Among organizations responding to a global DNS threat report, the sector suffered the highest rate of brand damage and website compromise.

A DNS cybersecurity survey of 1,114 organizations across the world in early 2021 has shown that healthcare industry experienced a great impact from DNS attacks than other industries.

The average cost per attack in healthcare has increased to US$862,630, a rise of 12% from 2020 and the sharpest increase seen by any industry in the survey.

The threat report from EfficientIP noted the following:

  • Of the industries surveyed, healthcare was the most likely to suffer application downtime, with 53% of responding healthcare organizations reporting that.
  • Healthcare also saw the highest rate of compromised websites (44%) and the highest rate of brand damage at 31%.
  • App and services downtimes and cloud service downtime were found to be the second highest among the impacts at 46% in the survey.
  • On the whole, cloud service downtime (46%), loss of business (34%), and stolen customer information (23%) were up from 13% from the same survey for 2020.
  • 54% of healthcare companies surveyed agreed to prompts that DNS security was critical for protecting a remote workforce. 78% of respondents agreed that DNS security was a critical component of network architecture, and 27% of healthcare companies put better monitoring and analysis of DNS traffic as their top priority for preventing data theft.
  • Respondent healthcare organizations suffered an average of 6.71 DNS attacks over a 12-month period, and it took an average 6.28 hours to mitigate each attack, which is higher than the all-industry average of 5.62 hours.
  • 49% of the respondent healthcare organizations experienced phishing attacks, the most common DNS attack type in healthcare, like what many other industries experienced.
  • DNS-based malware was also popular in healthcare at 36%, as was DNS tunneling at 29% and DNS domain hijacking at 28%.
  • 82% of the healthcare sector believed that using DNS domain deny-and-allow lists for improving control over which users can access which apps is valuable for Zero Trust, compared to 79% in the other industries surveyed.
  • 79% of the healthcare organizations surveyed had turned to Zero Trust and smarter DNS compared to 75% in than other industries studied.
  • Attacks on the healthcare sector were on the rise for respondent organizations in Thailand, Malaysia, and the Philippines. Indonesia was one of the South-east Asian countries to have experienced cyberattacks earlier in the year on its national healthcare program. The incident jeopardized over 100,000 Indonesians’ personal social security data including personal records, social security number and payment status for fraud and digital attacks. The Singapore government previously detected millions of internet-connected medical equipment including ultrasound machines, patient monitors and medical imaging equipment vulnerable for attacks.
  • In comparison to the all-industry average in the survey, healthcare saw relatively low rates of things like DDoS attacks (the all-industry average was 29% while the healthcare average was 19%).

EfficientIP’s VP of Strategy Ronan David commented: “We all knew that the healthcare industry would be a prime target for cyberattacks during the pandemic. It really is fascinating and useful to see the data in black and white,” referring to the clear quantitative picture of how healthcare organizations can improve their defenses.