Perhaps no part of industry has been stung by the scourge of ransomware over the past year than hospitals. Already overwhelmed and stretched to the breaking point by a raging pandemic, hospitals and healthcare facilities have also had to face the added chaos of locked IT systems, delayed care and substantial recovery costs.
The non-profit Center for Internet Security is seeking to lend a hand, pledging a $1 million investment to provide any private hospital with free ransomware protection in the form of malicious domain blocking and reporting services.
Public hospitals, health departments and healthcare organizations are already eligible for such services through membership in the Multi-State Information Sharing and Analysis Center, but a series of high-profile attacks on hospitals over the past year convinced CIS leadership and board of directors to expand the services to private hospitals as well. Josh Moulin, senior vice president at the non-profit, said that through the MS ISAC “we have a great deal of visibility over the type of attacks that are leveraged against our State, Local, Tribal and Territorial members and clearly ransomware has been on the rise in 2020.”
“The fact that healthcare organizations have had to delay patient care or in some cases even shut down while they deal with a ransomware attack really sparked an interest at CIS to look at what can we do as an organization to help hospitals across the nation combat these kind of attacks,” he told SC Media.
The services will be managed by CIS staff and a Domain Name System security platform is being provided through cybersecurity company Akamai. Moulin said after evaluating a number of different potential services, they determined that blocking and reporting malicious domains was both the easiest to implement and also proven, with over 1000 elections and state, local tribal and territorial governments already using them as members of different ISACs.
To implement it, hospitals must simply direct their DNS domains toward specially made IP addresses set up by Akamai, where the center can then implement its domain blocking policies. Such policies go beyond simple “allow or deny” lists common to policies like DMARC, and Moulin said it is also capable of detecting domain generated algorithms like the kind used in the SolarWinds attack and evaluate the reputation of a domain before accepting it. It will also allow private hospitals to take advantage of additional threat intelligence services from both Akamai and CIS.
According to the American Hospital Association, there are a total of 6,020 hospitals across the United States, including 2946 nongovernmental community hospitals and 1,233 investor-owned, for-profit hospitals. Moulin said the $1 million set aside for the program is enough to provide free services to all of them.
“We have seen a tremendous success of blocking malicious traffic with this solution, so to us it made complete sense to take a tried and true capability like this and provide it to hospitals, particularly during the pandemic as healthcare is under a tremendous amount of stress all across the board,” said Moulin.
Organizations interested in signing up for the services can do so through the Center for Internet Security’s website.