Hospitals need to shore up their defenses with Zero Trust frameworks, argues this DNS security expert.

The COVID-19 pandemic has wreaked havoc on global economies, governments, and nearly all industries, but one of the most-affected industries has been healthcare.

Aside from their critical medical roles, healthcare professionals are also the guardians of devices and data that are critical for successful delivery of services. This includes sensitive information such as patient histories and personal financial data, IoT-connected devices that protect patient safety, and communications among physicians, care teams, patients, and families, to name just a few.

In Asia, governments have leveraged technology to support contact-tracing efforts and increased surveillance efforts to ensure social distancing. These surveillance efforts have been causes for concern among private citizens, since their actions may continue to be monitored indefinitely. Such devices and data also present an attractive attack surface to cybercriminals. Attacks targeting DNS or using it as a vector are especially appealing.

In these types of attacks, hackers take advantage of vulnerabilities in the Domain Name System (DNS)—the system that translates human-friendly website names into numeric IP addresses. According to the 2020 Global DNS Threat Report, published by EfficientIP and IDC, nearly four in five companies experience a DNS attack, and the average cost of each attack hovers around USD$1m. In Asia, this figure is US$793,000, down from US$814,000 the previous year.

Three types of healthcare cyberthreats

Some of the more common attack types in the healthcare sector include phishing (41% incidence), malware (34%), and DNS amplification attacks (22%). For the latter, 58% of victimized healthcare organizations suffered app downtime, something that could significantly affect access to data, medical communications, and more.

Given these statistics, it is no wonder that over 65% of healthcare respondents rated DNS security as extremely important or very important. In fact, the effect of DNS attacks on healthcare systems and hospitals can be devastating. 

Take ransomware, a type of malware attack that could threaten data privacy and records. In Singapore, data breaches ring a bell in the healthcare sector since the attack in 2018 on SingHealth’s database. The attack had consequently prompted a review of current practices and culminated in recommendations to boost cybersecurity.

In another scenario, connected medical devices could pose a threat. Heart rate monitors, infusion pumps, ventilators, robotic surgical equipment—if any of these become compromised (such as data corruption, or even becoming leveraged as bots for a DDoS attack), the effects would be dramatic. The Global Threat Report shows that 75% of the DDoS attacks suffered by healthcare organizations surveyed were over 5Gbit/sec; this can cause serious damage.

Considering countermeasures

When an attack occurs, there are a variety of countermeasures that organizations can take. Of the healthcare respondents in the Threat Report, a majority relied on shutting down the affected processes and connections (55%) or disabling some or all of the affected applications (53%). Unfortunately, these types of countermeasures can be very dangerous for patient care. Some 29% of respondents were likely to shut down a server or service in the event of an attack, potentially affecting the patients’ well-being.

Organizations in the healthcare industry can take measures to prevent and mitigate against these types of attacks. They should accelerate threat investigation by including DNS security in a security-by-design framework, and they should implement purpose-built DNS security with effective auto-remediation capabilities. This will incorporate adaptive countermeasures that can limit attack damage by reducing mitigation times.

Such mission-critical organizations should also rely more on Zero-Trust strategies. In short, Zero Trust helps prevent data breaches by using strict access controls and assuming that anyone on the network is not to be trusted, requiring verification before granting access to resources. It is a strategy that can make better use of behavior analytics to determine who is a likely threat and who is not.

Currently, only 10% of healthcare respondents in the DNS Threat Report use a Zero Trust architecture. Only 21% have piloted it; 40% have not yet explored the option.

As the pandemic pushes the prevalence of telehealth, telemedicine, and remote work in the healthcare sector, the potential attack surfaces will only grow. The time has never been better to shore up DNS security in the healthcare sector.