| classroom building safety network from hackers

如今,医院网络系统已经成为黑客攻击的主要目标。2015年,美国医院因网络攻击而泄露的患者信息记录多达1亿多条,为此,IBM将2015年称为“安全漏洞年”。2016年年初,网络攻击医院事件频发。位于美国华盛顿地区的连锁医院MedStar的网络系统遭到了未知病毒感染,为防止病毒传播,该院不得不关闭整个网络系统。
Today, the hospital network system has become the main target of hacker attacks. 2015, the United States due to network attacks and hospital information disclosure of patient information up to more than 100 million, for which, IBM will be called the year of security vulnerabilities in 2015. In early 2016, the network attacks hospital events. The network system of MedStar, a chain hospital in Washington, DC, was infected with an unknown virus, and the hospital had to shut down the entire network in order to prevent the spread of the virus.
针对日益严重的网络攻击问题,近日,Medscape(美国著名的专业医学搜索引擎网站)专访了护理博士、工程硕士Satish M. Mahajan。Mahajan介绍,医护人员在工作中很可能由于自己的失误而为黑客开启了入侵大门。结合自己的工程学和医学背景,Mahajan常常为医院员工进行培训,指导他们如何预防网络攻击。
In response to the growing problem of network attacks, recently, Medscape (the famous professional medical search engine website) interview with the doctor of nursing, engineering master Satish M. Mahajan. Mahajan introduction, the medical staff in the work is likely to open the door for the hackers because of their mistakes. Combined with their engineering and medical background, Mahajan is often trained for hospital staff to guide them on how to prevent cyber attacks.
医院网络攻击高发原因
High incidence of hospital network attacks
为何需要建立安全意识教育计划?
谈到医疗机构和医护人员成为网络攻击对象的原因,Mahajan介绍,这主要与黑客的动机有关。黑客攻击医院网络的主要目的是索取高额赎金,有时也可能是出于报复或炫耀个人能力。
When it comes to medical institutions and health care providers to become the object of network attacks, Mahajan introduction, which is mainly related to the motives of hackers. The main purpose of hackers to attack the hospital network is to obtain a high ransom, and sometimes may be out of revenge or show off their ability.
成为攻击目标的首要诱因是医院的“自作聪明”。为保护患者信息安全,医院往往是非常谨慎的,然而这常常适得其反。出于安全目的,有些医院会选择继续使用过时的设备和技术,这往往导致网络系统反映迟缓且非常脆弱,进而成为黑客攻击的目标。
The main reason to become a target of a hospital, fancy. In order to protect the information security of patients, the hospital is often very cautious, but this is often counterproductive. For security purposes, some hospitals will choose to continue to use outdated equipment and technology, which often leads to slow and very fragile network system, and thus become the target of hacker attacks.
导致医院网络安全事件的另一诱因是个人信息的连锁泄露。黑客通过获取个人健康信息记录,进而获得社会安全号码、家庭住址、联系电话、保险等多个信息。这种获取个人核心信息的盗窃行为被称为“医疗身份盗窃”。这种行为可以为黑客提供更多的诈骗途径,获取源源不断的赎金。
Another cause of hospital network security incidents is the chain of personal information leakage. Hackers through access to personal health information records, and access to social security numbers, home address, contact telephone, insurance and other information. The theft of personal core information is called medical identity theft. This behavior can provide hackers with more fraud, access to a steady stream of ransom.
医院工作具有较强的开放性、社会互动性、紧迫性和高强度性,这些工作特点是医院容易成为网络攻击目标的第三个因素。
Hospital work has a strong openness, social interaction, urgency and high intensity, these characteristics of the hospital is easy to become the third factors of network attacks.
医院的职责是治病救人,网络安全直接关乎患者的生命、信息安全,关乎医院的声誉。因此,当发生网络攻击时,多数医院的选择是向黑客支付高昂的赎金,以赎回重要数据或恢复网络系统的正常运转。这也成为助长网络攻击行为的又一大重要因素。
The hospital’s duty is to save lives, life, information security network security is directly related to the patient, for the hospital’s reputation. Therefore, when the network attack occurs, the majority of the hospital’s choice is to pay a high ransom to the hacker to redeem important data or restore the normal operation of the network system. This has also become a major factor contributing to the behavior of network attacks.

典型的网络攻击类型
Typical network attack types
Mahajan表示,从关于医院网络攻击的新闻报道中经常会听到这几个关键词:“勒索病毒”、“流氓软件”和“木马攻击”。
Mahajan said that from the hospital network attacks in the news reports will often hear these words: Extortion virus, rogue software and Trojan attacks.
勒索病毒是一款病毒软件,该病毒可以渗透到目标系统中,将系统的某些功能和数据进行加密,导致用户无法使用。黑客在收到用户的赎金后,再对系统进行解锁。MedStar连锁医院就是勒索病毒攻击的受害者之一。
The virus is a virus software, the virus can penetrate into the target system, the system will be a number of functions and data encryption, resulting in users can not use. Hackers receive the user’s ransom, and then unlock the system. MedStar chain hospital is one of the victims of extortion attacks.
流氓软件是对部分计算机操作系统进行恶意更新,进而达到破坏网络系统的目的。这种攻击可以导致网络系统完全瘫痪或部分瘫痪。有的流氓软件则以广告宣传为目的,使得用户困惑不已,同时工作效率也严重降低。
Rogue software is part of the computer operating system for malicious updates, and thus to achieve the purpose of destroying the network system. This attack can result in complete paralysis or partial paralysis of the network system. Some rogue software for the purpose of advertising, so that users confused, but also reduce the efficiency of work.
当计算机用户尝试下载某些更新程序时,他们可能在无意间登录到非正规的网站,进而下载到恶意软件。当用户安装新程序时,这些恶意软件就被安装到计算机系统中。
When a computer user tries to download some updates, they may inadvertently log on to an informal site, and then download to the malware. When a user installs a new program, the malware is installed in the computer system.
美国负责监控全国基础架构的计算机应急响应小组(US Computer Emergency Readiness Team,US Cert)发布警告称,当用户看到“电脑受到病毒感染,点击此处进行处理”、“电脑因访问非法内容而被加锁,支付赎金以解锁电脑”、“电脑中的数据已经被加密,务必在72小时之内支付赎金以赎回数据”等警示时一定要提高警惕,这都是典型的网络攻击行为。
The United States is responsible for monitoring the national infrastructure of the computer emergency response team (US Computer Emergency Readiness Team, US Cert) issued a warning that, when the user see the computer is infected, click here , computer for accessing illegal content is locked, pay the ransom in order to unlock the computer , computer data has been be sure to be encrypted, within 72 hours to pay the ransom to redeem the data warning must be vigilant, this is a typical network attack behavior.
黑客攻击医院的途径

保障游客信息安全覆水难收?

Hacker attack on the way to the hospital
Mahajan介绍,所有的网络攻击都是从系统漏洞开始的,这些漏洞是黑客最关注的地方。这些漏洞往往都是人为恶意造成的。比如,用户在无意中打开一个非法网站,并下载了某个程序,当该程序被安装到电脑后,病毒就开始传播,系统就出现了严重漏洞。另外,黑客还会通过邮件的形式,直接将病毒发送给目标用户。一旦邮件被打开,病毒就会植入到该用户的电脑中。
Mahajan introduction, all network attacks are starting from the system vulnerabilities, these vulnerabilities are the most concerned about the local hackers. These vulnerabilities are often caused by human malicious. For example, the user inadvertently opened an illegal website, and downloaded a program, when the program is installed to the computer, the virus began to spread, the system has a serious loophole. In addition, the hacker will be in the form of e-mail, the virus will be sent directly to the target user. Once the message is turned on, the virus is embedded in the user’s computer.
一些手段高明的黑客还会采取一些更为复杂的方法来制造系统漏洞。他们会关注某些组织的边缘机构,从它们对公众开放的系统中寻找公开接口。一旦发现公开接口,黑客们会编写恶意程序并发送给服务器,进而使其在整个网络系统中快速传播。
Some of the best hackers will also take some more complex ways to create system vulnerabilities. They will be concerned about the edge of some organizations, from their open to the public system in the open interface. Once the open interface, hackers will write malicious programs and sent to the server, which makes it spread throughout the network system.
针对医疗机构,黑客往往会采取身份冒充的方法获取重要信息。比如,黑客可以采用电话或更直接的方式获取一些关键信息(如邮箱地址等),进而攻击医院网络系统。在这种情况下,医护人员的警惕性往往比较低,因为接到陌生患者的问题咨询对他们来说是很常见的。匆忙之中,他们很可能就会在没有进行身份核定的情况下泄露重要的个人或单位信息。
For medical institutions, hackers tend to take identity posing approach to obtain important information. For example, hackers can use the phone or a more direct way to obtain some key information (such as e-mail addresses, etc.), and then attack the hospital network system. In this case, the vigilance of the medical staff is often relatively low, because it is very common for them to ask questions from a strange patient. In a hurry, they are likely to reveal important information about individuals or units without identity verification.
如何预防网络攻击
How to prevent network attacks
Mahajan介绍,现在,临床上多数设备都会需要网络连接。服务器的安全和加密防护是设计产品时的重要考虑因素,因此网络安全的源头工作在于供应商。在供应商安装和调试设备的过程中,医院网络安全部门有责任与他们积极配合,从临床使用角度讨论设备可能存在的安全漏洞,以预防网络攻击。
Mahajan introduction, and now, most of the devices in the clinic will need a network connection. Server security and encryption protection is an important consideration in the design of the product, so the source of network security is the supplier. In the process of installation and commissioning of the equipment, the hospital network security department has the responsibility to actively cooperate with them, from the perspective of clinical use of possible security vulnerabilities to prevent network attacks.
作为一名注册护士,Mahajan从自身角度出发强调,医护人员需要接受必要的网络安全培训。培训应包括网络攻击如何发生及如何预防。Mahajan介绍,他所在医院有针对全体医护人员的信息系统、安全和隐私保护培训,以确保员工能够进行安全的网络内外联络。医院采用视频的方式,形象地告诉医护人员在一些情况下(特别是在接收邮件和电话交谈中)应做出哪些应对反应。
As a registered nurse, Mahajan from their own point of view, medical staff need to receive the necessary network security training. Training should include how network attacks occur and how to prevent them. Mahajan introduction, his hospital for all health care personnel information systems, security and privacy training to ensure that employees can carry out a secure network of internal and external contacts. The hospital uses the way of video to tell the doctors and nurses in some cases (especially in receiving the mail and telephone conversations) what response should be made.
Mahajan介绍,出于安全考虑,多数医院的选择是将网络进行分层处理。核心层是一个坚固的、安全性能强大的网络系统,应用于患者信息储存和交流系统,如电子病历系统。第二层次是一般的网络,允许员工通过电子邮件等形式与同事或其他医院的人员进行联系。第三层次是安全级别最低的公共网络,如官网,以接待患者的访问。
Mahajan introduction, for security reasons, the majority of the hospital is the choice of the network layer. The core layer is a robust and secure network system, which is used in patient information storage and communication system, such as electronic medical record system. The second level is a general network that allows employees to communicate with colleagues or other hospital personnel in the form of e-mail. The third level is the lowest level of public security network, such as the official website, to receive patient visits.
医护人员应时刻注意自己正在使用的网络层级。在使用电子邮件、访问网站、个人交流或利用网络监控患者时,一定要选择正确的网络系统。同时,医护人员应谨慎下载和应用Dropbox(网络文件同步工具),TeamViewer(远程控制程序)等程序。通常,信息工程师会在一个孤立的网络环境中对这些程序进行安全评估,确定其安全后才会提供给终端用户。
Medical staff should always pay attention to the level of network they are using. In the use of e-mail, access to the site, personal communication or use the network to monitor patients, we must choose the right network system. At the same time, the medical staff should be careful to download and apply Dropbox (network file synchronization tool), TeamViewer (remote control program) and other procedures. In general, an information Engineer will conduct a security assessment of these programs in an isolated network environment to determine their security before they are delivered to the end user.
Mahajan指出,一旦黑客了解到某个计算机系统中包含有重要的信息,他们下一个动作就是尝试用账户登录系统。这个步骤就需要密码,这时,高等级的密码设置对于预防黑客攻击来说显得尤为重要。安全级别高的密码通常是字母、数字和特殊符号的组合。高级别的安全密码会大大增加黑客的解密工作量,进而让其放弃攻击行为。
Mahajan pointed out that once the hacker learned that a computer system contains important information, their next move is to try to use the account login system. This step requires a password, then, the high-level password settings for the prevention of hacker attacks is particularly important. A high level of security is usually a combination of letters, numbers and special symbols. High level security password will greatly increase the amount of decryption of hackers, and then let it give up the attack.
攻击发生之后
After the attack
如果医护人员认为自己点击了不规范的网站、软件或接收到恶意欺诈信息时,应立即暂定所有操作(停止一切操作,但不关闭系统),已经打开的网页也不要关闭,并立即向监管人员、信息工作人员报告。Mahajan强调,最后的访问信息可以帮助工作人员快速找到根本原因。
If the medical staff think they clicked on non-standard websites, software or malicious fraud information received, all operations (provisional should immediately cease all operations, but not closed system), have opened the don’t close, and work to the supervision personnel, personnel information immediately report. Mahajan stressed that the last access information can help staff quickly find the root cause.
Mahajan介绍,通常情况下,当网络安全出现问题时,多数医院都有备用的设备和网络系统以确保突发状况发生后保持正常的工作秩序。当损害比较严重,备用设备无法顶替时,医院只能选择回归纸质工作状态。针对各种设备故障和紧急突发情况,医院都应制定标准的应对程序。
Mahajan introduction, under normal circumstances, when the network security problems, most hospitals have spare equipment and network systems to ensure that the normal work order after the outbreak occurs. When the damage is serious, the standby equipment can not replace, the hospital can only choose to return to the paper work. For all kinds of equipment failures and emergency situations, the hospital should develop a standard response procedures.
Mahajan表示,发生网络攻击后,医院的做法通常分为两种。一种是尽量不让更多的人知道,而是迅速组织专业人员进行处理,修复和强化网络系统。另一种是让所有使用系统的医护人员都知晓问题所在,并对类似问题提高警惕。Mahajan认为,第二种做法更为恰当。这样可以提高员工的警惕性,让他们学会如何观察和报告异常情况,提高事故的响应和处理效率。
Mahajan said that after the network attack, the practice of the hospital is usually divided into two kinds. One is to try not to let more people know, but quickly organize professionals to deal with, repair and strengthen the network system. The other is to let all the health care workers use the system to know the problem, and to raise vigilance on similar issues. Mahajan believes that the second approach is more appropriate. This can improve the vigilance of employees, so that they learn how to observe and report abnormal conditions, improve the response and efficiency of the accident.
Mahajan介绍,让护理人员负责医院的信息技术具有明显的工作优势,因为他们对医疗机构中的共组流程较为熟悉,但仅仅具备护理知识是无法解决相关的信息技术或网络安全问题。此时,信息技术知识的进一步深造十分必要。进一步的学习,可以让护理人员掌握基本的计算机硬件、软件和应用系统,掌握维护网络安全的操作方法,从而发挥更重要的作用。
Mahajan, let the nursing staff responsible for hospital information technology has obvious advantage because of their work, familiar with the medical institutions in the total group process is more, but only with nursing knowledge is unable to solve the problem of network security in information technology or related. At this time, it is necessary to further study the knowledge of information technology. Further study, can let the nursing staff to master the basic computer hardware, software and application system, master the maintenance of network security operation method, so as to play a more important role.
来源:医院管理论坛报 作者:本报记者 赵艳 编译
Source: Hospital Management Forum Author: reporter Zhao Yan compiled
以前,在新员工入职培训中,信息安全的课程是比较粗糙乏味的。近来,我开始播放一些视频,以及让他们做些小问答,反馈很棒!
(原创文章 转载需获授权)
(original article reprint authorized)

六安市档案局网络与信息安全应急预案

医院管理论坛报|权威医管公众号

鄞州城管”三位一体”保障下井作业安全

Hospital management, Medical Tribune authority public No.
国内统一刊号CN13-0075邮发代号17-20 微信ID:yyglltb长按二维码关注
And its CN13-0075 Youfadaihao 17-20 WeChat ID:yyglltb according to the two-dimensional code concern
该文章作者已设置需关注才可以留言
The author of the article has set up the need to be able to leave a message
微信扫一扫关注该公众号
Sweep the concern of the public, WeChat

作为一个拥有全球规模和容量最大的信息网络基础设施和世界第一的网民数量的国家,在全球互联网日益普及和应用日益深化的大背景下,我国已经成为世界日益重要的互联网开发、应用和服务市场之一。

猜您喜欢

中国发布国家网络空间安全战略 将切实维护主权
网络信息安全好歌曲
网络安全公益短片之高级持续性威胁APT防范基础
篮协将对京骂等现象重罚 若屡犯不排除换主场
BODENSEEFERIEN REGET
首都网络安全日活动的经验应该走向全国