A Guide to Top Cybersecurity Risks During Cloud Migrations For Veterinary Practices

Cloud Migration Cedes Control to Cloud Service Providers

One of the reasons that most practice owners chose cloud service over in-house IT infrastructure is due to the level of competency and security assurance that most cloud service providers guarantee. Unfortunately, the ceding of control of critical tasks, such as managing data centers, also poses a huge security threat to veterinary practices.

By agreeing to use cloud services, you also agree to be dependent on their policies and procedures, the monitoring of your data, and reporting of the performance of the systems you use. Therefore, despite having a shared responsibility with the cloud service providers in keeping your clients’ data safe, practice owners operate with less flexibility, where they are prohibited from carrying out cybersecurity checkups such as penetration testing, vulnerability assessment, and other cybersecurity procedures that can assure them that their data is safe.

In some cases, you may find cloud service providers have a policy that allows them to own all or part of your data. In such cases, termination of services with these cloud services can mean losing your clients or staff's data. In these situations, it is also not uncommon to find some providers terminating the services of their clients without providing a way for them to retrieve the data.

Solution: To avoid getting into a contract with a cloud service provider that puts your veterinary practice’s data at risk, it is your responsibility to do thorough research when migrating to ensure that their policies align with your cybersecurity goals. Practice owners should also ensure that the shared responsibility model does not disadvantage them, and in case of service termination, they reserve the right to their data.

Over-Reliance on Cloud Service Providers

In cases where practice owners use only one service provider for their data, they tend to be overly reliant on their providers on matters such as security requirements of their platform, architecture-based threats, regulatory standards, and the level of control in mitigating cybersecurity risk factors. Unfortunately, over-reliance is also a security threat to their veterinary practices.

For instance, if your cloud service operates as a Software as a Service (SaaS) business, they will be the ones who provide you with the schema for your data, all the software your veterinary practice needs, and, more likely, handle your cybersecurity. Therefore, if at one point they are compromised, you will not have access to your database. You will also not be able to access backup to your data if it is available. Also, switching your cloud providers is likely to have unintended consequences, including not getting the data from your old providers.

Solution: To solve this problem, practice owners need to do due diligence when migrating to cloud services. One of the reasons why problems start to arise after the migration is mostly due to the over-promise of services they are subscribing to, which in most cases end up being substandard. Consulting a cybersecurity expert before migration can also help in addressing this problem, as they will be able to evaluate the providers, run tests on the network, and also address burning issues such as ownership of data saved in these cloud services.

Insider Threats

When subscribing to a cloud service, there is a high level of trust that is involved. Practice owners expect the service providers to be trustworthy in maintaining the data integrity and security of their veterinary practices.

However, even without cybercriminals attacking veterinary practices or these cloud service providers, the risk of an insider job meant to compromise your data is still real. For instance, your data can be sold to competitors who run their own veterinary practices, which can pose a threat to your model of business operations.

Based on data from research done by Verizon Data Breach Investigations Report, 20 percent of all cybersecurity incidents result from insider threats. Therefore, even as practice owners migrate to cloud services, they need to keep in mind that a data breach may be caused by an insider rather than cyber criminals.

Solution: As seen above, insider threat remains a huge risk in migrating your data into cloud services. Therefore, even as you migrate, it is important to take extra steps to ensure your data is safe in the cloud service you are using. This can be done by researching potential cloud services, creating a backup for your data, asking for full control of your data from your cloud service providers, and also using a cybersecurity expert to audit your data and the cloud service provider you are using.

Data Deletion

Unfortunately, your cloud data can be deleted due to a number of reasons, including forgetting to pay on time, malicious acts from cyber criminals, and criminal mischief from insider threats. When this happens, practice owners are left powerless, and in most cases, they are not able to recover their client’s data.

Solution: Data backups should be available to practice owners at all times. Cloud service providers should also have backups for their client’s data. It is also important for practice owners to take a proactive role in their cybersecurity by ensuring they manually save their data in case of service termination that results in their data being deleted without getting notified.

Legal Risks

There are many legal risks involved with a migration to cloud computing, including the risk of civil lawsuits arising from data disclosure, compliance with local data protection laws where data centers are located, data jurisdiction problems, and data breach laws.

Therefore, it is important to know where your data servers are located before subscribing to a cloud service provider. Knowing data location can also help you increase the speed and response of your IT services.

Solution: As indicated above, knowing where your data is stored is an important step in addressing problems that might arise if your client’s data is compromised. It is important to note that, in some cases, your cloud provider may be protected by laws of where the data centers are located, despite being responsible for the data breach that compromises your veterinary practice. Therefore, having a cybersecurity expert who is able to research your cloud service and make recommendations can be a great way of ensuring your data is protected, both legally and physically.