With the promotion of the mobile medical hot market and the guidance and great influence of the government Internet + on the entire medical industry , the Chinese medical industry is facing a new Internet ecological pattern from the hospital to the hospital. The resulting Internet security problem has become one of the biggest obstacles to this trend: on the one hand, pervasive mobile medical applications continue to penetrate in the medical industry without adequate security planning and security; on the other hand, the medical industry Resource Fortress---The hospital's long-term accumulation of in-house network and system management experience is faced with an endless stream of Internet applications lacking technical reserves and management experience. Therefore, the Internet is often rejected on the grounds of "security issues", but this "pushing down" After all, the war on the wall of the hospital has already begun. The dilemma facing “opening the hospital†For many medical and medical entrepreneurial teams and Internet giants such as BAT, they understand that the hospital's in-hospital information system is a gold mine, so there is a “opening the hospital†in the workshop, saying that as long as access to hospital data, mobile medical care is everything. It is possible. It should be said that “opening the hospital†is generally a trend, but we also need to recognize the following issues: 1. The current data of the hospital's internal system is not ideal, at least not as ideal as the Internet outside the hospital. The in-hospital information system has multiple systems coexisting and has not yet completed a relatively complete integration stage. For example, the “bus interface†project and the “patient main index†are now under construction in various hospitals; the electronic medical record is also in the “template + label†stage. Not enough "specialization", etc. 2. “Open the hospital†should consider the hospital's own informationization , including: network status and planning, security expectations and input, and Internet application requirements. It is best to be led by the hospital to plan this “opening the hospital†process instead of As it is now, the outside world (the Internet, etc.) is forced to "get through". The current situation is that the hospitals are like a white flowered thigh, and all kinds of mosquitoes have a blood tube: the department has the need to open an external service interface, and the appointment registration needs to open an interface, to make a payment and then open an interface. , chaos. 3. All hospital Internet+ that does not include a network security program are rogue . Most mobile medical service providers are carrying out the short-sighted mentality of “just killing, regardless of burial†in the process of pushing the Internet into the hospital. They have not stood in the long-term development position to help the hospital properly plan the connection between the internal network and the external network. After the network structure and security system, fortunately, most Internet security issues have just begun for the hospital, and security issues often appear less important before they erupt. Just as an industry insider who went to Guangdong to visit the health system in Beijing recently told the author, “These model hospitals in Guangdong do not say how the functions are implemented. Most of the hospitals have their network security configuration and deployment. I dare not follow up rashly." Brief Analysis of Common Forms of Internal and External Network Integration Construction under Safe Vacuum State At present, most security vendors in China mainly provide hospital internal network security solutions, and do not consider the security planning of Internet application services. However, hospitals rarely consider the construction and planning of Internet security systems outside the intranet, which actually makes the hospital Internet. The security requirements of the application are in near vacuum. Even under the current security vacuum, the hospital's internal and external network integration construction is still quietly under the dual pressure of “opening the hospital†and the budding development of the hospital Internet application demand. From the perspective of 54Doctor's internal and external network integration construction projects, the following three forms are basically included: The first type: physical isolation inside and outside the network The hospital Internet application service provider and the hospital internal information system provider have agreed on a unified interface file format, and both systems establish access file functions in the external network (Internet) and the intranet (in-home operation network, usually refers to the internal network carrying HIS) On the basis of complete physical isolation, the exchange and sharing of intranet information and external network information is realized by manually copying files. The physical isolation scheme of internal and external networks is a more common and pragmatic solution for the current Internet security vacuum period in hospitals. On the one hand, it solves the need for internal and external data sharing and non-real-time interaction between hospitals. On the other hand, this measure does not affect the current network structure of hospitals. In addition to special considerations for increasing labor, hospitals do not need to implement non- The demand for Internet applications for real-time information exchange increases the security burden of the hospital intranet and adds more security construction budgets to the information budget that is not relevant. For servers placed on external networks, hospitals often consider removing them from the hospital's network management, such as IDC that is completely unrelated to the hospital network or directly chooses cloud services. Of course, this kind of solution must be only an expedient measure under the current safety vacuum state. This solution can only be implemented as a transition plan from the technical point of view or the application demand point of view. Second: establish internal and external network connections through Gatekeeper (GAP) Gatekeeper (GAP) is a software and hardware system that provides security isolation between networks of different security levels (such as inside and outside the hospital) and provides moderately controllable data exchange. The gatekeeper can be simply understood as the use of the secure island mechanism to convert artificially copied data (files) into automatically acquired data (files). The purpose of the use of the gatekeeper is to protect the security of the internal network. The disadvantage is that the session between the networks cannot be formed and does not accept any External network request. The network gate scheme promotes the collaboration between the internal and external networks of the hospital and moves the manual data copy between the internal network and the external network into an automatic data transfer based on the gatekeeper setting. However, like the first solution, the gatekeeper solution does not consider the security of the server exposed to the Internet. However, due to the implementation of the gatekeeper solution, the external network server has to be included in the overall network planning of the hospital, so the hospital is investing in the gatekeeper. When the program is built, it is generally considered to add equipment such as firewalls to protect the external network. This program requires the hospital to have budget support. The third type: intranet extension, pre-server mode that supports interactive access The front-end server interacts with the Internet information in real time by building an internal network that supports interactive access to the web front-end server. This method is the most desirable way for BATs. There are a few hospitals that have adopted the “Safety System†and have adopted this method boldly. For many Internet applications with high real-time requirements, such as online registration (The main emphasis here is on the implementation of HIS registration results through the network, whether or not to make an appointment), prescription payment, mobile phone call number (for the implementation of bypass via SMS, etc.). In order to achieve this method, the hospital has the largest investment required, and the required safety matching system is also the most demanding. Refer to the current implementation of a more mature bank security solution, consider the following four aspects of security deployment: 1. Network layer : partition security domain, firewall system, intrusion detection system, network vulnerability scanning system, dialing monitor system, anti-denial service attack system. 2. System layer : host access control system, system vulnerability scanning system, virus prevention system. 3. Application layer : One-time password authentication system (this is too high for the internal system transformation, most systems are difficult to achieve), CA certification center. 4. Management : Develop a security management strategy, log analysis system, and establish a security management center. In addition, I would like to emphasize the importance of hospital unified Internet export: the complexity of hospital business, the Internet new media application demand represented by Internet portal, mobile app and WeChat public account is diversified, that is, all business departments It is hoped that independent or relatively independent Internet applications will be established. In the absence of security planning, they often establish connection channels between internal and external networks. This will only increase the difficulty of Internet security management and increase costs. The only way to connect to the Internet with the hospital portal (Portal) will be the future development trend. Hospital awareness of Internet security needs to be improved Not long ago, the elevator in Tongzhou, Hubei Province swallowed people, let people suddenly discover the importance of elevator safety. Some netizens compared the elevators in a shopping mall in Tokyo. After the cover was uncovered, there was a special protection device. There was no space for people to drop. What is more important is that the Japanese elevator has a very high security monitoring system, even if it is just clothes holding the elevator. The elevator will also stop working. In the words of the elevator industry: "The most expensive elevator is not the elevator itself, but various auxiliary safety devices." This sentence is also suitable for information systems, especially hospitals carrying a large number of patient privacy data and health information. Internet domain. When talking with the author about the network security of the hospital, the director of the information center of the top three hospitals in the country said that when the Ministry of Health pushed the safety level of the hospital in the past few years, several experts stood up directly against it: the hospital information construction work has been very complicated. And heavy, can not give up energy and then security and other security, it seems that the hospital's network security is of great significance, even if there is no waiting for security requirements should be done. The term “equal protection†as used herein refers to the “Notice of the General Office of the Ministry of Health on the comprehensive protection of the information security level of the health industry—Wei Jian Zhuang Letter [2011] No. 1126â€, requiring all units of the health industry to be in May 2012. The grading and filing of the information system of the unit will be completed 30 days ago. The safety protection level of the core business information system of the third-grade hospitals cannot be lower than the third level. In the past year, the central government established the “Central Network Security and Informatization Teamâ€, which was chaired by Xi Jinping. During the APEC meeting in Beijing in October of the same year, the Public Security Bureau and the Health Planning Commission respectively conducted the official website of the medical institution. Network security inspections and assessments, and new security requirements are proposed. The government's active promotion has the following effects on hospitals and industries: a. Many hospitals recognize the importance of cybersecurity b. At the same time, many hospitals find that their network systems lack technology and security systems to deal with Internet security. c. The hospital cuts the extranet from the hospital network system to improve the security level of the hospital network. For example, the Internet applications such as portals in the hospital are completely handed over to 54Doctor. Conclusion The call for hospital external application demand formed by “opening the hospital†is difficult to balance with the government Internet+ policy promotion and the weak Internet security system of the hospital. The hospital faces the choice of advancing the Internet without security guarantees. Application, leaving security issues to be resolved in the future; or fully protect the internal network, grasp the big and small, through the internal and external network physical isolation to achieve some applications first? In the final analysis, the lack of adequate understanding of security and the lack of funding budgets for hospital Internet security has become an obstacle to the development of hospital Internet+. The author is here to help the hospital to ask, squatting with the "big brothers" of the "opening the hospital", you can send this free of charge, can help to send the Internet security program free of charge? Really is an opportunity. Robusta Coffee Beans,Robusta Green Bean,Robusta Green Coffee Beans,Raw Robusta Coffee Beans YUNNAN H.C.IMPORT & EXPORT CORP , https://www.hccoffeebean.com