How well are you prepared against hackers and ransomware?
When typical veterinary professionals think about cybersecurity, it is common for them to assume that they are not a target to cyber criminals because of how small their clinic is, all their trust is in a cyber security system, or an IT technician they have on staff. However, according to Clint Latham, JD, director of veterinary data security at Lucca Veterinary Data Security, based in Colorado, they do not care how big or small of a target you are, you are still a target to them.
During his lecture at the American Veterinary Medical Association convention in Denver, Colorado,1 Latham explained to attendees the risks that they face online as veterinary professionals. He also addressed how security errors can happen.
On the rise
When the COVID-19 pandemic shut down the world and forced many veterinary professionals to from home, such as client service representatives, many employees were doing their work through their personal internet service. Latham explained to the attendees that with the increase of working from home, an increase of hackings and cyber-attacks also was happening.
“What we saw was a lot of people working from home, working behind home routers accessing business assets. And hackers knew that this was an easy, easy way to then get back to the primary business,” explained Latham.
Ransomware is attacking 43% of small businesses, including veterinary clinics.2 When it comes to ransomware, Latham strongly disagrees with paying the ransom because once they know that you are willing to pay, they will continue to attack your software over and over. He gave the example of a veterinary hospital in Arizona that was victim of ransomware and they have paid the ransom 3 times already with Latham predicting they will be hit another 2 times by the hackers.
How are cyber-attacks happening?
According to Latham, one of the top causes for vulnerability in a system is human error. Latham explained that it does not matter how smart you are or how high ranking in a company you are you are always at risk. He gave attendees the example of the Sony company hacking in 2014. The hackers got into the software because they dropped a flash drive labeled ‘Pay Roll’ on the ground in front of the network admins car. That employee then saw the flash drive, assumed someone from the human resources department dropped it, and then brought it inside and plugged it into a computer, letting the hackers right in. Companies that pay thousands and thousands of dollars for cyber security are just as risk of human error as those who operate on a much smaller scale, according to Latham.
The veterinary community is very trusting and empathetic to its patients and clients, which is a great quality as a medical professional, but can also put you at risk online, he explained. “Some of my closest friends and colleagues are in vet med and I love veterinary medicine, mostly because of this. The vet industries build a trusting and empathetic practice owner. We are an insanely trusting and nice and empathetic industry and because of that, we get taken advantage of all the time. I believe [we have] even been taken advantage of by vendors,” said Latham.
He emphasized that the industry’s trusting nature is not something that he wants to change, rather it’s something that veterinary professionals need to be more aware of in order to protect themselves. He gave attendees the example of a clinic that was working with a major laboratory for new equipment. A hacker was able to access the clinic’s information through the owner’s personal account and then watched her responses in her business email to get a feel for her mannerisms.
Once he felt ready, he emailed her accountant, asking for $40,000 to be wired so ‘she’ could pay the company. The accountant wired the money right to the hacker. The clinic only realized what had happened when the hacker got greedy and tried to ask for a $90,000 wire transfer and the accountant called the owner to confirm.
Veterinary medicine needs to take cybersecurity more seriously. If a multimillion-dollar company like Sony could be the victim of a cybercrime, so could any practice. It is important to stay up to date on software’s and protect your passwords and accounts, according to Latham.
He also encouraged attendees to let their staff know that if they made a mistake, they could come to the business owner or manager and let them know. This way, the practice can get ahead of the issue instead of not knowing as it only gets worse and worse until it hurts a business and its clients. Clinics should take time, at least once a year, for cyber security training because they do not know what a threat to the business is if they are never told what the threat could look like.