Supply chain attacks, also referred to as value chain or third-party attacks, are a new kind of cyber attack that are handicapping veterinary practices ability to keep their systems safe. The new modus operandi involves cyber criminals compromising trusted software vendors and outside veterinary practice partners and compromising their products before they are acquired by a veterinary practice.
The goal of supply chain attacks is to access source codes, build processes, or update mechanisms of software that are supplied to veterinary practices. Upon getting their hands on these tools, cyber criminals then infect the legitimate software and apps with malware and rootkits.
The legitimate software is then distributed by the software vendors unbeknownst to them, that they might be distributing malware implanted by cyber criminals in their systems.
Case study of supply chain attacks on veterinary practices:
Supply chain attacks have been used by cyber criminals to target and compromise veterinary practices in the past. These attacks gained a considerable amount of news coverage due to the impact and damage they caused to practices around the world. Here is a look at some of these attacks, and what we can learn from them.
The NVA attack
To date, the National Veterinary Associates (NVA) remains one of the largest veterinary practice attacks in US history. The attack spread to over 400 clinics across the country, compromising patient records, payroll systems and practice management systems.
It took weeks for the California-based company to fully recover from the attack. However, its impact on veterinary practice will reverberate on the industry for years and act as a point of reference on how such an attack can be consequential to a practice.
Supply chain attack blamed
Every news outlet that carried the story indicated that the attack was a result of ransomware called Ryuk ransomware. NVA had indicated that it discovered that they were under attack on October 27th, 2019, and contracted independent outside contractors to solve the issue.
However, what many failed to point out is how the ransomware penetrated the NVA systems and spread to over 400 clinics before being discovered and dealt with. There was also no official report on whether the company paid the cyber criminals.
According to NVA head of technology Greg Hartmann, the attacks resulted from a supply chain attack.
In an internal report written by Hartmann, he indicated that the ransomware found its way into the system through accounts that were not affiliated with the firm but unfortunately, had access to their network.
He continued by stating that upon discovering the compromise, they initiated procedures to curb the spread of the ransomware, but unfortunately, it had already spread to over 400 veterinary practices.
The admission by Hartmann shows that cyber criminals were able to compromise software vendors who supplied solutions that were being used by the firm on their network. It also showed that immediately the hackers gained access to the system, they struck, causing irreparable damage to the firm.
What the attack means for other veterinary practices
The compromise of NVA offers a valuable lesson to veterinary practices across the country to always make sure they are dealing with trusted vendors.
NVA is large, with a huge budget allocated to keeping their systems safe. Cyber criminals knew the odds they were dealing with if they had decided to attack the veterinary practice directly. They knew that they were more likely to fail.
However, by compromising trusted vendors, they were able to gain access to their networks through the supply chain attack, resulting in massive damages.
As practice owners, ensuring that all our IT software vendors and software are audited and certified that they do not pose security risks to our practice should be a priority. NVA failed to do that, and their systems were compromised.
Solarwinds supply chain attack
If you run a veterinary practice that employs network performance monitors to their networks in order to optimize their performance, chances are you are using products developed by Solarwinds.
Solarwinds specializes in providing IT solutions for network management, systems management, IT security, Database management and it is also a managed service provider.
Practice owners focused on keeping their security and networks running optimally, therefore, may have heard of the services provided by the company. However, it is the latest attack on Solarwinds that has put many veterinary practices on edge.
Supply chain attack blamed
A group of hackers believed to from Russia were able to compromise and gain access to Solarwinds solutions, implant their own code, which was then integrated into the newest version of Solarwind software as an update. When systems that use SolarWinds on their network updated their software, the malware found its way to their network.
Although this attack was majorly targeted to governments and large institutions, veterinary practices were also not left behind and found themselves amidst a large-scale cyber attack on the US security systems by international cyber criminals.
The fallout from the attack
The attack on SolarWinds offers us an insight into just how difficult it is to control and catch supply chain attacks. As veterinary practitioners, we would be mistaken to believe that, for a firm that supply network security to Fortune 500 firms and the military, they would at least be able to detect the insertion of foreign code on their systems and deal with it to avoid large scale attack such as the SolarWind attack.
However, the case of the Solarwind attack has shown us just how vulnerable the systems can be, and as practice owners, we should put in place measures to bring our system back up in case we are attacked. This will help us avoid losing data or having to pay ransomware for our data to be released.
Don’t have a target on your back
Are you worried about your risk? Do you know what parts of your hospital are at greatest risk for a cyber attack? Well Lucca Veterinary Data Security can help. Schedule a FREE consultation call to see how a Lucca Cyber Security Audit can help to keep your practice safe. More importantly remove the target that is on you back.