DNS Firewall Threat Feeds enable a regional healthcare provider to protect their networks, and ultimately their patients' data, from the rapidly changing cyber threat landscape, with minimum cost and effort.

Client profile

This case study follows a leading U.S. regional healthcare provider with more than 2,500 medical staff across approximately 90 primary care and ambulatory locations. Looking beyond today to what’s next, this provider has an innovative and multi-layered approach to healthcare, which flows throughout the business, including their security and network teams.

The initial challenge

Several years ago, this healthcare provider found that on email their domain was blocked regularly. This was as a result of a number of botnet-infected machines on their network. The healthcare provider’s Network and Security team turned to Border Gateway Protocol (BGP) feeds from Spamhaus to resolve the issue.

Diagram showing how Spamhaus Border Gateway Protocol Feeds work and help protect the network edge.
Data feeds disrupt communications between devices on your network and C&C servers, neutralizing botnet nodes.

The BGP feeds blocked the IP addresses of the infected devices that were trying to contact botnet Command & Control servers; stopping traffic between these devices. Immediately the email issues were resolved.

Another layer of security

Having experienced strong success with the BGP feeds, both in terms of results and costs, the same team was keen to see what other solutions Spamhaus had to offer. As their Senior Design Architect & Network Security Engineer explained, “One single product is not going to be the answer, it’s important to find complimentary products to your current infrastructure.” DNS Firewall was an obvious choice. “Its ‘set and forget’ format is a perfect fit for us” he added, “it allows us to focus on other issues.”

Implementing DNS Firewall

The regional healthcare provider benefits from real-time threat intelligence, at the DNS level. Rather than configuring their own DNS recursive servers, the team chose Spamhaus’s managed service. To ensure a seamless changeover, they switched one of their resolvers over to Spamhaus’s DNS Firewall resolver, while keeping the Google DNS resolver in place for several weeks, to ensure no issues arose.

To facilitate a smooth deployment, the regional healthcare provider had identified both business and technical owners, prior to the go-live, to gain business buy-in. As one of the provider’s Information Security Engineers explained: “Security is everyone’s problem and should be at the forefront of everyone’s mind.”

Is DNS Firewall working?

Recently a similar organization, within the same region, was subject to a high-profile ransomware attack. The victim healthcare provider had their systems shut down for five days and paid an undisclosed ransom.

Given the integrated nature of healthcare across the State, there was concern that the healthcare provider who was using Spamhaus’s DNS Firewall could have been hit by ransomware too. They didn’t experience any such attack. The Senior Design Architect & Network Security Engineer explained, “This is due to having a strong security strategy and the right security solutions in place, like DNS Firewall.”

Protection in the right places: 65% of blocked connections to the internet are in the ‘Cryptominer zone.’ This correlates with an article published by Forbes on the exponential increase in this kind of malware.

The charts below illustrate the significant increase in cryptominer malware that has been blocked on a regional healthcare provider’s network by DNS Firewall, comparing April 2018 to December 2018.

Charts to show what different threats were blocked by DNS Firewall between April 2018 and December 2018

Given the ever-changing cybersecurity landscape, leveraging the research expertise of Spamhaus ensures that they have the right threat intelligence immediately. This covers any potential knowledge gaps in cyber threats that may occasionally arise across small teams.

Reduction in workloads: Combining the DNS Firewall and BGP feeds has seen a vast decrease in the number of machines requiring re-imaging. The healthcare provider’s policy is to re-image a device once it’s identified as infected. With users no longer able to access bad domains the risk of becoming infected has dramatically reduced. This frees up onsite technicians to focus on other matters.

Best use of existing resources: This ‘set and forget’ solution is one of the best defenses available based on the team’s current resources, freeing them up to focus on other issues

One of the healthcare provider’s Information Security Engineers perfectly summed up the value DNS Firewall has brought them “There is no tech tool to repair reputation” they explained, “DNS Firewall has enabled us to keep our patient’s faith that their data is safe with us.  This confidence allows us to maintain ‘the charge’ in Healthcare.  Keeping our customers happy is key.”

Related Products

DNS Firewall Threat Feeds

Applied at the DNS level of your infrastructure, these threat feeds automatically stop users from accessing malicious sites including phishing and malware dropper websites.

These threat feeds can be integrated with existing recursive DNS servers, or for those who don’t manage their own DNS, we have a managed service available.

  • Reduce IT costs
  • Set and forget
  • Save money on risk insurance


Increased control and visibility for DNS Firewall users via the Customer Portal

16 December 2021


To streamline access to various aspects of our DNS Firewall service we’ve brought everything together in our customer portal.

Botnet Threat Report 2019

24 January 2020


Spamhaus Malware Labs identified a 71.5% increase in the number of botnet command & controllers in 2019. Find out who and what was driving that increase.

Take control of the ‘risk’ factor and choose your DNS Firewall Threat Feeds wisely

17 March 2019


When choosing DNS Firewall Threat Feeds its key to ensure you pick the right ones based on the relevant level of protection your business requires, otherwise you could be making things more tricky than they need to be.