Актуальные угрозы безопасности информации в сфере здравоохранения и офтальмологии

Abstract

Relevance. All healthcare institutions, including ophthalmology, belong to critical information infrastructure, which is described in law on «the security of critical information infrastructure of the Russian Federation» 26.07.2017 No. 187-FL. It is mandatory to carry out the compliance of critical information infrastructure objects with the established criteria and indicators of significance for these institutions. The article deals with the issues of information security risk assessment and categorization in relation to organizations working in the field of ophthalmology. The research was carried out as part of the implementation of the federal project «Information Security» of the national program «Digital Economy of the Russian Federation». Purpose. Analysis of the features of the categorization process for ophthalmology organizations, designing decision-making algorithm for assigning a category of significance. Material and methods. The article deals with the issues of information security risk assessment and categorization in relation to ophthalmology organizations. The study was carried out as part of the implementation of the federal project «Information Security» (the national program «Digital Economy of the Russian Federation»). Results. The consequences of the implementation of attacks on information systems that are significant for specific types of critical information infrastructure objects in the healthcare sector (in the field of ophthalmology) were considered. The choice of significance criteria was substantiated. An algorithm for making a decision on assigning a category of significance was developed. Conclusion. An analysis of current threats to critical information infrastructure facilities in the healthcare sector was explored. It was found that in the proposed methodologies, the detection of the possibility of detecting an object under the first detection is not wide enough, which may seem to be based on unreasonable costs to ensure the necessary level of security for healthcare and ophthalmology facilities. Keywords: critical information infrastructure, healthcare institution, ophthalmology, information security threats, intruder model, actual threats, computer incidents