On the morning of December 19, 2023, the Ministry of Health (National Health Information Center) organized a training conference on Health sector information security drills in 2023. Mr. Do Truong Duy, Director of the Health Information Center National International chaired the conference.
Attend conferences of representatives of Departments, Bureaus and Offices under the Ministry of Health, Ministry of Public Security, Ministry of Information and Communications; At the online meeting points, there are technical staff representing units under the Department of Health of the provinces/centrally-run cities…
Speaking at the opening of the conference, Mr. Do Truong Duy, Director of the National Health Information Center, said: in recent times, the Party, State and Government have paid great attention and promoted the work of ensuring security and safety. network information and have issued many guiding documents on network information security and safety such as the Law on Network Information Security (2015), Law on Network Security (2018), Directive No. 41-CT/TW dated March 24, 2020 of the Party Central Committee Secretariat on strengthening coordination and synchronous implementation of measures to ensure network safety and security, Decree No. 13/2023/ND-CP on personal data protection core; Decision No. 964/QD-TTg dated August 10, 2022 of the Prime Minister approving the National Cyber Safety and Security Strategy, proactively responding to challenges from cyberspace until 2025, with a vision to 2030.
Implementing the direction of the Party and Government, the Ministry of Health focuses on ensuring security and network information safety such as: Resolution No. 157/ND/BCSĐ on Health digital transformation until 2025 and the orientation to 2030 stipulates tasks and solutions to ensure network information security and network security; Decision No. 1928/QD-BYT dated April 21, 2023 of the Ministry of Health on Promulgating the Ministry of Health e-Government Architecture version 2.1; Regulations on ensuring information security and network security of the Ministry of Health; Plan to respond to incidents and ensure network information security for units under and under the Ministry of Health for the period 2023-2025; Developing a Decree regulating medical data management…
“The health sector is one of eleven important areas prioritized to ensure network information security (according to Decision No. 632/QD-TTg dated May 10, 2017). In addition to important information systems serving the management and administration of the Ministry of Health, the Ministry of Health’s Public Service and Administrative Procedures System, medical examination and treatment information system, and medical digital platform are Digital systems and platforms are large-scale, deployed nationwide and especially contain a lot of information and data of people and businesses, so ensuring security and network information safety needs to be paid attention. protect against cyber attacks that are increasing in number and severity” – Mr. Do Truong Duy, Director of the National Health Information Center emphasized.
The Director of the National Health Information Center added: implementing Directive No. 18/CT-TTg dated October 13, 2022 of the Prime Minister on promoting the implementation of information safety incident response activities. Vietnam cyber news, Directive No. 60/CT-BTTTT dated September 16, 2021 of the Ministry of Information and Communications on implementing practical combat exercises to ensure cyber information security and Decision 1622/QD-TTg 25 October 2017 approved a project to promote the operation of the incident response network, strengthen the capacity of officers and departments specialized in responding to cyber information security incidents nationwide until 2020, with orientations to 2025. “Every year, the Ministry of Health regularly organizes information security drills for the health sector to provide technical staff working in information technology and information security at units under and under the Ministry of Health. information security incident response and handling processes; Use tools and skills to exploit security vulnerabilities and promptly detect, respond, and resolve incidents causing information insecurity that units may encounter; Conducting real combat exercises on an information system of the Ministry of Health” – Mr. Do Truong Duy said.
Mr. Do Truong Duy requested the coordinating unit – Viettel Cyber Security Company to provide and share processes and incident response plans, guide students in using information security tools, and share experiences. Practical experience, methods of attack, exploiting security holes and prevention methods are easy to understand and accessible to participating technical staff.
It is recommended that participating technical staff take advantage of this time to equip themselves with new knowledge and skills, as well as enhance cooperation, exchange and learn from each other to promptly advise and make suggestions to leaders. The unit’s information security plan contributes to enhancing information security for the unit’s information systems.
Information at the conference said that the exercise helps improve capacity and practice practical skills in detecting, monitoring, collecting, verifying, and analyzing malicious code behavior; identify the source of the attack; security holes in the system and improve coordination skills between specialized agencies/incident response teams during the incident response process.
At the same time, develop protection plans to minimize risks and ensure the system is always safe during the rehearsal process; Complete the risk handling plan and be ready to respond when an incident occurs during the exercise.
Along with that is improving the capacity of technical staff of the Ministry of Health’s Cyber Information Security Incident Response Team, contributing to enhancing information security for the Health sector’s information system; Help propagate to agencies, organizations and people about ensuring network information security during the rehearsal process.
The conference takes place over 02 days from December 19-20, 2023, the main content is to strengthen the ability to detect and respond to information security incidents for the administrative procedure handling system of the Ministry of Health in particular. and information systems at the Ministry of Health Data Center in general; Complete incident response plans, incident detection and response processes; Detect system security holes. Resolve administrative procedures of the Ministry of Health to promptly handle and overcome; Training and capacity building training for technical staff of the Ministry of Health’s network information security incident response team./.
