It was just a normal, busy day in the veterinary practice. Three front desk staff members booted up their workstations, ready to check in the first wave of clients and patients for the day. One staff member noticed an email in the practice inbox from a vendor, citing an expired credit card and requesting confirmation of account details and payment information. Too busy to take care of it at the moment, she flagged it for later.
About two hours later, she returned to the task and noticed some odd things about the email. It did not look quite as professional as the typical vendor’s emails, and something seemed off. She picked up the phone and called the vendor, and sure enough, there was no expired credit card and no need to update account details or payment information.
Fortunately, this practice averted a significant problem. Had the staff member clicked on the link in the email, she could have infected the practice network with a virus or malware. Worse, she could have provided sensitive practice data to the wrong people. Trusting her gut feeling worked to her advantage.
Today, the most common way veterinary practices fall prey to cyberattacks is through suspicious emails (phishing), text messages (smishing), voice calls (vishing), and even fake social media messages and alerts. Staff members unknowingly click links, download infections, and follow directions on spoof landing pages, only to find their practice networks compromised or locked under ransom.
Artificial intelligence (AI) has exacerbated the situation. Cyber criminals can use generative AI tools to very closely mimic legitimate emails, text messages, and voice calls from reputable companies practices work with, such as their bank. Imagine receiving a convincing text or email from your bank or credit card company asking you to click the link and confirm your account details. Banks do not do that – unless you have initiated the call, and they need to verify your identity by sending you an email or text for one-time use.
According to data breach reports, 61 percent of small and medium-sized businesses were the target of a cyberattack,1 and human error occurred in 68 percent of breaches.2 Small businesses, such as veterinary practices, make great targets because they typically do not have adequate security measures in place, and they are not prepared for mitigating cyberattacks.
Does cloud software solve the problem?
Many practices have asked whether cloud software helps or hurts cybersecurity. If a staff member inadvertently clicks on a phishing email and sensitive information gets into the wrong hands, practices with both server-based and cloud-based software can be at risk. However, cloud software does have some security benefits over its on-premise alternative.
First, storing practice data in the cloud takes a portion of the responsibility off the practice and puts it on the cloud software provider. Reputable cloud software providers have more resources and tools available for security, including designated experts on staff, along with bank-level and government-level servers.
However, regardless of which software platform a practice uses, there are still several cybersecurity responsibilities falling on the veterinary practice. These include maintaining network safety, anti-virus software, updated software and hardware, good password policies, and staff training.
Six best practices for good cybersecurity
Clinics can practice and improve cybersecurity by working with reputable software providers that have gold-standard tools and resources in place to safeguard practice data. Some best practices to aid in
cybersecurity include:
1) Using strong anti-virus software that protects their practice against viruses, malware, spyware, and the like.
2) Conducting regular cybersecurity training and security assessments with team members. Cyber criminals are constantly reinventing their craft, using new tools to trick people into divulging financial information or account access. Educated employees are less likely to fall for the latest scams or use weak passwords. Train your team to immediately ask for help if they suspect they have clicked on a suspicious email or visited a suspicious website.
3) Updating hardware, software, and network systems with the latest security features and patches. Both server and cloud software need the latest security in place if they are connected to the internet. With cloud software, these updates happen automatically in the background, so it is less work for practice staff.
4) Having a daily and annual data backup plan. Ideally, these involve a daily backup offsite, not just a daily backup to a hard drive stored within the practice. If the hard drive is plugged into the server, it can also be compromised if the practice is compromised. If practices need to restore their data for any reason, they become very thankful for their daily and year-end backups.
5) Protecting their software against unauthorized users. This includes two-factor authentication when logging in to online vendor accounts or bank accounts, which makes it much harder for hackers to gain access to an account. One extra step when logging in is worth the time and effort.
One little-known threat here can be ex-employees, who may have access to sensitive reports and data after termination. When team members are no longer employed by a veterinary practice, it is recommended to immediately remove their software access and also alert the software provider that the staff member is no longer employed, in the event the ex-employee tries to contact the software support desk to gain access. A termination checklist can help ensure nothing is missed, including deactivation of software access, building access, online ordering, etc.
6) Creating and implementing an incident-response plan in case of a breach or cyberattack, which includes who to notify, how to isolate and contain the issue, and how to recover their data. This also includes following the post-incident filing regulations in the state or states where they operate.
A little knowledge and training, plus the right technology and practice policies, can help veterinary practices stay one step ahead of cyber criminals and stay cyber safe.
Chelsea Lindemann is product support manager at Patterson Veterinary, responsible for helping veterinary practices with Patterson’s software solutions, including NaVetor cloud software and IntraVet.
References
- Verizon 2022 Data Breach Investigations Report (DBIR), 15th edition.
- Verizon 2024 Data Breach Investigations Report (DBIR), 17th edition.