DNS Security for Healthcare: Controlling Connected Devices and Protecting Patient Data

Over the past few years, healthcare organizations have been rapidly moving towards connected devices and cloud, driven by digital transformation projects and accelerated by the pandemic. However, to allow operating with complete trust, cybersecurity solutions need to keep pace with new telehealth/telemedicine technologies adopted which due to their criticality for patient health must be “always on”. Above all, network infrastructure needs to be reliable, connected medical devices have to be controlled in terms of what infrastructure they are allowed to access, and huge amounts of sensitive patient data must be protected while at the same time making it easily accessible for relevant persons.

DNS can play a big part in this, thanks to its unique ability to control application access and detect data theft attempts in a timely manner.

Why healthcare organizations are targeted

From phishing to man-in-the-middle attacks, abuse of network vulnerabilities and ransomware, more and more attacks are being carried out on medical infrastructure, putting patient health at danger. A major difficulty lies in the fact that there are multiple networks and hundreds of digital components within any hospital or clinic which can be targeted by cybercriminals: electronic health records (EHR), Internet of Things (IoT) devices, e-prescribing and decision support systems, intelligent heating, ventilation, and air conditioning (HVAC), etc. Protecting patient privacy has become extremely challenging for healthcare providers, who in addition are obliged to comply with GDPR, HIPAA and other regulations. All this makes it harder to implement security measures, so bad actors rush to take advantage, as proven by the August 2022 hack on the software system used by NHS trusts which prevented medics from accessing patients’ records for several weeks.

DNS has been proven to be a favorite target

The high number of connected (IoT) devices used in healthcare establishments to monitor heart rates, dispense drugs or perform tests all provide an entry point for external threat actors, with DNS frequently being used as a vector for the attack.

The IDC 2022 Global DNS Threat Report confirmed that frequency of DNS attacks on each healthcare facility has risen considerably from 6.71 attacks in 2021 to 7.7 in 2022, with each attack costing on average $906k versus $862k in 2021, and some attacks resulting in damages of over $5M.

Aside from the financial aspect, the impacts of DNS attacks are proving very disruptive to critical medical services, with 43% of attacks causing Cloud service downtime, 41% App downtime, and over 1-in-4 (27%) of breaches leading to theft of sensitive data, bringing the obvious risk of hefty regulatory fines.

According to the report, the main attack types deployed include phishing (53%), DNS-based malware (38%), DDoS/amplification (29%), and cloud instance misconfiguration abuse (28%).

The average time to mitigate each attack is prety high, calculated at almost six hours (5.95 hours), but more worrying are the countermeasures being taken to mitigate attacks – all of which leave hospital or clinic employees with no access to vital medical apps and services. When faced with a DNS attack, 36% of organizations shut down a DNS server or service, 32% disabled the affected apps and 29% shut down part of network infrastructure (which is the highest percentage out of all industries surveyed).

How can DNS security help?

While DNS is a main target for cybercriminals, it can also be utilized as a key component of the network security ecosystem. In the DNS Threat Report, 74% of healthcare Security/IT professionals stated they consider DNS security as being critical for securing their overall network, and 57% view DNS security as their top method for protecting against malware and ransomware. However, it is acknowledged that basic DNS protection solutions are not adequate, so recommendations to protect against ransomware include: 1) Investing in response policy zones (RPZs), threat intelligence, and log analysis 2) Using a high-performance dedicated DNS

Zero Trust strategies are also becoming increasingly adopted within hospitals and clinics, with 73% having already implemented or planning them. DNS filtering and threat intelligence have a strong role to play in this, helping control access to apps and services.

Unique value brought by EfficientIP DNS Security solutions

Offering purpose-built DNS security, SOLIDserver complements firewalls, IPS and authentication solutions for strengthening security of healthcare IT systems. DNS Guardian’s unique DNS Transaction Inspection functionality overcomes limitations of firewalls with regards to detection of data exfiltration, thus reducing theft of sensitive patient data. Having the best performance of any DNS on the market, SOLIDserver DNS can be used as a foundational tool for anti-ransomware programs.

And for combatting abuse of connected devices causing lateral spread of threats across networks, the DNS Client Query Filtering (CQF) feature takes application access control to the next level. 66% of healthcare companies already use DNS for controlling which users can access which apps. CQF enhances this by offering unique microsegmentation capability of filtering down to individual client level, via allow lists and deny lists. For example, by using allow lists, access for every IoT device can be limited to only authorized infrastructure, apps or services, thus overcoming issues around privilege abuse and providing good defense against IoT botnets. According to the Threat Report, 85% of healthcare IT/security professionals deem allow and deny lists to be valuable in zero trust frameworks.

EfficientIP‘s market-leading 360° DNS security solutions bring much-needed value to healthcare IT systems, in particular for safeguarding data, preventing threats from connected devices, and meeting regulatory compliance. To check how secure your network is against DNS attacks, and receive recommendations on improving your security posture, why not try our free DNS Risk Assessment ?