Healthcare provider increases network and patient data protection with DNS Firewall

Client profile

This case study follows a leading U.S. regional healthcare provider with more than 2,500 medical staff across approximately 90 primary care and ambulatory locations. Looking beyond today to what’s next, this provider has an innovative and multi-layered approach to healthcare, which flows throughout the business, including their security and network teams.

The initial challenge

Several years ago, this healthcare provider found that on email their domain was blocked regularly. This was as a result of a number of botnet-infected machines on their network. The healthcare provider’s Network and Security team turned to Border Gateway Protocol (BGP) feeds from Spamhaus to resolve the issue.

The BGP feeds blocked the IP addresses of the infected devices that were trying to contact botnet Command & Control servers; stopping traffic between these devices. Immediately the email issues were resolved.

Another layer of security

Having experienced strong success with the BGP feeds, both in terms of results and costs, the same team was keen to see what other solutions Spamhaus had to offer. As their Senior Design Architect & Network Security Engineer explained, “One single product is not going to be the answer, it’s important to find complimentary products to your current infrastructure.” DNS Firewall was an obvious choice. “Its ‘set and forget’ format is a perfect fit for us” he added, “it allows us to focus on other issues.”

Implementing DNS Firewall

The regional healthcare provider benefits from real-time threat intelligence, at the DNS level. Rather than configuring their own DNS recursive servers, the team chose Spamhaus’s managed service. To ensure a seamless changeover, they switched one of their resolvers over to Spamhaus’s DNS Firewall resolver, while keeping the Google DNS resolver in place for several weeks, to ensure no issues arose.

To facilitate a smooth deployment, the regional healthcare provider had identified both business and technical owners, prior to the go-live, to gain business buy-in. As one of the provider’s Information Security Engineers explained: “Security is everyone’s problem and should be at the forefront of everyone’s mind.”

Is DNS Firewall working?

Recently a similar organization, within the same region, was subject to a high-profile ransomware attack. The victim healthcare provider had their systems shut down for five days and paid an undisclosed ransom.

Given the integrated nature of healthcare across the State, there was concern that the healthcare provider who was using Spamhaus’s DNS Firewall could have been hit by ransomware too. They didn’t experience any such attack. The Senior Design Architect & Network Security Engineer explained, “This is due to having a strong security strategy and the right security solutions in place, like DNS Firewall.”

Protection in the right places: 65% of blocked connections to the internet are in the ‘Cryptominer zone.’ This correlates with an article published by Forbes on the exponential increase in this kind of malware.

The charts below illustrate the significant increase in cryptominer malware that has been blocked on a regional healthcare provider’s network by DNS Firewall, comparing April 2018 to December 2018.

Given the ever-changing cybersecurity landscape, leveraging the research expertise of Spamhaus ensures that they have the right threat intelligence immediately. This covers any potential knowledge gaps in cyber threats that may occasionally arise across small teams.

Reduction in workloads: Combining the DNS Firewall and BGP feeds has seen a vast decrease in the number of machines requiring re-imaging. The healthcare provider’s policy is to re-image a device once it’s identified as infected. With users no longer able to access bad domains the risk of becoming infected has dramatically reduced. This frees up onsite technicians to focus on other matters.

Best use of existing resources: This ‘set and forget’ solution is one of the best defenses available based on the team’s current resources, freeing them up to focus on other issues

One of the healthcare provider’s Information Security Engineers perfectly summed up the value DNS Firewall has brought them “There is no tech tool to repair reputation” they explained, “DNS Firewall has enabled us to keep our patient’s faith that their data is safe with us.  This confidence allows us to maintain ‘the charge’ in Healthcare.  Keeping our customers happy is key.”