To analyze the network security risk events monitored by the situational awareness platform of large hospitals, to find out the causes, and to put forward solutions and suggestions for improvement. Method/Process Taking the First Affiliated Hospital of Zhengzhou University as an example, the paper analyzes risk events on the situational awareness platform, screens the risky terminals on the hospital intranet, carries out rectification and reinforcement, analyzes the department distribution and causes of risky terminals, and puts forward suggestions for improvement. Result/Conclusion The number of risky terminals in medical and technical departments is large, mainly due to the lack of management and the lack of full coverage of antivirus software. Through the rectification and reinforcement of risky terminals, the number of network security risk events has been significantly reduced. Strengthening the hospital terminal security management, enhancing staff awareness of network security, and strengthening network security protection in different areas can effectively reduce the incidence of hospital network security risk events and improve the hospital network security protection capability.