Analysis of hospital system security issues (1)

Analysis of hospital system security issues (1)
Security Question 1:

A hospital found that its database was regularly scanned by a PC inside the hospital. After locating an IP address based on the log, it found that the PC was not, and then tracked another IP address, but the verification is not. The hospital itself has installed an anti-consortium, but the vendor said it could not explain the problem.

The hospital system is as follows:

The hospital itself is a small LAN that is not connected to the Internet and is only associated with medical insurance. Due to the large number of users, the hospital system does not adopt IP/MAC binding measures. In addition, the outpatient Hall of the hospital is placed with a network cable that can be connected to the system for direct data query.


Hospital Information Systems are specialized, have a wide variety of services, and have complex information types. A large number of digital medical devices need to be integrated with them. In the case of system security problems, it is relatively difficult to find and determine. The main role of information security is prevention. When a problem occurs, it is necessary for software vendors, hardware vendors, and security vendors to work together to find and solve the problem. In addition, due to the particularity of the hospital system, the overall business of the system cannot be interrupted in the process of finding the root cause of the problem, which also makes it difficult to find the problem.