Unified security management and operation and maintenance audit solution for medical industry
Industry pain points and needs
With the rapid development of information construction in China, the development of medical and health information has also entered a period of accelerated development. From the early stage of single machine and single user application to the application of department level and hospital level management information system; From the center of finance, medicine and management to the application of clinical business support and electronic medical record centered on patient information; From limited application in hospital to regional medical informatization application. Multi business integration builds a complex application and digital process of medical information. With the application of his, RIS, LIS, CIS, PACS, CPR and other systems, it provides an information foundation for the efficiency, quickness and convenience of the medical and health industry, eliminates the phenomenon of "three long and one short", and effectively solves the problem of "difficult to see a doctor" for the masses.

The high concentration of information makes the security of data more and more valued. As an important industry related to people's livelihood, once the data is leaked, it will have a negative impact on the society and become a hot issue concerned by public opinion and the media. Driven by huge commercial interests, the databases of the medical industry have to face the double containment of internal and external threats, especially the illegal "unified party" behavior for commercial purposes, which not only has a serious impact on the public image and authority trust of the hospital, but also divulges personal information and damages the personal interests of patients, Make the originally tense topic of doctor-patient relationship further.

Industry demand
Through the investigation of the actual situation of many hospitals, the hospitals are mainly faced with the following problems:
1. More and more people have access to core data, including internal IT operation and maintenance personnel, medical personnel, third-party outsourcing operation and maintenance companies and application developers. How to supervise and audit the operation of core assets so that legitimate people can do legitimate things;
2. The means of illegal party unification are specialized and diversified. From the source, medical staff, pharmacies and operation and maintenance personnel have the opportunity to complete the party unification. From the means, from the early manual party unification to professional party unification software, the party unification can be completed very quickly by running the program on one terminal. How to supervise and audit the operation of core assets, Preventing the leakage of information is a pain point that the hospital has been pressing to solve.
The above two problems can not be solved through the existing network level security products. From the root analysis, these two problems are actually related to the data and management system of the application system. The above problems can not be solved simply by the underlying network security products, which can be summarized into the following reasons:
1. The management of various user names and passwords in the internal core system of the enterprise is loose;
2. After a security incident occurs, it is impossible to quickly and accurately locate the source of the incident, let alone stop it in time;
3. No operation records can be audited afterwards. Therefore, I don't know how to patch the security vulnerabilities of the system;
4. Due to the lack of one-to-one identity authentication, even if the source of the security incident is found, it can not locate the natural person.
Our programme

To completely solve the above two pain points and ensure the safety of core information such as hospital clinical and drug unified prescription, Hangzhou Palladium Network Technology Co., Ltd. has independently developed the "Palladium unified safety management and comprehensive audit system". The system mainly includes four core functions: authentication, account number, authorization and audit. The following purposes can be easily achieved by using the system:

1. Conduct one-to-one account password verification for each system operator, and the specific operator can be checked through the login account;
2. Use the single sign on mode, that is, each system operator only needs to log in with his own user name and password, and then can directly use various background systems within his authority without entering the user name and password of each background system again. This limits the distribution of various user names and passwords in the background system to the greatest extent;
3. Set the use permissions for each administrator. The administrator can only manage the equipment within the allowed range to avoid wrong operation caused by human reasons;
4. Track and record the online situation, operation situation and equipment operation of each operator, and any equipment change is controllable.

Deployment mode

Customer Benefits

A unified operation and maintenance access and audit platform has been established to improve the system operation and maintenance management level, meet the requirements of relevant laws and standards, reduce the operation and maintenance risk, realize the standardized management of hospital business operation, effectively solve the problems of illegal operation and data leakage of hospital core business, and eliminate illegal systems; A unified security control center is established to centrally manage and analyze the logs of data center, it equipment and applications, so as to realize the visualization and centralized management of security.

Classic cases
  • PLA 302 Hospital
  • Shanghai food and Drug Administration
  • China epidemic control center
  • Affiliated Hospital of Nanchang University
  • naval general hospital
  • Affiliated Hospital of Zhengzhou University
  • ruijin hospital
  • PLA 101 hospital
  • Central South Hospital of Wuhan University
  • United Family Medical Group
Copyright © 2019 All Rights Reserved Designed
Hangzhou pldsec Network Technology Co