The COVID-19 pandemic has put more strain than ever on not only healthcare professionals, but also on its IT. IT systems at hospitals and other medical facilities have been victims of cyber attacks more frequently since the pandemic began, posing new challenges for the digitisation of the industry. This increase in medical device/ activity traffic led to an unreadiness in deploying fundamental healthcare IT defense mechanisms needed to secure systems and operation, which opened the door for hackers to take advantage of this vulnerability.
This is an issue that also inordinately affects the Asia Pacific region, due to the speed with which healthcare services have moved online in recent years. Several major healthcare and healthcare-affiliated institutions have been the target of cyber attacks, and often, highly sensitive information was exposed as a result of such hacks.
For example, in August 2021, an eye clinic in Singapore fell victim to a ransomware attack that exposed nearly 75,000 patients’ personal data – such as identity card numbers and contact details. This was the second major cyber attack on a healthcare provider in Singapore in recent years.
The healthcare sector is the most vulnerable industry to cyberattacks, especially DNS attacks such as ransomware, phishing or DDoS attacks that target vulnerabilities in the Domain Name System (DNS).
DNS is a network protocol that is essential for communication between devices and users and acts as the "phone book" of the Internet. In the process, attacks and application downtime can have a devastating impact on hospital operations and, in turn, patient safety. Studies have estimated that the Asia-Pacific region is in last place when it comes to the security of the healthcare sectors, indicating that cyber security measures are needing improvement in this area.
Countries such as Indonesia and Thailand are the victims of frequent data breaches, especially in the healthcare sector. Recently, the personal medical data of many Indonesians, including President Joko Widodo, was leaked, sparking outrage among citizens.
Healthcare is the most susceptible industry to attacks
The healthcare sector is an attractive target for attackers, with large amounts of highly sensitive patient and insurance data in circulation. In addition, a large number of networked devices (IoT) are already in use - for monitoring heart rates, dispensing medication or performing diagnostic tests. These devices add complexity to hospital networks and every single one provides an entry point for external attackers into the IT system, where DNS is often used as an attack vector.
The 2021 Global DNS Threat Report, a study released by EfficientIP and IDC, shows that during the COVID-19 pandemic, the healthcare industry experienced far more devastating impacts from DNS attacks compared to other industries. The average cost per attack in the healthcare industry rose to over USD 800,000, a 12% increase over the previous year and the largest increase of any industry.
An example of a ransomware attack that took place over the COVID-19 emergency period would be the attack on Saraburi Hospital in Thailand in September 2020. This attack froze the hospital’s patient database, damaged all scanned patient records, and made the landline inaccessible. This attack was one in a string of attacks on Thai hospitals, prompting the Public Health Minister Anutin Charnvirakul to propose that safety features be installed in hospitals nationwide to minimise chances of such attacks in the future.
Additionally, healthcare facilities were impacted by an average of 6.71 DNS attacks over a 12-month period, and each attack took an average of 6.28 hours to mitigate, which is higher than the industry-wide average of 5.62 hours.
In addition to an increase in costs, healthcare is the industry most likely to be impacted by in-house application downtime, reported by 53% of respondents. Other negative impacts include cloud service downtime, loss of business, and stolen patient data.
Phishing is the most common type of DNS attack within the healthcare sector, as it is in many other industries; 49%of healthcare organisations surveyed experienced a phishing attack. DNS-based malware is also very common at 36%, as is DNS tunneling at 29% and DNS domain hijacking at 28%.
Compared to the cross-industry average, the healthcare sector has a relatively low number of DDoS attacks. Regardless, the consequences of attacks on the healthcare infrastructure can be severe and directly impact patient care.
Preventing attacks in the healthcare sector
When a facility falls victim to a DNS attack, countermeasures taken include interrupting applications and shutting down servers. However, especially in the healthcare sector, this can have severe, negative consequences for patient safety. Fortunately, by making use of a smart DNS security solution, there are a variety of more adaptive countermeasures that healthcare facilities can take to keep their critical apps and services up and running:
To protect themselves, facilities should focus on both a Zero Trust strategy and smart DNS security. The Threat Report shows that the industry plans, implements or operates more Zero Trust initiatives than other industries and that the industry is convinced that DNS domain deny-and-allow lists are very helpful for Zero Trust to protect their networks.
These types of lists can improve control over which users can access which applications – by making DNS request filtering more specific – while applying it early in the traffic flow to prevent the spread of attacks throughout the network.
A total of 78% agreed that DNS security is a critical component of network architecture – underscored by 27% of healthcare organisations citing better monitoring and analysis of DNS traffic as their top priority for preventing data theft.
Like all other industries surveyed, healthcare sees DNS security as critical to protecting employees who work remotely or are in distant locations. Encryption of traffic is strongly recommended when using home networks, using a VPN back to the corporate network or DNS encryption with DNS over HTTPS (DoH).
However, the report also highlights privacy concerns with using a DoH solution from a public provider, so 44% of healthcare organisations are considering implementing a private DoH solution that ensures all DNS traffic from users and devices uses the organisation's infrastructure, allowing for better security, filtering and monitoring.
Improving the privacy of remote employees with a private DoH solution, is one of the key recommendations in this year's Threat Report. To protect data, apps, services and users, the report also suggests eliminating cloud service downtime caused by cloud misconfigurations by automating lifecycle management of IP resources, and benefiting from DNS’s early visibility over almost all traffic to make it the first line of defense.
Essentially, there needs to be strong implementation of tools that support IT and cybersecurity staff in carrying out their duties. Adopting models that support the work carried out by cybersecurity and IT teams such as the Zero Trust model and the smart DNS strategy can greatly support safety measures.
The COVID-19 pandemic, and the associated central role of the healthcare sector in efforts to tackle it, have further accelerated digitisation. This progress means that vulnerabilities of IT systems will continue to increase, with DNS remaining a favourite target for cybercriminals. Protection through the implementation of purpose-built DNS security should therefore remain a top priority.
Nick Itta, Regional Manager, APAC at EfficientIP
