In today’s threat landscape, the healthcare industry continues to be a prime target for financially motivated attacks with more than half of all healthcare organizations experiencing a data breach or cyberattack that exposed protected health information.1  Pondurance analysts found the domain controller to be one common factor associated with large-scale attacks. Cyberattacks against healthcare organizations involving access to the domain controller pose a lot of potential risks including: 

  • Risk to revenue. 
  • Risk to medical research and other intellectual property.  
  • Risk to medical devices.  
  • Risk to HIPAA compliance and regulatory fines. 
  • Risk to reputation. 
  • Risk to legal exposure and remediation costs.

Compromises to the Domain Controller 

The domain controller is the heart of any distributed network, making it a valuable asset within any healthcare IT infrastructure.

As healthcare organizations continue on their path of digital transformation, they significantly broaden their attack surface. Some common ways attackers gain access to an organization’s network include:

  • Third parties and vendors.
  • Impersonation (phishing, social engineering, stolen credentials).
  • Medical devices and applications.

Email scams related to covid image

Protecting the Domain Controller

The healthcare industry is faced with a unique wave of challenges in defending itself from the rise in cyberattacks. The sophistication of attacks alone makes it extremely difficult to continuously protect a domain controller from compromise. While there is no silver bullet to stop bad actors from gaining access to the domain administrator or enterprise administrator privileges, healthcare organizations can follow the recommendations below to help prevent access to the domain controller: 

  • Ensure that multifactor authentication is enabled on compatible protocols.
  • Maintain domain controllers and any applications running with supported release versions and ensure they are patched. 
  • If remote desktop protocol is enabled, ensure there are compensating controls associated with it.
  • Implement an email defense filtering system, combined with URL/IP blocking outbound capabilities.
  • Ensure adequate protections are enabled for a server message block.
  • Monitor and analyze logs to ensure in-depth 360-degree visibility is properly implemented.
  • Separate the use of local system administration from domain administration.
  • Monitor your healthcare IT security and infrastructure, medical devices and domain controller at system and application log levels. 
  • Encrypt endpoints. 

Healthcare organizations are faced with unique challenges that affect critical departments within their ecosystem. While completely eliminating cyberattacks may not be realistic, healthcare organizations should focus on maturing their cybersecurity and healthcare IT security programs. Constant monitoring of the domain controller at system and application log levels is critical in responding to malicious activity. Learn more about protecting your healthcare organization in our whitepaper, Protecting the Heart of Your Healthcare Network: The Domain Controller. 


  1. 53% of Healthcare Organizations Have Experienced a PHI Breach in the Past 12 Months, HIPAA Journal, March 9, 2020.
  2. COVID cybercrime: 10 disturbing statistics to keep you awake tonight, ZDNet, September 14, 2020.