Skip to main content
Cyber News

Leaking personal data by ransomware groups, a threat to veterinary practices

By September 15, 2021June 9th, 2022No Comments

Ransomware attacks continue to be a thorn in the flesh for veterinary practices that have been under constant attacks from cybercriminals in the last few months, with most of these attacks being motivated by money.

Cybercriminals have adopted a multipronged ransomware attack approach that involves stealing victims’ data before encrypting computer systems. Victims are then threatened with data leaks if the payment is not made, and in most instances, cybercriminals end up posting unauthorized data on their pages after failing to get payments.

Leaking personal data

A recent report by NBC highlighting the extent to which ransomware cybercriminals were willing to go to extort money from their victims puts into perspective how much data they are willing to leak in order to have their clients pay the ransom.

The report investigated school cybersecurity compromises that had exposed children’s data to hackers. The data was leaked by these cybercriminals on various dark web pages with the aim of extorting their victims’ money or selling it to other cybercriminals who mostly use personal information for identity thefts or to commit fraud.

What makes the report mind-boggling is the fact that cybercriminals understand that children in K-12 do not have credit cards, bank passwords, credit scores, or any financial data that can be compromised and help them make money. However, they understand that any data is valuable, especially if it contains personal information and can be used for other activities that are just as profitable.

According to the NBC investigation, ransomware groups had successfully published data from more than 1,200 K-12 schools across the US, with many being unaware that their data had been compromised.

Some of the personal data that was found to have been leaked about students included students’ medical conditions and the financial health of their families. Ransomware gangs were also publishing other datasets such as students’ social security numbers, dates of births, immigration statuses, race and gender of students.

Parents of the students whose data was leaked also had no avenue to correct the mistakes or get their children’s data off the dark web. Some schools whose security had been compromised also were not aware that their data had been leaked on the internet and were surprised when they were contacted about the leaks.

What the report means for veterinary practices

In recent years, veterinary practices have come under attack from ransomware groups, and in most circumstances, they have ended up stealing data and using it to extort these practices a ransom.

The cybersecurity industry has long held the belief that cybercriminals were only interested in data that directly contributed to their coffers and advanced their agenda. However, the recent report on school data leaks by ransomware groups sheds new light and provides a new perspective about motivations for leaking data.

The report is an indication that no data is minuscule for cybercriminals to ignore. Considering that the students’ data had no direct way of benefiting these cybercriminal groups financially, their motivation for the leaks could have stemmed from their urge to cause havoc with no long-term financial goals.

This was evident from the fact that these cybercriminals, in some instances, did not even contact the schools they had compromised to ask for ransom before and after publishing personal data.

The leaked student data also highlighted how third-party users are affected without their knowledge. In some of these cybersecurity compromises, the school used third parties to store their data, and once these third parties were compromised and asked for ransom, they did not disclose the security issue with the school.

As veterinary practices, third-party data storage or sharing of clients’ data with others in the industry is costly. It involves trusting that if these third-party data storage centers are compromised, you will be informed. However, as the school data leaks have shown, most third parties fail to disclose cybersecurity compromises in fear of losing clients.

What to do to protect veterinary practices against personal data leak

 Protecting clients’ data should be a priority for all veterinary practices. To prevent cyberattacks, proper cybersecurity measures should be implemented.

Having antimalware or an antivirus installed on your veterinary practice computers can help prevent these attacks that result in stealing and leaking of data. The software can also protect you from ransomware that have been distributed through malicious sites, phishing campaigns and infected websites.

Veterinary practices also need to have strong password policies that are hard to crack or guess. Implementing a two-factor authentication can also go a long way in ensuring that unauthorized persons cannot access your data. Staff training can also help in the reduction of ransomware attacks that result in data leakage.

Want to reduce the worry about your cyber security defenses?

Schedule a FREE call to see how the Lucca Cyber Security Suite can keep you protected!