Ransomware attacks sense the beginning of the COVID19 pandemic have reached staggering levels. Over 30,000 businesses are attacked each day in the U.S. The rise in work from home models as well as the vulnerability of global economies in crisis has created and open season for cybercriminals. No veterinary practice big or small is safe. As we saw with NVA’s 400 hospitals being attacked last winter.
The good news: There are ways to protect your veterinary practice data against ransomware attacks. Here are nine tips to help boost resilience to cyber attacks:
Conduct a security risk assessment. Understand potential security threats (e.g., downtime from ransomware) and the impact they may have on your veterinary hospital (lost revenue). Use this information to shape a security strategy that meets your specific needs. You can’t properly protect your practice if you don’t know where your gaps are.
Train your employees. Because cybersecurity threats are constantly evolving, an ongoing training plan should be implemented for all employees. This should include examples of threats, as well as instruction on security best practices (e.g., lock laptops when away from your desk). It is also important to provide a culture in your veterinary hospital that employees feel safe to inform you that they may have been compromised. So many practices could have mitigated their damages if they would have acted minutes sooner. Make sure your employees feel safe to come to you.
Protect your network and devices. Implement a password policy that requires strong passwords and monitor your employee accounts for breach intel through dark web monitoring. (lets get away from having all our passwords written on sticky notes and pasted all over the veterinary hospital) Deploy firewall, VPN, and antivirus technologies to ensure your veterinary practice computers are not vulnerable to attacks. Implement mandatory multi-factor authentication on all your key accounts; bank accounts, accounting software, DEA Drug management sites etc. Ongoing network monitoring should also be considered essential. It’s also critical to encrypt hard drives.
Keep software up to date. Be vigilant about software update management. Cyber criminals exploit software vulnerabilities using a variety of tactics to gain access to computers and data. There are ways you can automate this for your veterinary practice to minimize the impact on business operations. Do not forget to keep your mobile phones up to date as well.
Create straightforward cybersecurity policies. Write and distribute a clear set of rules and instructions on cybersecurity practices for employees. Use policies for social media, what activity is deemed appropriate on company computers. Make sure you have a separate wifi for employees to connect their personal devices to. You want to make sure you isolate that traffic from the business network traffic.
Back up your data. Hourly backups are a requirement to recover from data corruption or loss resulting from security breaches for your practice management system. Consider using a data protection tool that takes incremental backups of data periodically throughout the day to prevent data loss.
Enable uptime. Choose a powerful backup solution that enables “instant recovery” of data and applications. Practice management downtime can significantly impact your practice’s ability to generate revenue. Can your veterinary hospital afford downtime costs that are 23X greater (up by 200% year-over-year) than the average ransom requested in 2019?
Know where your data resides. The more places data exists, the more likely it is that unauthorized individuals will be able to access it. Think practice management systems, quickbooks, PACs servers, Dental rads, Office 365 or Gsuite email, cloud file sharing etc. Use data discovery tools to find and appropriately secure data along with business-class Software-as-a-Service (SaaS) applications that allow for a centrally managed control of your hospital’s data.
Control access to computers. Make sure your staff has the least amount of access privilege available for them to properly do their day to day work. We see constantly with a lot of the practice management systems support teams disabling firewalls and making you staff member accounts administrators on the computer. Not only does limiting their access rights prevent them from installing unwanted games or file sharing applications. If a hacker compromises their account the hacker will have very limited rights to compromise your network.
The best defense is a good offense and that’s why developing a robust, multi-layered cybersecurity strategy can save your veterinary hospital.
Clint Latham J.D.
Lucca Veterinary Data Security
Sources: Datto inc