Today, the hospital network system has become the main target of hacker attacks. 2015, the United States due to network attacks and hospital information disclosure of patient information up to more than 100 million, for which, IBM will be called the year of security vulnerabilities in 2015. In early 2016, the network attacks hospital events. The network system of MedStar, a chain hospital in Washington, DC, was infected with an unknown virus, and the hospital had to shut down the entire network in order to prevent the spread of the virus.
针对日益严重的网络攻击问题，近日，Medscape（美国著名的专业医学搜索引擎网站）专访了护理博士、工程硕士Satish M. Mahajan。Mahajan介绍，医护人员在工作中很可能由于自己的失误而为黑客开启了入侵大门。结合自己的工程学和医学背景，Mahajan常常为医院员工进行培训，指导他们如何预防网络攻击。
In response to the growing problem of network attacks, recently, Medscape (the famous professional medical search engine website) interview with the doctor of nursing, engineering master Satish M. Mahajan. Mahajan introduction, the medical staff in the work is likely to open the door for the hackers because of their mistakes. Combined with their engineering and medical background, Mahajan is often trained for hospital staff to guide them on how to prevent cyber attacks.
High incidence of hospital network attacks
When it comes to medical institutions and health care providers to become the object of network attacks, Mahajan introduction, which is mainly related to the motives of hackers. The main purpose of hackers to attack the hospital network is to obtain a high ransom, and sometimes may be out of revenge or show off their ability.
The main reason to become a target of a hospital, fancy. In order to protect the information security of patients, the hospital is often very cautious, but this is often counterproductive. For security purposes, some hospitals will choose to continue to use outdated equipment and technology, which often leads to slow and very fragile network system, and thus become the target of hacker attacks.
Another cause of hospital network security incidents is the chain of personal information leakage. Hackers through access to personal health information records, and access to social security numbers, home address, contact telephone, insurance and other information. The theft of personal core information is called medical identity theft. This behavior can provide hackers with more fraud, access to a steady stream of ransom.
Hospital work has a strong openness, social interaction, urgency and high intensity, these characteristics of the hospital is easy to become the third factors of network attacks.
The hospital’s duty is to save lives, life, information security network security is directly related to the patient, for the hospital’s reputation. Therefore, when the network attack occurs, the majority of the hospital’s choice is to pay a high ransom to the hacker to redeem important data or restore the normal operation of the network system. This has also become a major factor contributing to the behavior of network attacks.
Typical network attack types
Mahajan said that from the hospital network attacks in the news reports will often hear these words: Extortion virus, rogue software and Trojan attacks.
The virus is a virus software, the virus can penetrate into the target system, the system will be a number of functions and data encryption, resulting in users can not use. Hackers receive the user’s ransom, and then unlock the system. MedStar chain hospital is one of the victims of extortion attacks.
Rogue software is part of the computer operating system for malicious updates, and thus to achieve the purpose of destroying the network system. This attack can result in complete paralysis or partial paralysis of the network system. Some rogue software for the purpose of advertising, so that users confused, but also reduce the efficiency of work.
When a computer user tries to download some updates, they may inadvertently log on to an informal site, and then download to the malware. When a user installs a new program, the malware is installed in the computer system.
美国负责监控全国基础架构的计算机应急响应小组（US Computer Emergency Readiness Team，US Cert）发布警告称，当用户看到“电脑受到病毒感染，点击此处进行处理”、“电脑因访问非法内容而被加锁，支付赎金以解锁电脑”、“电脑中的数据已经被加密，务必在72小时之内支付赎金以赎回数据”等警示时一定要提高警惕，这都是典型的网络攻击行为。
The United States is responsible for monitoring the national infrastructure of the computer emergency response team (US Computer Emergency Readiness Team, US Cert) issued a warning that, when the user see the computer is infected, click here , computer for accessing illegal content is locked, pay the ransom in order to unlock the computer , computer data has been be sure to be encrypted, within 72 hours to pay the ransom to redeem the data warning must be vigilant, this is a typical network attack behavior.
Hacker attack on the way to the hospital
Mahajan introduction, all network attacks are starting from the system vulnerabilities, these vulnerabilities are the most concerned about the local hackers. These vulnerabilities are often caused by human malicious. For example, the user inadvertently opened an illegal website, and downloaded a program, when the program is installed to the computer, the virus began to spread, the system has a serious loophole. In addition, the hacker will be in the form of e-mail, the virus will be sent directly to the target user. Once the message is turned on, the virus is embedded in the user’s computer.
Some of the best hackers will also take some more complex ways to create system vulnerabilities. They will be concerned about the edge of some organizations, from their open to the public system in the open interface. Once the open interface, hackers will write malicious programs and sent to the server, which makes it spread throughout the network system.
For medical institutions, hackers tend to take identity posing approach to obtain important information. For example, hackers can use the phone or a more direct way to obtain some key information (such as e-mail addresses, etc.), and then attack the hospital network system. In this case, the vigilance of the medical staff is often relatively low, because it is very common for them to ask questions from a strange patient. In a hurry, they are likely to reveal important information about individuals or units without identity verification.
How to prevent network attacks
Mahajan introduction, and now, most of the devices in the clinic will need a network connection. Server security and encryption protection is an important consideration in the design of the product, so the source of network security is the supplier. In the process of installation and commissioning of the equipment, the hospital network security department has the responsibility to actively cooperate with them, from the perspective of clinical use of possible security vulnerabilities to prevent network attacks.
As a registered nurse, Mahajan from their own point of view, medical staff need to receive the necessary network security training. Training should include how network attacks occur and how to prevent them. Mahajan introduction, his hospital for all health care personnel information systems, security and privacy training to ensure that employees can carry out a secure network of internal and external contacts. The hospital uses the way of video to tell the doctors and nurses in some cases (especially in receiving the mail and telephone conversations) what response should be made.
Mahajan introduction, for security reasons, the majority of the hospital is the choice of the network layer. The core layer is a robust and secure network system, which is used in patient information storage and communication system, such as electronic medical record system. The second level is a general network that allows employees to communicate with colleagues or other hospital personnel in the form of e-mail. The third level is the lowest level of public security network, such as the official website, to receive patient visits.
Medical staff should always pay attention to the level of network they are using. In the use of e-mail, access to the site, personal communication or use the network to monitor patients, we must choose the right network system. At the same time, the medical staff should be careful to download and apply Dropbox (network file synchronization tool), TeamViewer (remote control program) and other procedures. In general, an information Engineer will conduct a security assessment of these programs in an isolated network environment to determine their security before they are delivered to the end user.
Mahajan pointed out that once the hacker learned that a computer system contains important information, their next move is to try to use the account login system. This step requires a password, then, the high-level password settings for the prevention of hacker attacks is particularly important. A high level of security is usually a combination of letters, numbers and special symbols. High level security password will greatly increase the amount of decryption of hackers, and then let it give up the attack.
After the attack
If the medical staff think they clicked on non-standard websites, software or malicious fraud information received, all operations (provisional should immediately cease all operations, but not closed system), have opened the don’t close, and work to the supervision personnel, personnel information immediately report. Mahajan stressed that the last access information can help staff quickly find the root cause.
Mahajan introduction, under normal circumstances, when the network security problems, most hospitals have spare equipment and network systems to ensure that the normal work order after the outbreak occurs. When the damage is serious, the standby equipment can not replace, the hospital can only choose to return to the paper work. For all kinds of equipment failures and emergency situations, the hospital should develop a standard response procedures.
Mahajan said that after the network attack, the practice of the hospital is usually divided into two kinds. One is to try not to let more people know, but quickly organize professionals to deal with, repair and strengthen the network system. The other is to let all the health care workers use the system to know the problem, and to raise vigilance on similar issues. Mahajan believes that the second approach is more appropriate. This can improve the vigilance of employees, so that they learn how to observe and report abnormal conditions, improve the response and efficiency of the accident.
Mahajan, let the nursing staff responsible for hospital information technology has obvious advantage because of their work, familiar with the medical institutions in the total group process is more, but only with nursing knowledge is unable to solve the problem of network security in information technology or related. At this time, it is necessary to further study the knowledge of information technology. Further study, can let the nursing staff to master the basic computer hardware, software and application system, master the maintenance of network security operation method, so as to play a more important role.
来源：医院管理论坛报 作者：本报记者 赵艳 编译
Source: Hospital Management Forum Author: reporter Zhao Yan compiled
(original article reprint authorized)
Hospital management, Medical Tribune authority public No.
And its CN13-0075 Youfadaihao 17-20 WeChat ID:yyglltb according to the two-dimensional code concern
The author of the article has set up the need to be able to leave a message
Sweep the concern of the public, WeChat