CIS launches no-cost ransomware service for U.S. hospitals
The nonprofit Center for Internet Security announced this week that it had launched a no-cost ransomware protection service for private hospitals in the United States.
The Malicious Domain Blocking and Reporting service, which is already available for public hospitals, health departments and healthcare organizations, uses Enterprise Threat Protector software from the cybersecurity vendor Akamai to proactively identify, block and mitigate targeted threats.
"The COVID-19 pandemic has made hospitals an even larger target for malicious cyber threats than they were already," said Ed Mattison, executive vice president of CIS Operations and Security Services, in a statement.
"Our nonprofit status and mission focus enable us to offer this service at no cost and at scale to any hospital or system that can benefit from it," he added.
WHY IT MATTERS
The no-cost service is already being offered to public hospitals, health departments and healthcare organizations through the Multi-State Information Sharing and Analysis Center.
The MS-ISAC, which is funded by the U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, aims to improve the overall cybersecurity posture of the nation's state, local, tribal and territorial governments.
According to CIS, more than 1,000 government organizations have successfully used MDBR through the MS-ISAC. CIS reports that the MDBR service has blocked more than 748 million requests for known and suspected malicious web domains since its inception.
CIS and Akamai are now offering the service to independent hospitals, multi-hospital systems, hospital-based integrated health systems, post-acute patient care facilities and specialty hospitals based in the United States.
"Once an organization points its DNS requests to Akamai’s DNS server IP addresses, every DNS lookup will be compared against a list of known and suspected malicious domains. Attempts to access known malicious domains associated with malware, phishing, ransomware, and other cyber threats will be blocked and logged," explained a post on the CIS website.
"CIS is fully funding this for private hospitals at no cost, and with no strings attached, because it’s the right thing to do, and no one else is doing it at scale," said Mattison.
THE LARGER TREND
As Mattison pointed out, hospitals and health systems have been hit by a deluge of ransomware attacks since the start of the COVID-19 crisis.
The cybersecurity software vendor VMware Carbon Black found that there were 239.4 million attempted cyberattacks targeting its healthcare customers in 2020, noting that it had seen ransomware "go mainstream."
Cybersecurity experts have repeatedly stressed the importance of a strong defense, noting that preparation and employee training are paramount.
"While there is no way to totally prevent the threat of ransomware, organizations can stop ransomware attempts from impacting their business by implementing a multilayered security approach to thwart future threats," Anthony Chadd, senior vice president of security business development at Neustar, said in September.
ON THE RECORD
"Protecting the U.S. healthcare system against prevalent cyber threats should be viewed as a patient safety, enterprise risk and strategic priority," said Mattison. "Proven cybersecurity defenses should be installed into existing enterprise, risk management, governance and business-continuity frameworks."