No-Cost Malicious Domain Blocking and Reporting for U.S. Hospitals


With the increasing industry shift to electronic health records and other digital technologies, cybersecurity has become a strategic priority for the healthcare industry. Cyber-attacks against hospitals and other healthcare facilities can put patient safety at risk by locking critical systems and records. In some cases, these attacks can result in patient care being delayed or cancelled. During the COVID-19 pandemic, ransomware has emerged as the largest cyber threat facing healthcare facilities, resulting in data theft and the disruption of healthcare services.


No-Cost Cyber Defense for U.S. Hospitals

The Center for Internet Security® (CIS®), in partnership with Akamai, is offering the Malicious Domain Blocking and Reporting (MDBR) service AT NO COST to all public and private hospitals and related healthcare organizations in the United States. This service provides an additional layer of cybersecurity protection that is proven, effective, and easy to deploy.

MDBR is a fully-managed proactive domain security service, with CIS and Akamai fully maintaining the systems required to provide the service. Once an organization points its DNS requests to Akamai’s DNS server IP addresses, every DNS lookup will be compared against a list of known and suspected malicious domains. Attempts to access known malicious domains associated with malware, phishing, ransomware, and other cyber threats will be blocked and logged.

The logged data is then provided by Akamai to CIS’s Security Operations Center (SOC). The SOC uses this data to perform detailed analysis and aggregate reporting for the benefit of the hospital community, as well as organization-specific reporting and intelligence services. If circumstances require, remediation assistance is provided for each organization that implements the service.


Four Benefits of MDBR

  1. Proactive Blocking – Limit infections related to known malware, ransomware, phishing, and other cyber threats.
  2. Proven Effective and Easy to Implement – Used by more than 1,000 U.S. State, Local, Tribal, and Territorial (SLTT) organizations since the middle of 2020, MDBR blocked more than 877 million requests for known and suspected malicious web domains in the first seven months.
  3. Won’t Interfere with Business Operations or Patient Care – In the first six months of the MDBR pilot, more than 99% of requests were identified as legitimate and business continued as usual without interruption to operations or customer experience.
  4. Cyber Threat Protection at No Cost – CIS and Akamai are offering this service at no cost to any and all of the following U.S. based healthcare organizations:
  • Independent hospitals
  • Multi-system hospitals
  • Hospital-based integrated health systems, meaning an organization, consisting of one or more hospitals plus at least one or more groups of physicians, that provides a continuum of care and that are connected to each other through joint ownership or joint management
  • Post-acute patient care facilities
  • Psychiatric, rehabilitation, or other specialty hospitals

Read the MDBR FAQ.

Cybersecurity as a Strategic Priority for Hospitals

This MDBR service is a highly effective and easy to implement way to protect hospitals against ransomware and other cyber threats, and we encourage all hospitals in the U.S. to sign-up at no cost.

Public U.S. Hospitals

Public hospitals in the U.S. are also eligible for membership in the Multi-State Information Sharing and Analysis Center (MS-ISAC). Members can receive access to the MDBR service at no cost through the MS-ISAC through September 23, 2023. Learn more.

Private U.S. Hospitals

Private hospitals that meet the criteria above are eligible to receive access to the MDBR service through CIS at no cost through December 31, 2022, after which, the service will transition to a fee-based offering. More information to come in the near future.