Purpose of this paper

We examine external DNS management as a known, and under-addressed vulnerability among healthcare providers. Our observations are:

  1. The DNS is a principal threat vector, enabling cyber-attackers in healthcare.
  2. Compliance standards for external DNS management are inconsistently followed by healthcare providers.
  3. DNS management best practices can mitigate healthcare cyber-risk.

The analysis follows four discussion areas and related DNS best practices.

The Current State of IT Security Threats and Compliance in Healthcare

Few sectors are as focused on IT security compliance as healthcare. It’s a nexus of sensitive patient data intersecting with payment authorities, insurance companies and other stakeholders.

Healthcare is the most attacked sector

Healthcare providers are collectively the most cyber-attacked sector in North America, recently surpassing Banking & Finance.  

…34.9% of cyberattacks occurred in health care, …, making it the most attacked sector for the second year in a row—most likely due to the heavy regulations surrounding Personal Health Information (PHI) that have only attracted more attention from hackers. The report also highlighted a lack of budget, outdated software, and the ability to remotely share personal data between patients and hospital systems as avenues for hackers to gain access to sensitive data.”

Dozens of other public reports corroborate the state of cyber compromises faced by the healthcare sector.