Authored by: Nick Itta, VP, APAC, EfficientIP
The COVID-19 pandemic has wreaked havoc on global economies, governments, and nearly all industries. While the travel, leisure, oil & gas drilling, as well as retail industries appear to be hard hit, perhaps one of the most-affected industries of the COVID-19 pandemic has been healthcare.
Not only are healthcare professionals serving as the line of first defence for those who need medical attention during the pandemic, but they also safeguard devices and data that are critical for successful delivery of services. This includes sensitive information such as patient history and personal financial data, IoT-connected devices that enable patient safety, and communications among physicians, care teams, patients, and families, to name just a few. In Asia, governments leveraged technology to support contact tracing efforts and increase surveilling efforts to ensure individuals stayed apart to contain any further spread. Examples include the use of SPOT, an autonomous robot, in Singapore, as well as contact tracing applications created by governments. These surveillance efforts have been causes for concern among private citizens, that their actions might continue to be monitored indefinitely.
These devices and data present an attractive attack surface for cybercriminals. Attacks targeting DNS or using it as a vector are especially appealing. In these types of attacks, hackers take advantage of vulnerabilities in the DNS, or Domain Name System--the system that translates Web site names into numeric addresses (IP addresses) that are easier for computers to manage. According to the 2020 Global DNS Threat Report, published by EfficientIP and IDC, nearly four in five companies experience a DNS attack, and the average cost of each attack hovers around USD$1 million. In Asia, this figure is US$793,000, down from US$814,000 the previous year. Singapore’s increased from US$924K to US$1.022M.
Some of the more common attack types in the healthcare sector include phishing (41% of companies surveyed experienced phishing attacks), malware (34%), and DNS amplification attacks (22%). 58% of healthcare organisations suffered app downtime as a result of a DNS attack, something that could significantly affect access to data, medical communications, and more.
Given these statistics, it is no wonder that over 65% of healthcare respondents rated DNS security as extremely important or very important. Indeed, the effect of DNS attacks on healthcare systems and hospitals can be devastating.
Take ransomware, a type of malware attack that could threaten data privacy and records. In Singapore, data breaches ring a bell in the healthcare sector since the attack in 2018 on SingHealth’s database. SingHealth is Singapore’s largest cluster of healthcare institutions. Information on patient diagnosis, test results and doctors’ notes were unaffected but information on Singapore’s prime minister was specifically targeted, among others. The attack prompted a review of current practices and culminated in recommendations to boost cybersecurity.
In another scenario, connected medical devices could pose a threat. Heart rate monitors, infusion pumps, ventilators, robotic surgical equipment--if any of these become compromised (such as data corruption, or even becoming leveraged as bots for a DDoS attack), the effects would be dramatic. The Threat Report shows that 75% of the DDoS attacks suffered by healthcare organisations surveyed were over 5Gbit/sec; this can cause serious damage if DNS server cannot protect against them.
When an attack occurs, there are a variety of countermeasures that organisations can take. Of the healthcare respondents in the Threat Report, a majority relied on shutting down the affected processes and connections (55%) or disabling some or all of the affected applications (53%).
Unfortunately, these types of countermeasures can be very dangerous for patient care. 29% of respondents were likely to shut down a server or service in the event of an attack, potentially affecting the patients’ wellbeing.
Organisations in the healthcare industry can take measures to prevent and mitigate against these types of attacks. They should accelerate threat investigation by including DNS security in a security-by-design framework, and they should implement purpose-built DNS security with effective auto-remediation capabilities. This will incorporate adaptive countermeasures that can limit attack damage by reducing mitigation times.
Companies should also rely more on Zero-Trust strategies. In short, Zero Trust helps prevent data breaches by using strict access controls and assuming that anyone on the network is not to be trusted, requiring verification before granting access to resources. It is a strategy that can make better use of behaviour analytics to determine who is a likely threat and who is not. Currently, only 10% of healthcare respondents in the DNS Threat Report use Zero Trust architecture. 21% have piloted it; 40% have not yet explored the option.
As COVID-19 pushes an explosion in the prevalence of telehealth, telemedicine, and remote work in the healthcare sector, the potential attack surfaces will only grow. The time has never been better to shore up DNS security in the healthcare sector.