Do Criminals Want Your Practice’s Data?
Clint Latham, an Ask Jan Expert specializing in cyber security, is a veritable treasure trove of horror stories regarding cyber security in the veterinary industry. “Awareness is the first step,” says Clint. “The clients I have met after a security problem has arisen often felt as though their data wasn’t valuable. ‘Who wants Fluffy‘s medical records anyway?’ Sadly, there are many criminals who are happy to take advantage of the lax cyber security measures of unsuspecting veterinary practices.”
Clint shares with us two of the most common problems his clients have faced in recent years.
Compromised Email Accounts or Spearfishing
Compromised business emails pose an enormous threat. This problem usually arises for practices that are using free email accounts such as gmail to run their businesses. The target of the crime here is actually the hospital’s customers. By hacking into the back end of a practice’s email accounts, thieves can gain access to the Practice Management System and then download customer invoices. After this, emails are sent to customers claiming that the invoices were unpaid, citing the same data that appeared on the original invoices. These emails appear to be coming from the practice’s normal email address, though they are hidden in such a way that the practice itself cannot see them. These customers are then asked to wire money to pay their outstanding invoice. Even responses from the customers are hidden by these criminals so that the hospital cannot see them. This practice is known as spearfishing.
Prevention Tips: The best ways to prevent these crimes is using business-class email services with strong spam and phishing protection built in. Free email accounts simply cannot offer the level of security that a veterinary practice requires. Stronger password protection can also help. Clint recommends using a password manager such as 1Password or Lastpass.
The second most common problem is ransomware. Online criminals used to use a ‘spray and pray’ method but these days, ransomware attacks are much more targeted. The veterinary industry is particularly at risk because of high turnover. Job search sites are often the primary tools of these ransomware criminals. They create fake accounts on job application sites and then send realistic looking emails applying for open positions. Once they are asked by the hiring manager to send documents like resumes or CVs, they send realistic looking attachments that have ransomware code hidden in the background. If you open the attachment, the encrypted software hidden in the document begins to attack system until your computer is fully locked down, making it impossible for you to access customer files or anything else on your computer.
Often times, after your computer is locked down, a window will appear asking for bitcoin to be deposited into a bitcoin wallet in order to regain access to your computer systems. On average 2.5 hospitals fall victim to cyber crime every week. With the average Veterinary Cyber Security PLIT claims averaging $135,000.00 in 2020.
Prevention Tips: There are a variety of tools you can use to check these attachments before you open them. Virustotal.com is an excellent site which allows you to scan attachments for free before you open the files. Good workstation protection, including software and backups, can help protect you in case of a ransomware attack as well. When deploying cyber security protection for his clients, Clint uses a layered approach to cyber security, including four different types of software platforms to protect your practice or your data.
For additional tips from Clint, download his free ebook: 5 Simple Ways to Protect Your Practice on the Ask Jan For Help Shopping Page.
And for instant access to experts like Clint, check out Ask Jan For Help’s membership options.
Clint Latham, Veterinary Data Expert
With two senior Yorkies, Clint (CJ) understands the need to have a trusted veterinarian to care for his family members. Clint’s goal is to help uncover the mystery of data security for DVM’s across the country so they can focus on what is most important: quality care for our furry friends. While working and speaking with practices all across the country, Clint saw that there were a number of practices that have a great local IT guy who needs the security and data insights specific to the veterinary industry. In an effort to find a way to support independent IT professionals while simultaneously providing security and data insights to those who protect our animal companions, Clint founded Lucca Veterinary Data Security.