face security risks such as unauthorized access, unsafe links, disclosure of private data, improper maintenance records, etc.

  Sixth, the data of health big data center: the lack of classification and grading mechanism leads to data security risks such as illegal login, unauthorized access, abnormal access, impersonation query, batch theft, and plaintext disclosure;

  Seventh, wearable health device data: wearable device data has different levels of security risks in the stages of collection, storage and use;

  Eighth, medical health APP data: mobile applications involve many online health care services, and there are hidden dangers of revealing personal health status data, payment data, health resource data and public health information.

  Improve the overall level of data security in multiple dimensions

  "There are also some health-sensitive data that are illegally leaving the country. The leader of a well-known domestic hospital reached a cooperation agreement with a foreign company to illegally launch a sensitive data research project. The foreign company has remote unrestricted access to the sample data of the research project. " An industry insider pointed out that in the face of complex situations, medical institutions and other relevant departments need to improve the overall level of medical health data security in multiple dimensions.

  Kai Wei pointed out that, on the one hand, we should strengthen supervision and promote the formulation and improvement of data security management measures in the health care industry. On the other hand, we should formulate and improve the supporting standard system of medical and health data security, establish an industry cooperation mechanism, and make collaborative innovation and open sharing.

  "The Beijing Municipal Commission of Health and Wellness has formulated a supervision platform for Internet hospitals in Beijing, requiring medical institutions that carry out Internet diagnosis and treatment services in Beijing to connect with the supervision platform and accept the supervision of the platform." Zheng Pan, deputy director of the Information Center of the Beijing Municipal Health and Wellness Commission, said that as of June this year, 19 Internet hospitals had been approved in Beijing, and all of them had been docked with the supervision platform.

  It is reported that the contents of the Internet hospital supervision platform include upgrading the established electronic registration platform for medical administration and management, and realizing the management of medical resources such as institutions, doctors, nurses’ electronic certificates, ambulances and medical advertisements; Build a medical service and practice supervision platform to realize real-time dynamic supervision of Internet hospital approval and Internet diagnosis and treatment; Construction of medical services and practice supervision platform, construction of medical services, diagnosis and treatment behavior and other information collection system and data display system, to achieve the supervision of medical resources and medical services in physical medical institutions.