Cybersecurity: A Cat-and-Mouse Game

Mar 8, 2023 at 6:34 pm

Let’s face it: As a concept, cybersecurity can be a blend of scary, confusing, and boring to the average veterinary professional, especially compared to the satisfaction and joy that come from providing healthcare for pets and peace of mind for their owners. Because of this, it is all too easy to fall into the trap of viewing cybersecurity as a ‘one-and-done’ task. ‘I have antivirus installed, so I must be good!’

The truth of the matter is that cybersecurity professionals view our duty as a cat-and-mouse game, where we serve as defenders of a constantly moving target. As threat actors find new ways of gaining access to your data and taking control of your network, we must find new ways of stopping them. While it is unfair to ask you, as a veterinary professional, to know every facet of cybersecurity—just as unfair as it would be to expect me to perform a flawless TPLO—it is crucial that you at least understand the cyber threats in the landscape today and some of the ways you can avoid making yourself a target.

What even is ransomware?

Every business professional has attended a lecture or read an article that mentioned the threat of ransomware, but very few of these truly define, in plain terms, what ransomware is. Simply put, ransomware is a type of malicious software that attempts to hold you hostage. It accomplishes this in one of two ways:

  • Threatening to publish personal data
  • Permanently block you from accessing your data

In either case, the intended outcome is to extort money from you to prevent something bad from happening.

Unfortunately, ransomware attacks are on the rise. According to the 2022 State of the Threat report put out by SecureWorks, ransomware remains the number one cyber threat to veterinary practices. The United Veterinary Services Association reports that more than 700 businesses in our industry have already been attacked, and, across all sectors, 60% of businesses have experienced phishing and social engineering attacks. In 2021, cyber-crime resulted in losses exceeding $6.9 billion, and veterinary practices and other small businesses are especially vulnerable because they are seen as opportunity targets due to their often lax cybersecurity protections.

Scary stuff.

Prior to 2022, credential-based breaches were the primary vector of attack. This means that a bad actor uses login credentials that they obtained via phishing, social engineering, malicious links, or database breaches to get hold of your network. However, 2022 saw the rise of a new leading cause of ransomware infections: RATs.

There are RATs in your network

In the veterinary world, rats aren’t that scary at all! After all, we have a whole field of veterinary medicine devoted to the care of rats, mice, and other cute, fuzzy pocket pets. In the cybersecurity world, however, RATs are remote access tools, and, in 2022, these RATs accounted for 52% of all ransomware attacks.

During the onset of the COVID-19 pandemic, there was a rush to find ways to allow people to work and attend school remotely. The veterinary industry was especially impacted in our role as essential businesses, and the scramble was on for veterinary practices, consultants, and industry partners to provide telework, telemedicine, and remote support options.

This lead to the proliferation of remote access tools, which are a type of software that allows a local user to connect to a remote computer, server, or network. These are quite common in the world of remote tech support; in the veterinary industry alone, you may have had to interact with AnyDesk, ScreenConnect, TeamViewer, LogMeIn, Splashtop, RemotePC, Chrome Remote Desktop by Google, Kaseya, and more, and these tools are not inherently bad. However, the chaotic scramble to deploy these during the pandemic left networks with unsupported, unpatched, and unmonitored RATs, which left them very vulnerable to ransomware attacks.

What can you do to protect yourself?

In an open letter dated June 2, 2021, the White House stated that “All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location.” No business is immune, and thinking ‘this could never happen to me’ is the surefire way to let your guard down and become a victim. Fortunately, there are a few things that every professional in the veterinary industry can do to help reduce their risk:

  • Enable multi-factor authentication / two-factor authentication for email and applications. These tools create an additional step, usually via a random number generated every 30 seconds, for every login attempt.
  • Secure and monitor RATs. Any remote access tools that are no longer in use should be deleted, and any that are in use should be routinely monitored by a cybersecurity professional.
  • Protect your network with layered protections, including antivirus, endpoint detection and response, spam filtering, and anti-phishing tools.
  • Implement user training and phishing exercises. Phishing attempts are becoming more sophisticated, so utilizing ethical phishing training with your team can help prevent them from being easy targets.
  • Use a proper domain for your email, instead of free accounts. Not only is [email protected] more professional than [email protected], domain email is easier to protect with spam filtering and anti-phishing tools, and can also allow you to quickly access to your data for any terminated employees.
  • Backup your data, preferably in cloud and offline locations. Even the most secure defenses can be breached, so having a robust disaster recovery plan where your data is backed up regularly and can be ‘rolled back’ quickly is crucial to restoring functionality if the unthinkable happens.
  • Update and patch all systems promptly and routinely. This includes keeping your operating system up to date, so stop clicking ‘later’ when prompted to make these updates!
  • Utilize a password manager or vault to ensure all passwords are complex and unguessable.
  • Regularly review your social media accounts. Delete apps for platforms you aren’t regularly using, delete or inactivate profiles you no longer update, and remove any posts that contain personal information that might be used in a social engineering attack on your login credentials.

One of the most exciting things about the veterinary industry today from a cybersecurity perspective is that veterinary business owners are starting to understand the threats in a way they didn’t previously. After a few high-level breaches in our industry over the past few years, the industry is becoming rightfully worried about the cyberthreats they face. As with any threat, though, the best offense is a good defense, and through vigilance, attention to detail, and a proper investment in the safeguard tools, you can avoid becoming a statistic.

The following two tabs change content below.
For over a decade, William Lindus has served the veterinary industry through his background in providing operational management solutions to help keep veterinary practices safe and profitable. As the director of operations for I.T. Guru (, he loves helping his clients navigate complex technology decisions and helping them foster a business environment that is secure, stable, and sustainable. William is an active member of VetPartners, a national group of trusted veterinary consultants and advisors, and, as a speaker, William is excited to share his technology best practices through podcasts, webinars, and conference speaking engagements.

Speak Your Mind