In an effort to increase accessibility to cybersecurity services for healthcare organizations, The Center for Internet Security (CIS) announced the expansion of its Malicious Domain Blocking and Reporting (MDBR) no-cost ransomware protection service to cover private hospitals in the United States, in a statement made by the nonprofit organization on February 17th.
According to Ed Mattison, Executive Vice President of CIS Operations and Security Services, “The CIS Board of Directors prioritized making MDBR service available to all public and private U.S. hospitals at no cost...CIS is fully funding this for private hospitals at no cost, and with no strings attached because it's the right thing to do and no one else is doing it at scale.”
The MDBR service, which already shields public hospitals, health departments, and other healthcare organizations with assistance from Akamai’s Enterprise Threat Protector edge security device, works to limit the impact of infections by preventing IT systems from connecting to harmful web domains, slowing or even stopping the spread of known malware, ransomware, and other cyber threats. The service can halt the majority of ransomware infections simply by preventing the initial connection to a domain known to deliver malicious code to compromised systems.
Ransomware attacks are a serious threat to any business, and the healthcare industry has been increasingly targeted by malicious hackers over the past several years. According to a 2020 report published by research firm Comparitech, ransomware attacks have impacted nearly 1,500 healthcare institutions nationwide since 2016, affecting over 6.6 million patients, causing downtime ranging from hours to weeks and even months, and resulting in an estimated $157 million in additional costs. A stolen healthcare record can be sold on the black market for upwards of $1,000, a value far beyond the reported $16.48 million demanded in ransom, making personally identifiable medical information an extremely lucrative target for malicious hackers.
By extending this powerful protection to private hospitals already facing resource limitations due to the ongoing pandemic, CIS is providing an effective way for organizations constrained by tightened revenue to prioritize cybersecurity when they might not otherwise have the resources to do so. In an industry that has until recently lagged behind others in securing patient data and digital infrastructure, this will serve as a valuable boost to hospitals looking for cost-effective ways to improve their cybersecurity posture.