CIS Offers All US Hospitals Free Ransomware Protection Service

February 23, 2021 - Private hospitals in need of ransomware assistance can now leverage a free malicious domain blocking and reporting (MDBR) service from the Center for Internet Security and Akamai, offered through a no-cost Multi-State Information Sharing & Analysis Center (MS-ISAC) membership.

CIS is a nonprofit focused on best practice solutions for cyber defense and community outreach, while Akamai is the DNS vendor chosen for the MDBR service.

MS-ISAC is a division of the Department of Homeland Security Cybersecurity and Infrastructure Security Agency. Its free ransomware service tool was previously offered to federal, local, and other public health entities.

More than 1,000 US state, local, tribal, and territorial government entities already employ the tool.

“CIS is fully funding this service for all private hospitals in the U.S. as part of its nonprofit mission to make the connected world a safer place,” officials said in a statement. 

“Protecting the US healthcare system against prevalent cyber threats should be viewed as a patient safety, enterprise risk, and strategic priority," Ed Mattison, executive vice president of CIS Operations and Security Services, said in a statement. "Proven cybersecurity defenses should be installed into existing enterprise, risk management, governance, and business-continuity frameworks."

The free service is enabled by a $1 million investment of CIS funds for private hospitals this year.

The tool has already blocked 95.56 percent of all malware attacks and 3.01 percent of phishing attacks on the MS-ISAC’s public health members, as of January 31. In December, the service stopped at least nine ransomware domain instances across nine public health entities already leveraging the MS-ISAC.

Across all sectors, the service has blocked over 748 million requests from known and suspected malicious web domains since the beginning of this year.

As previously reported, ransomware attacks on healthcare have drastically increased in their sophistication and intensity over the last year, which is expected to continue into 2021.

In recent weeks, the data of multiple healthcare providers has been leaked online by ransomware hackers, while at least two providers are continuing to respond to cyberattacks and operating under EHR downtime procedures.

But many healthcare organizations are struggling to keep pace with the threat. By offering a no-cost ransomware service, the hope is to provide these struggling healthcare entities with much-needed support.

The MDBR prevents IT systems from connecting to harmful web domains, which can help limit infections tied to known malware, ransomware, and phishing threats.

“This capability can block the vast majority of ransomware infections just by preventing the initial outreach to a ransomware delivery domain,“ officials explained. “MDBR proactively blocks network traffic from an organization to known harmful web domains, helping protect IT systems against cybersecurity threats.”

“Once an organization points its domain name system (DNS) requests to Akamai’s DNS server IP addresses (primary and secondary), every DNS lookup will be compared against a list of known and suspected malicious domains,” they added.

As a result, any attempt to access known malicious domains, including those related to malware, ransomware, and other risks will be blocked and logged. And any accepted and blocked DNS request logs will be stored for a 30-day period.

Further, CIS has offered to provide weekly reporting to each participating healthcare entitiy on both accepted and blocked requests. Its researchers will also assist in remediation wherever needed.

CIS officials noted that the tool can be integrated into existing systems with reletively minimal effort, and the only requirement to access the service is to configure the enterprise local forwarders for DNS inquiries to the Akamai primary and secondary recursor DNS servers.

Given the dozens of healthcare providers that have fallen victim to ransomware in the last few months, the service could help support healthcare enterprises struggling to keep pace with the current landscape.

“CIS is fully funding this for private hospitals at no cost, and with no strings attached because it’s the right thing to do and no one else is doing it at scale," said Mattison, in a statement.

"While other commercial cybersecurity organizations are certainly supporting hospitals and hospital systems, our nonprofit status and mission focus enable us to offer this service at no cost and at scale to any hospital or system that can benefit from it," he concluded.