Veterinary practices have become increasingly reliant on IT services for their day-to-day operations, such as managing patient information, treatment planning and scheduling, as well as back office functions such as accounting and payroll processing. However, not all veterinary practices have the resources to build an IT infrastructure that can meet all their needs. This is especially true for small and medium-sized practices. In order to remain competitive, many veterinary practices seek managed service providers to help minimize the cost while still remaining competitive.
A managed service provider (MSP) is a third-party company that mostly operates remotely to manage their client’s information technology infrastructure. In the case of veterinary practices, some examples of managed services provided by MSPs include cloud-based solutions used in these practices ie cloud servers; basic security; printing services; data analytics; cabling; network hardware; PC replacements and managed software as a service infrastructures such as Office 356 and anti-virus software.
Cybersecurity threats resulting from MSPs
Chances are your next cyberattack will be directly targeted at you. However, some of the third-party applications and IT services you outsource will also be compromised, which will result in your veterinary practice also being a target.
This is what happened early last year when Kaseya, an IT solutions developer for MSPs and enterprise clients, was attacked by cybercriminals and its services brought down by ransomware. The result was that thousands of organizations around the world, including veterinary practices, got compromised and their ability to offer services effectively brought to a halt for weeks. In this section, we are going to look at some of the methods that can be used to compromise your veterinary practice through your managed service provider.
1. Ransomware attacks
MSPs make great targets for cybercriminals because of the multitude of small and medium-sized businesses and institutions they serve. Cybercriminals going after MSPs use a technique called Big Game Hunting (BGH). This is a targeted, complex type of attack which is not focused on the volume of attacks but rather the quality of attack. Cybercriminals know that, if they are able to target one MSP successfully, they will be able to have access to hundreds, sometimes thousands, of victims that are connected to the MSP, allowing them to cause maximum damage with minimal effort. A great example of this is the NVA attack that happened a couple of years ago. Resulting in over 400 hospitals being attacked through a single attack point.
BGH ransomware attacks are extremely damaging and can cause an entire industry to go offline. One case study of an MSP causing a global outage due to a ransomware attack is the Kaseya VSA ransomware attack by the REvil cybercriminal group. During the attack, thousands of companies and institutions across the US, Europe, and Asia-Pacific were compromised, resulting in the interruption of their ability to offer services. Small and medium-sized institutions that relied on these MSPs also had to stop their operations for days as they wilted for services to be restored. Veterinary practices using Kaseya services, either directly or indirectly through third parties, were also affected, with some going offline for hours before services were restored.
2. Distributed Denial of Service (DDOS)
A distributed denial of service attack aims to disrupt the normal traffic of a targeted server, service, or network by overwhelming the target with a flood of internet traffic. To achieve this, cybercriminals are able to use multiple compromised computer systems as sources of attack traffic.
These types of attacks can be targeted at MSPs that provide cloud services to veterinary practices, resulting in disruption of applications such as practice management systems. It is also possible that DDOS attacks aimed at your MSPs will last for days, and during that time, your ability to serve your clients will be limited.
3. Social Engineering
Social engineering is the malicious human interaction between cybercriminals and their victims that includes psychological manipulation with the sole goal of accessing unauthorized information. This method of attack is among the most widely used and most effective types of cyberattack.
If targeted at an MSP that holds your veterinary practice data, cybercrime can be able to gain crucial information about you, including getting access to all your accounts. They can then use the information to extort money from you, sell the data, or use it for identity theft.
4. Internet of Things Cyberattacks
Chances are, if you are using IoT devices in your veterinary practice, then you have outsourced the service to external managed service providers. Unfortunately, if your MSP is exposed to cybersecurity threats or attacked by cybercrimes, it also means that all the data from your IoT devices is also compromised.
Cybercriminals can use this data to extort your veterinary practice or post your sensitive data publicly. They can also cause damage by monitoring every step you make remotely, especially if the MSP IoT service deals with security systems in your practice.
Using a managed service provider is one of the best ways to gain a competitive edge over your competitors as a practice owner. However, these services are not risk-free. This is despite the fact that it is safer and less expensive than the majority of veterinary practices that have chosen to have their own in-house IT infrastructure.
Therefore, it is important to ensure that you choose trusted MSPs who are able to provide protection for your data. It is also important to research your managed service providers to ensure that they are competent in providing secure IT services before hiring them.
Are you unsure if your hospital has been properly protected from a Ransomware attack?
A cyber security audit is the only way to know what your risks are. Its like pulling a complete blood panel. You have to look under the hood. The great news is that Lucca is the only cyber security company focused solely in the veterinary space. Schedule a FREE call today to see how our Veterinary Cyber Security Audit can help keep your practice protected.