□ Smart medical security purpose
This guide introduces basic security recommendations for information protection in the smart medical field where state-of-the-art medical systems are being actively introduced. In particular, this guide aims to present security threats and countermeasures from the viewpoint of a network-based medical service from diagnosis to treatment by identifying the current status of medical devices and related systems generally operated in hospitals.
However, since this guide describes the security requirements for safe services in a smart medical environment from the perspective of the Ministry of Science and ICT, it does not have legal effect, so it is not a matter that must be followed. In addition, the contents related to the approval review of medical devices must follow the notifications and guidelines of the Ministry of Food and Drug Safety, the competent ministry.
 |
| Smart medical security |
□ Smart medical security configuration
This guide consists of three parts. ‘Part I’ explains the current state of smart medical care and the purpose and scope of the guide. Part II and III present security threats that may occur in smart medical services and countermeasures for them. . In particular, the components of smart medical service are divided into medical devices, gateways, networks, and medical information systems with network functions, and security threats that can occur in each and countermeasures to internalize the security of ICT convergence products and services in the medical field. A smart medical cyber security guide for Finally, the appendix introduces the current status of domestic and foreign medical device security guides and considerations for purchasing medical devices suggested by Mayo Clinic.
□ Smart Medical Security Coverage
In this guide, medical devices used for various medical services inside medical institutions, gateways that link medical devices, wired/wireless networks, and medical information systems (limited to the part that monitors information sent from medical devices in EMR and EHR) are covered. to target.
Personal health devices used outside medical institutions, wellness and U-healthcare devices, and issues occurring in public network sectors such as the Internet are not included in the scope of application of this guide.
 |
| Smart Medical Security Coverage |
□ Smart medical configuration
A general example of a smart medical system environment is the area where information is collected outside the medical institution and transmitted and processed inside the medical institution, and the area where information is collected and processed inside the medical institution, and various medical information is transferred to other medical institutions or external institutions (such as the Health Insurance Corporation). It can be divided into transmission and processing areas.
In the internal area of medical institutions, information transmitted from medical devices through a dedicated network is stored and managed in a medical information DB via an interface server that processes information, and medical staff diagnoses and treats by using a medical information system such as EMR/EHR. In the area outside the medical institution, information is collected and transmitted from personal health devices or wearable medical devices of patients and guardians to the gateway through wired/wireless networks, and is transmitted to the area inside the medical institution. In the field of linkage between medical institutions and other medical institutions and external institutions, information such as identification of patients’ insurance subscription, safe use of medicines, and prevention of overlapping medications is frequently transmitted and received through inter-institutional linkage through the Internet network.
□ Smart Medical Security Threats
This chapter introduces security threats to each of the medical devices, gateways, networks, and medical information systems that make up smart medical services. Security threats for each component are shown in the figure.
Smart Medical Security Threats
However, since gateways, networks, and medical information systems are similar to gateways, networks, and servers used in general Internet environments, this chapter focuses on security threats to medical devices.
▶ Security Threats to Smart Medical Devices
Medical device hardware, smart medical device commercial OS area, smart medical device management and control area
▶ Medical Gateway Security Threats
Data leakage threat, message injection threat, web interface vulnerability threat, malware infection threat, physical extortion, protocol conversion vulnerability threat, service paralysis
▶ Smart Medical Network Security Threats
Risk of data leakage, risk of system paralysis (DoS) attack, unauthorized device network unauthorized access, unauthorized data manipulation
▶ Medical information system security threat
security and password security threats, access control security threats, weak settings and use of unauthorized programs, and use of vulnerable software
□ Countermeasures for each smart medical security threat
 |
| Countermeasures for each smart medical security threat |
Source : Ministry of Science and ICT, Korea Internet & Security Agency
