Reports of cyber attacks and malware are probably flooding your news feeds in the last few weeks, but this kind of threat to data security isn’t new, and veterinary practices are just as vulnerable as the next business.
In summer 2017, two large-scale cyber attacks made world news, both using different types of malicious software or ‘malware’. In May, WannaCry ransomware lit up headlines as it kidnapped data from nearly half a million devices worldwide, holding entire businesses hostage. Just a month later, NotPetya hit, crippling companies of all sizes across the globe.
And as the affected businesses have learned in recent months, dealing with a cyber attack isn’t quite so simple as just paying the ransom and getting your files back.
So what’s a vet practice to do in these times of cyber insecurity? The best approach is a preventative one: know what the risks are at your vet clinic, and be prepared to deal with them.
Is my veterinary practice safe from cyber attacks?
According to many experts, hospitals and other businesses that handle health information are especially vulnerable to cyber attacks. And the fact that veterinary clinics don’t handle human health data doesn’t give them immunity: there have also been cases of veterinary practice data being held for ransom.
In your practice, you’re likely to have multiple devices – from desktop computers and laptops to smart devices. A vulnerability in just one of these not only puts your personal user data at risk, but if your practice management software isn’t a cloud-based system, then your practice data may also be vulnerable to malware.
Local server = high risk for cyber attacks
Storing your practice’s data on a local server can leave many doors open for cybercriminals.
In a nutshell, practice management software comes in two forms. If your practice runs on a server-based system, all of your computers and other workstations are linked directly to that server. Remember, all it takes is one device on your network to get infected, and all the data on the server is at risk. If the machine hasn’t had any updates or maintenance for a while, the chances are that it’s vulnerable to more than a few exploits, and needs urgent attention.
Cloud software = increased cybersecurity
The second, more modern type of software stores your practice’s data online rather than locally, creating an extra layer of separation between the keyboard under your fingers and the customer and patient information your practice runs on. This kind of software is known as “cloud-based”, “web-based” or simply “online” practice management software.
Cloud-based practice management systems store multiple copies and backups of your practice data in data centres, like the Amazon Web Services centre in Frankfurt where Animana stores its data.
This separation isolates your practice data from your local machines, meaning infections cannot be passed from your computer to the secured data centre. Should your computer be infected, you’ll be down a workstation, but you can just access your practice management system from another computer, smartphone or tablet and continue with business as usual.
How can I protect my practice against attacks?
Whether you’ve already made the move to the cloud or not, a few common best practices can go a long way towards keeping your vet practice’s data safe.
- Make sure your operating system (e.g. Windows, Mac etc.) is set to automatically update. If you are using an unsupported operating system, such as Windows XP, your chance of being infected is much higher. But that’s not the only risk: in recent cyber attacks that have hit the headlines, Windows 7 machines have been the most vulnerable. It’s also interesting that the WannaCry and NotPetya exploit was patched and released nearly 60 days before the first outbreak. So don’t postpone those updates!
- Ensure you have antivirus software, and that it’s up-to-date. If it isn’t, check the auto-update settings. If you don’t have an antivirus programme, now’s the time to get one – we recommend paid solutions such as McAfee AntiVirus or Norton AntiVirus, but there are also some good free products from AVG and Avira. You can refer to a reputable site like PCMag, which has lists of paid and free antivirus software.
- Be careful what you open! Email is one of the main infection methods. Before clicking on links or opening attachments, make sure you recognise the sender; if you don’t, just delete the message. Be extremely wary of any Microsoft Office files which advise you to use “macros”. Unless you are sure that this is a genuine email from a trusted source, do not enable macros and instead immediately delete the file.
- Have a good backup system. Back up your important data daily and keep all versions for at least one month. You should also ensure that backups are appropriately protected or stored offline so that attackers can’t delete them. These days, cloud backup solutions are a very cost-effective, reliable, and super-easy way to automate backups. For example, Crashplan, and Backblaze, are two excellent services. You could also install a “shared folder” solution such as Google Drive or Amazon Drive for all practice files – these solutions provide an easy way to have one folder synchronised across all computers, and provide a limited backup solution.
What should I do if my computer is infected?
Every attack is different, but here are a few steps you can take if you suspect an infection:
- Disconnect your computer from your network/Wifi, and remove any external drives or USB keys (this will minimise the spread of the infection).
- Stop using the computer, and do not reboot your system (shortly after the WannaCry outbreak, decryption tools were released which could recover data – but only if you hadn’t rebooted).
- Contact your IT specialist immediately.
- If you do not have an IT specialist, from an uninfected device, carefully review advice from trusted websites such as Avast, Kaspersky.com, and Nomoreransom.org.
Keeping your vet practice safe in the long-term
Regardless of what type of software you have, there’s never been a more important time to ensure that all devices attached to your network are updated, and set to auto-update.
But that in itself isn’t enough to ensure the safety of your practice’s data, your customers’ privacy, and the lifeblood of your business.
That’s one of the reasons why more and more businesses are moving to the cloud to fortify their cyber security. In the increasingly data-driven future of the veterinary industry, the extra layers of security added by a cloud-based system are a must-have.
Curious about the security and other benefits of working with modern cloud-based practice management software like Animana? Subscribe to our newsletter to learn more about working in the cloud, as well as to stay up-to-date on the latest developments in veterinary practice management.
The information contained in this article is for general information purposes only. IDEXX Laboratories, Inc. assumes no responsibility for errors or omissions in the contents of this article. References are provided for informational purposes only and do not constitute an endorsement of any websites or software.