It was late Friday afternoon when Debbie Hill got a call from the information technology specialist for Animal Hospital of Pensacola, the Florida small animal and exotics practice where Hill is the hospital administrator.
The IT specialist had bad news. “We had been hacked with ransomware,” Hill recalled. “Every computer in the building had gone black screen with a message, ‘Click here to recover.’”
The hospital was locked out of its practice management software and all of its data—patient records, appointments, invoices. For an undisclosed sum of money, the hacker would unlock the information.
Ransomware is malicious software designed to infect a computer and give hackers access to sensitive information. Once downloaded, ransomware encrypts a computer’s data, rendering it unusable until a ransom is paid to the hacker, often in cryptocurrency such as bitcoin.
On the advice of the IT specialist, Hill neither paid the ransom nor communicated with the hacker but resolved the problem internally instead. Fortunately, the hospital’s data had been backed up on a secondary server installed for such emergencies.
The breach was traced to an email opened by a veterinary student using one of the hospital’s computers.
“We’re a sharp practice,” Hall said. “We had good virus software and firewalls in place, but cyberattackers are inventive.”
Cyberattacks like the one against Animal Hospital of Pensacola are increasingly common.
The FBI’s Internet Crime Complaint Center received a record 791,790 complaints of cybercrime in 2020, a 69% increase from the previous year, with reported losses exceeding $4.1 billion.
The frequency of ransomware incidents also continues to rise. Between Jan. 1 and July 31, the FBI had received just over 2,000 ransomware complaints, with more than $16.8 million in losses, marking a 62% increase in complaints and a 20% increase in reported losses compared to the same period in 2020.
Just this past summer, the world’s largest beef producer, JBS, suspended nearly a quarter of its U.S. operations for two days after a ransomware attack from a cybercriminal gang calling itself REvil.
The largest reported ransomware attack on the veterinary industry targeted National Veterinary Associates in 2019, when operations at hundreds of NVA clinics were disrupted for several days.
But it’s a mistake to think cybercriminals are interested only in targets with deep pockets.
“Anybody can be a victim,” said Tom Millar, a senior adviser for the federal Cybersecurity and Infrastructure Security Agency.
Millar noted that the Biden administration has made combating cyberattacks a national security priority.
“Unfortunately, it appears likely that ransomware gangs are going to proliferate, but this administration is fully committed to using every resource we have and all the resources of our agency partners to tackle this problem right now,” Millar said.
Millar recommended a regimen of “cyber hygiene” to reduce the chances of being a victim of online crime. This requires keeping computer systems up to date, backing up data offline, and avoiding simple authentication codes to access data. Also, staff members should practice cybersecurity awareness and understand the schemes hackers use to access systems.
If a business finds itself held hostage by ransomware, Millar advises against paying the ransom.
“If a victim pays, the bad guys will keep doing it,” he said. “And in some cases, they come back to the same targets because they’ve already proven that they’ll pay.”
For CISA resources on protecting your business from cyberattacks, visit Stop Ransomware.
A veterinary hospital that has been hacked may be liable for failing to safeguard sensitive client information, such as credit card numbers. There’s also the related damage to the hospital’s reputation, which may drive clients away.
The AVMA PLIT, the AVMA’s professional liability insurance trust, is helping prepare practice owners for such an emergency by offering insurance for data breaches. Coverage includes legal and forensic services, public relations and crisis management, notification expenses, and defense and liability expenses.
Policyholders will also have access to risk management resources to minimize the chance of a data breach.
Additionally, the AVMA offers resources to help practice owners protect their business from cybercrimes and respond to a malware attack. Those resources are available at Cybersecurity for veterinary practices.