Cybersecurity is now an integral part of veterinary Practice. It is hard to imagine that, a few years ago, cybersecurity was not among the list of priorities for veterinary hospitals. However, the past few years have reminded us why being extra careful while using technology can determine your success in the field of veterinary services.
The growing number of data compromises in the industry calls for a deeper understanding of the core issues that results in insecure systems that can easily be compromised. Some of these threats posing a challenge to veterinary hospitals are as follows:
Old and outdated equipment
Security risk caused by failure to update your hardware may result in a compromised system by unauthorized people. Old hardware systems are also not able to support new and updated software. The result is users are not able to upgrade to newer versions of software that come with new improved security features or after updating to new software, they end up still being vulnerable as some of the features of the software are not compatible with the hardware system.
To avoid this, practice owners and managers should always ensure that their hardware is up to date. They should also consult with Lucca to evaluate any security vulnerabilities in their computer hardware they might have. This will ensure that their systems are protected at all times.
Malware
This is one of the most common forms of computer attack in the last few years. Malware is small pieces of software installed on your computer stealthily by hackers or malicious people who want to compromise your hospital network. This software, without your knowledge, are able to gather important information about you such as your credit card information, read your emails, and even send session data on your computer such as logged-in accounts to unauthorized users that are compromising your system.
Hackers may target a practice owner, who they think may have valuable information that they think might be of monetary value. Veterinary hospitals can also be targeted for the same, and history shows how this can be devastating in case of such an attack.
One case study is the National Health Services (NHS) attack in the UK in 2017. The attack involved a malware known as WannaCry that had the ability to take over a computer system and lock hospital staff out of the system. This resulted in a complete shutdown of the system, affecting tens of thousands of people in the UK that needed hospitals. The attack and its consequences also lasted for days, resulting in many failing to get services that they needed across the country.
Therefore, veterinary hospitals and staff need to ensure that they consult Lucca to ensure their security is not compromised. In case one suspects that they have been compromised, it is also important to seek professional help to help remedy the damage done by hackers.
Bad data backup strategies
Data backup should come in handy for any large organization such as a veterinary hospital. However, that is not always the case, with many hospitals failing to create backups for their data. In case of an emergency such as fire or water spillage that results in computer systems being destroyed, these hospitals cannot come out of that mess because the computers are destroyed together with the data.
No backup means that any client information or personal information you might have saved on your computer is lost forever. The loss of data may have financial and legal implications as clients, especially those who are your regular clients, become frustrated with data loss.
Worse still is employing bad data backup strategies that do not guarantee the safety of your practice data. A sound backup system should not be physically accessible to unauthorized persons, as this would result in unauthorized access of data by people who don’t have permission to do so. This may also cause a cybersecurity threat to veterinary hospitals. The only way to ensure that does not happen is to work closely with Lucca to ensure that your data is always protected and backed up correctly.
Phishing attacks through mail
Phishing attacks involve attackers pretending to be a trusted contact and sending you emails or texts that contain links to malicious websites, content, and software such as malware and viruses.
Phishing attacks are some of the most successful ways of attacking an establishment currently available to hackers. Just last year alone, data from the US cybersecurity experts indicated that phishing contributed to a damage of $12 billion dollars.
One of the most common methods of attack involves applying for jobs and then rather than sending resumes, attackers are able to send programs or links to malicious sites, which they then use to attack a business establishment. For unsuspecting veterinary hospitals, they work in, it is very easy to trust these files as just people applying for jobs. However, the end result is always attackers trying to gain access to unauthorized data and extort these hospitals’ money in case they want their data back or just deleting the data for malicious reasons.
Weak passwords
One of the most common ways that attackers gain access to systems is using correct passwords and usernames. This may seem like a daunting task for hackers, but they have software that can crack passwords within hours if they have your email and gain access to your system, especially if a user has a weak email that only contains small letters, with no capital letters, a number or a special character. There are complete compromised email and password lists that can be downloaded from the internet. Will any of your accounts be on that list?
This is why it is important for systems being used in veterinary hospitals to have a requirement that must be met when setting up passwords. A condition such as ‘ your password must contain upper case and lower cases, a number and at least one special character & rotate every 90 days, would go a long way in ensuring your system is not easy to compromised.
Hospitals should also consult IT experts to ensure that their databases cannot be easily compromised by methods such as SQL injections that can compromise the entire data in the practice management system. This also falls under the category of weak passwords since hackers are able to override the logging systems and access data that they are unauthorized to access.
Bring Your Own Device Policy (BYOD)
This is one of the riskiest policies that a veterinary hospital can implement. Yes, it saves money and might seem like the right thing to do in the short term, but in the long run, it can end up costing more than what hospitals are trying to save.
The policy involves allowing staff members to use their laptops or computers to access the hospital network. They are also allowed to leave with their devices out of the hospital premises without being scrutinized and return with these devices the next day.
Not only does this give physical access to hackers who may see a weakness in the security system, but it also makes it easy for unwanted software to make their way to computer networks without the device owners knowing through malicious malware being installed on their computer unknowingly after clicking a link in the email.
It is recommended that veterinary hospitals restrict the devices that can access their network, reducing the risks involved in becoming compromised.
Cyber espionage
Having an online presence is very important for any organization, more so in this decade when most people are now able to find organizations and hospital locations through the internet. However, there is still a risk cybersecurity threat involved in exposing yourself to online platforms or paying your cloud services and running your platforms to manage your users.
Malicious internet users are always scrounging the internet in search of valuable information that can be used for monetary value. In cyber-espionage, your accounts, such as social media sites being hacked and accessed and used to spread malicious information that damage your reputation, are the biggest risk you would face.
Therefore, it is important to keep in mind that, even if a veterinary hospital is in need of public relations through the internet, they are exposing themselves to cybersecurity threats, and therefore, before engaging in such moves, it is important to consult Lucca to help them in making decisions on the best approach they can use.
Social engineering
Almost every IT experts agree that the weakest link in strong computer systems and networks is humans. In most of the high profile hacking in history, the data compromise was not as a result of a hacker sitting behind a computer and coming up with software that can break every computer system and network, it was done by humans, either through coercion, negligence or betrayal.
Recent hacks such as Wikileaks, Edward Snowden leaks and even the recent Twitter hack that compromised high profile Twitter accounts such as the Elon Musk accounts for bitcoin scam involved some form of social engineering mastery.
Unfortunately, social engineering hacks are the least detectable and therefore, they are hard to catch before they strike. The most important thing you can do is hire Lucca to help you decide how access to information should be given. Ensuring that staff members have different access to information depending on where one works would minimize the impact of social engineering attacks.
Ransomware attacks
These are malware attacks specialized in hijacking computer systems and asking for payments to release the compromised data. They can encrypt an entire system, denying users the ability to access their computers, and then demand them to make payments or they will lose all their data.
Ransomware attacks have become in recent years, with many organizations reporting such attacks in the last few months. Veterinary hospitals should ensure that their computers have AI & machine learning based protection installed in their systems that are able to catch most of these security risks. They should also contact Lucca to do a full audit of their network to ensure that they are not compromised.
Clint Latham J.D.
Lucca Veterinary Data Security
Get our eBook 5 Simple Steps to Protect your Practice for FREE!