| Medical data has been under threat from a number of cyber attacks and data theft activities.The occurrence of medical data leakage has a great impact on the normal operation of medical institutions,the privacy of patients,and threatens the safety of patients’ lives and property.Due to the lack of relevant standards and norms,the network security risk assessment system is still used,and the traditional methods of data security protection,such as firewall,anti-virus,intrusion detection and physical isolation,are still used.In the context of the era of big data,medical institutions urgently establish a risk assessment model that combines the characteristics of medical data,takes data as the center,analyzes the occurrence factors of data security risks,and can evaluate their own data security risk levels,so as to reduce the probability of data security incidents and protect the normal operation of medical institutions.This paper mainly carries out research from the following points:(1)According to the characteristics of medical data,medical business scenario-based,medical data flow as the main line,from the perspective of the full life cycle of medical data,based on the research of data security capability maturity model,the use of analytic hierarchy process,the establishment of medical data security risk assessment index system,the construction of medical data security risk assessment hierarchical structure model.(2)Based on the hierarchical structure model of medical data security risk assessment,the quantitative method of risk assessment is studied,the concept of probabilistic hesitation fuzzy set is introduced,and a method based on probabilistic hesitation fuzzy set of hierarchy analysis and good and bad distance solution is proposed for quantitative analysis of medical data security risk assessment model.(3)Based on the medical data security risk assessment model and quantitative analysis method,the medical image examination business data stream of three hospitals is taken as the main line to conduct medical data security risk assessment and verify the effectiveness of the quantitative analysis method of medical data security risk assessment.(4)According to the needs of data security risk assessment of medical institutions,design the medical data risk assessment process,develop the medical data classification and classification system,explore and classify the data assets of medical institutions,establish the data security risk assessment process,and realize the overall evaluation and risk confirmation of medical data security.The medical data security risk assessment method and assessment process proposed in this paper have been applied in the medical data of three hospitals.Through the medical data security risk assessment,the final data security risk assessment results are calculated and the overall evaluation is given.It can meet the relevant requirements of design,realize the scientific evaluation of medical data security risk,and provide an effective pre-evaluation report for medical institutions,which has certain practical significance. |
