Policy Statement
In accordance with the Ministry of Health and Welfare's "Healthy Taiwan Initiative" and the Cyber Security Management Act, this hospital has established a comprehensive cybersecurity governance framework to ensure the safe and stable operation of healthcare information systems, safeguarding patient personal data and medical records.
Organizational Structure
The hospital has established an Information Security Management Committee, chaired by the Superintendent, with the Director of Information Technology serving as the Chief Information Security Officer (CISO), overseeing the planning, implementation, and supervision of hospital-wide cybersecurity policies. Each department has designated cybersecurity liaisons responsible for implementing security measures and incident reporting.
Protective Measures
The hospital has adopted a Zero Trust cybersecurity architecture, implementing fine-grained access control and the principle of least privilege, complemented by multi-factor authentication to ensure secure system access. Additionally, multi-layered defense measures including endpoint protection, network segmentation, and encrypted transmission have been deployed.
Monitoring and Incident Response
A hospital-wide cybersecurity monitoring system has been established for real-time detection of anomalous behavior and potential threats. Cybersecurity incident reporting and response procedures are in place, with regular cybersecurity drills conducted to strengthen staff security awareness and response capabilities.
Certification and Compliance
The hospital continuously advances its cybersecurity management system, adhering to the ISO 27001 Information Security Management standard, and complying with the Ministry of Health and Welfare's cybersecurity audit requirements through regular internal and external security assessments and improvements.
