Skip to content

How DNS Security Can Help The Very-Targeted Healthcare Industry Fight Back

July 15, 2021 | Written by: Surinder Paul |


The COVID-19 pandemic has placed an incredible pressure on the healthcare industry, not just in the physical world but also in the digital one. Healthcare is uniquely vulnerable to cyberattacks, particularly attacks utilizing DNS. In the 2021 Global DNS Threat Report, just released by EfficientIP and IDC, we see how threat actors are targeting the DNS of verticals such as healthcare, as well as what companies are doing about it.

Why threat actors love to target healthcare

Healthcare is an attractive target to any threat actor. For one thing, healthcare offers a large amount of customer data that is frequently more sensitive than in other sectors. That data also needs to be easily accessible to patients and to caregivers in both on-site and remote ways, which necessitates a larger number of devices and platforms, thus increasing the attack surface for bad actors.

On top of that, the healthcare industry has an already-high number of connected (IoT) devices in use- to monitor heart rates or dispense drugs or take tests. These devices all provide an entry point for external attackers into a system, with DNS often being used as a vector for the attack.

When a DNS attack occurs, organizations are taking a variety of countermeasures. They shut down the affected process or device, disable affected applications, or shut down a service or server. Unfortunately, these types of countermeasures can be very dangerous for patient care. A smarter option would be to make use of a DNS Security solution offering adaptive countermeasures which aim to ensure service continuity, hence minimizing disruption to patient healthcare.

In short, healthcare is attractive because the value of data, the potential avenues for attack entry, and the impact of shutting systems down are very high, driving healthcare companies to continually improve their defenses.

An industry more vulnerable than others

The DNS Threat Report shows just how vulnerable the healthcare industry is to cyberattack. The average cost per DNS attack increased to $862,630, a rise of 12% from last year and the sharpest increase seen by any industry. Healthcare organizations each suffered an average of 6.71 DNS attacks over a 12-month period, and took an average 6.28 hours to mitigate each attack, which is higher than the all-industry average of 5.62 hours.

In addition to an increase in cost, healthcare is the most likely industry to suffer application downtime (in-house or cloud), reported by 53% of companies. which could have heavy consequences for both patients and providers.

Other negative effects include cloud service downtime (46%), loss of business (34%), and stolen customer information (23%) – up from 13% last year. Patient information is particularly sensitive in the healthcare sector, which makes it an attractive target -particularly so during a time of high-stress for the industry.

The most common DNS attack type in healthcare, like many other industries, is phishing; 49% experienced a phishing attack. DNS-based malware is also popular at 36%, as is DNS tunneling at 29% and DNS domain hijacking at 28%. Compared to the all-industry average, healthcare saw relatively low rates of things like DDoS attacks (19% vs 29%).The consequences of attacks on healthcare infrastructure can be extreme, directly affecting patient care and well-being.

Helping healthcare fight back

In order to protect themselves, organizations have turned both to Zero Trust and to smarter DNS security. The Threat Report shows that the healthcare industry is planning, implementing or running Zero Trust initiatives more than other industries (79%, compared to 75%), and is the strongest believer that DNS domain deny-and-allow lists are valuable for Zero Trust (82%, compared to 79%). These types of lists can improve control over which users can access which apps by adding granularity to filtering of client queries, while applying this filtering at an early point in the traffic flow to prevent the spread of attacks throughout the network.

A full 78% agreed that DNS security was a critical component of network architecture, such as for protecting data – emphasized by 27% of healthcare companies putting better monitoring and analysis of DNS traffic as their top priority for preventing data theft. And like all industries, healthcare sees DNS security as critical for protecting a remote workforce (54% of companies surveyed agreed with that statement). Encryption of traffic is highly recommended when using home networks, using a VPN back to the organization network, or with DNS ciphering using DNS over HTTPS (DoH). However, the report highlights the privacy concerns of using a DoH solution from a public provider, so 44% of healthcare companies are considering implementing a private DoH, ensuring that any DNS traffic from users and devices utilizes the organization’s infrastructure, which allows for improved security, filtering and observability.

Indeed, enhancing the privacy of remote workers with a private DoH solution is one core recommendation from this year’s Threat Report. In order to protect data, apps, services, and users, the report also suggests eliminating cloud service downtime caused by cloud misconfigurations by automating life-cycle management of IP resources, and suggests making DNS the first line of defense to stop the spread of attacks. These methods rely on DNS’s potential to analyze client behavior and make decisions to control User Behavior Analysis (UBA) and filtering.

EfficientIP solutions are able to help

EfficientIP’s DNS Guardian enhances threat visibility by automatically monitoring transactions at the heart of the DNS server; because almost all connections are initiated through a DNS request of some kind, so illegitimate actions can be caught and halted. This offers visibility that goes well beyond known attack patterns.

Healthcare IT security could also utilize the threat intelligence functionality of DNS Firewall, which prevents connected devices from becoming infected with malware and blocks their activity should an infection occur, as well as detecting phishing campaigns and data exfiltration attempts. Embedded in EfficientIP SOLIDserver appliances, the component provides a purpose-built and complementary solution to traditional enterprise network security systems.
Because healthcare offers a perfect storm of vulnerability, company leaders need to assess DNS security and see how they can implement solutions that provide a strong defense. The ongoing effects from COVID-19 only make this defense more critical.

Simplify & Secure Your Network

When our goal is to help companies face the challenges of modern infrastructures and digital transformation, actions speak louder than words.