Episode 10: Cybersecurity Where You Are

Hospitals in Need of Cybersecurity STAT!

The medical industry is an appealing target for cyber-attackers due to the vast personal information hospitals and facilities maintain. With one targeted effort, attackers can obtain anything from patient and employee medical and financial records to medical research and innovations. Records like these are more valuable for resale compared a simple credit card number.

In this edition of Cybersecurity Where You Are, host and CIS Chief Information Security Officer (CISO), Sean Atkinson welcomes guests John Riggi and Ed Mattison. Riggi is the Senior Advisor for Cybersecurity for the American Hospital Association (AHA) and Mattison is the Executive Vice President of Operations and Security Services at CIS. Together they discuss how hospitals and other medical facilities can protect themselves against cyber-attacks.

This week’s Cybersecurity Where You Are podcast highlights:

  • Why the medical industry is so appealing to attackers
  • The challenges of protecting medical facilities
  • How a defense-in-depth strategy plays a role in a hospital’s cybersecurity plan
  • Malicious Domain Blocking and Reporting (MDBR) for hospitals

Hospitals are Easy Targets

With an increase in technology used by the medical industry, there is an ever-growing need for hospitals and other medical facilities to protect themselves from cyberattacks. Phishing and ransomware are the most popular tactics used by attackers. They are easily executed and equate to large payouts. These activities are devastating for hospitals financially, and even worse, have led to full shut-downs of facilities that prevented them from providing care to its patients.

DiD starts with DNS

A defense-in-depth (DiD) strategy is a way to create layers of defense – if something gets through one layer, there are multiple opportunities to catch it down the line. It can also be a digestible means to get started with a cybersecurity plan without feeling overwhelmed. Domain name services (DNS) are used by anything and everything that go online. Using a secure DNS provider is an easy way of implementing protection on a large scale quickly and cost effectively.

Malicious Domain Blocking and Reporting for Hospitals

Most security frameworks are the entire picture and that picture can be overwhelming and costly. This may impact the adoption of a cybersecurity plan because it is just too complicated. CIS focused on the major threats that presented the highest risk and how to protect against them first. This process gave the biggest “bang for their buck” when it came to protection.

Malicious Domain Blocking and Reporting (MDBR) is a fully-managed proactive domain security service, with CIS and Akamai fully maintaining the systems required to provide the service. Once an organization points its DNS requests to Akamai’s DNS server IP addresses, every DNS lookup will be compared against a list of known and suspected malicious domains. Attempts to access known malicious domains associated with malware, phishing, ransomware, and other cyber threats will be blocked and logged. CIS, in partnership with Akamai, is offering the MDBR service AT NO COST to all public and private hospitals and related healthcare organizations in the United States. This service provides an additional layer of cybersecurity protection that is proven, effective, and easy to deploy.

Episode Resources

Visit the CIS Website https://www.cisecurity.org/
The American Hospital Association https://www.aha.org/
Learn more about MDBR for hospitals https://www.cisecurity.org/hospitals/