DNS Security in Healthcare: Paving the Way Toward Secure Health Infrastructure

In recent years, the pace of digitization in the healthcare sector has accelerated rapidly. Devices and applications in hospitals are increasingly connected via IoT, while patient data in many countries is being recorded and shared in new and innovative ways—this is expanding the types of services patients can use, as well as make their care more efficient. In many ways COVID-19 has exacerbated these trends, as the demand for telemedicine applications and remote working solutions is at an all-time high.

While the rapid digital transformation in hospitals and other medical institutions comes with notable benefits, the explosion in healthcare data and increasing use of IoT devices also creates tradeoffs. One major drawback is that increasingly digital products and services offer attractive new attack surfaces for cybercriminals looking to access highly sensitive information such as patient history, personal financial data, and communications among physicians, care teams, patients, and families.

DNS security is critical in healthcare

Attacks targeting DNS are especially appealing for cybercriminals. In these types of attacks, threat actors take advantage of vulnerabilities in the DNS, or Domain Name System. According to the 2020 Global DNS Threat Report, published by EfficientIP and IDC, nearly four in five companies experienced a DNS attack last year, and the average cost of each attack hovers around USD$1 million.

The effect of DNS attacks on healthcare systems and hospitals can be devastating. And healthcare companies know it: over 65% of healthcare respondents in the Threat Report rated DNS security as extremely important or very important. Some of the more common attack types in the healthcare sector include phishing (41% of companies surveyed experienced phishing attacks), malware (34%), and DNS amplification attacks (22%).

Ransomware, a type of malware threatening data privacy and records, is a particularly frequent type of DNS-based malware in healthcare. A recent Europol report describes how Brno University Hospital, one of the Czech Republic’s COVID-19 testing centers, was victim to a sizable ransomware attack that forced all surgeries to be rescheduled. A prevalent ransomware attack in the fall of 2019 forced over 100 dental practices offline for several days. A different ransomware attack on cloud remote management software removed access to patient data and systems for nearly a week.

In another scenario, connected medical devices could pose a threat. Heart rate monitors, infusion pumps, ventilators, robotic surgical equipment—if any of these become compromised (such as through data corruption, or becoming leveraged as bots for a DDoS attack), the effects would be dramatic.

Typical countermeasures can be dangerous for patient care

When an attack occurs, there are a variety of countermeasures that organizations can take. Of the healthcare respondents in the Threat Report, a majority relied on shutting down the affected processes and connections (55%) or disabling some or all of the affected applications (53%).

Unfortunately, these types of countermeasures are far from ideal and can be very dangerous for patient care if critical medical applications are affected. 29% of respondents were likely to shut down a server or service with potential negative effects on patients’ wellbeing.

Healthcare companies are understandably swamped with a host of other stressors right now. But there are some fairly straightforward steps they can take in order to strengthen their digital infrastructure and prevent or mitigate DNS attacks, as well as ensure continuous access to critical applications and devices.

Healthcare requires a comprehensive DNS security solution

Firstly, organizations should improve threat detection by making better use of behavior analytics and threat intelligence. EfficientIP’s DNS Guardian enhances threat visibility by monitoring transactions at the heart of the DNS server thus serving as an effective first line of defense, as almost all connections are initiated through a DNS request.

Another critical component for healthcare IT security could be utilizing DNS Firewall, which prevents connected devices from becoming infected with malware and blocks their activity should an infection occur. Embedded in EfficientIP SOLIDserver appliances, the application provides a purpose-built and complementary solution to traditional enterprise network security systems.

Companies should also rely more on Zero-Trust strategies. In short, Zero Trust helps prevent data breaches by using strict access controls and assuming that anyone on the network is not to be trusted, requiring verification before granting access to resources. It is a strategy that can make better use of behavior analytics to determine who is a likely threat and who is not. Currently, only 10% of healthcare respondents in the DNS Threat Report use Zero Trust architecture. 21% have piloted it; 40% have not yet explored the option.

As COVID-19 pushes an explosion in the prevalence of telehealth, telemedicine, and remote work in the healthcare sector, the potential attack surfaces will only grow. The time has never been better to shore up DNS security in the healthcare sector.