According to reports, the American healthcare service provider Group Health Cooperative revealed that it was infiltrated by a ransomware gang in January of this year, which stole files containing personal and medical information of more than 500,000 people. This included sensitive information that is not usually made public, such as financial data, employee information, business agreements, and email communications.

With the continuous advancement of technology, information technology has been applied more widely than ever before in the domestic and international healthcare fields. The healthcare industry is experiencing a global information security crisis, with data security becoming the primary challenge in the digitalization of healthcare. How the healthcare sector can fortify its information security defenses has become extremely important. The impact is not limited to healthcare institutions but also continuously threatens the information security, financial security, and even the safety of patients' lives.

In response to the urgency, the national standard GB/T 43697-2024 "Data Security Technology - Rules for Data Classification and Grading" will be officially implemented on October 1, 2024. The release of this national standard provides a guiding guide for the healthcare sector in data management and data classification and grading work. The healthcare industry can use scientific classification and grading methods to effectively protect patient data and sensitive information within healthcare institutions, ensuring that medical data security is controllable and effectively used. Defending the information security defense line starts with the most basic classification and grading of health data, clarifying the classification framework and methods: refining classification according to functional departments, such as bed allocation in critical care medicine, patient files, clinical data, staffing of healthcare professionals, medical equipment, resource allocation of related departments, operational indicators, and research indicators. Then, based on the impact of the data on the healthcare institution, determine the grading objects, identify grading elements, conduct data impact analysis, and comprehensively determine the grading, for example: the leakage of patient files will have a significant impact on the individual patient and the hospital's reputation, and may even cause a huge public opinion. When the impact involves social order, the degree of impact can be determined as a serious hazard based on the level.

Glorytime's self-developed data classification and grading management platform will display related data management categories, such as data asset management, classification and grading management, data risk management, and system configuration management. The management platform is divided into areas based on the principle of "who manages the business, who manages the data, who manages data security," referring to international standards, national standards, and combining years of experience in the information security industry with a clear understanding of the specific workflow of healthcare institutions. The concept combines the scientific PDCA process, through the data classification and grading management platform to formulate appropriate classification and grading work standards for various healthcare institutions, making data controllable and visible, improving the timeliness of information security reporting, and strengthening personnel training. Glorytime's team initially conducted a thorough investigation of all asset details, while classifying, marking, and organizing information; then, based on the gap analysis results, we adjusted according to the rules for data classification and grading for information security, and conducted data security control and grading for healthcare institution customers; finally, input into the data classification and grading management platform to form a solid defense line for effectively maintaining and cyclically monitoring data security.

Glorytime is continuously catching up and surpassing in the information security industry, from conception to implementation, through the development of a data classification and grading management platform, innovating and changing formats, because we are dreamers, building a fortress of data security for the healthcare sector.