Five tips to protect veterinary practices against cyberattacks

Roughly 11,000 veterinary practices each year experience a cyberattack, and with just over 800,000 complaints of suspected internet crime in 2022, odds are the average practice owner is at risk.

On July 14 at AVMA Convention 2023 in Denver, Clint Latham, founder of Lucca Veterinary Data Security, presented the session, "The Most Important Thing That No One is Talking About: The Current State of Cyber Security in Veterinary Medicine."

Latham's goal is to help veterinarians realize the value of their data and take steps to protect it.

"Practice owners and managers don't think their practice has any data that a cybercriminal would want," Latham said. "But your practice management system is the heartbeat of your business—it runs basically your entire operation and that's insanely valuable."

He gave the following tips for veterinary practices to enhance their cybersecurity:

• Use strong passwords and use a password manager such as Keeper or 1Password to keep track of passwords securely. In addition, always enable two-factor authentication, which Latham said should stop about 90% of personal cyberattacks. Utilize strong, unique passwords. And do not reuse the same password across multiple sites.
• Stay on top of updates for your operating system, web browser, and other software. This includes security patches to keep information safe and is the easiest action, with the greatest return. Also, take advantage of security software such as anti-virus and malware software.
• Use free web tools such as Virus Total to further protect your practice, and Have I Been PWNED? to quickly assess whether an online account has been compromised or "pwned" in a data breach.
• Schedule cybersecurity training for staff members so they are informed about possible threats. Building a security culture is the most effective way to keep your practice safe. Staff members need to be encouraged to bring up questionable emails and websites, while those responding should be accepting of what is brought up to them.
• Back up practice data. An effective way to do this is to a cloud system. Double up with a local hard drive backup. Insurance companies will want your backups to be unchangeable to protect against ransomware encryption.

In a survey of veterinary hospitals conducted by Lucca Veterinary Data Security, 90% of respondents said they weren't worried about cyberattacks. With the rise of new technology, veterinary practices should protect themselves from being compromised. Artificial intelligence (AI) programs, such as the chatbot ChatGPT, make it even easier for a hacker to create and deploy ransomware tools.

"AI is only going to exacerbate the problem since it's going to give access to tools to people who otherwise wouldn't have them," Latham said.

Latham explained that many veterinary practice employees lack an understanding of how cyberattacks work, and are often unfamiliar with data protection tools. While it's easy to assume the business's information technology (IT) professional has everything covered, Latham encouraged practice owners to never assume anything.

"We are an insanely trusting, nice, and empathetic industry, and because of that, we get taken advantage of," Latham said. He added that hackers don't care about how big or little a company is; they only care about money.

He said the experiences of key industry partners such as Merck Animal Health and National Veterinary Associates (NVA) should serve as a warning to veterinary practices everywhere. Even with large IT budgets and teams, a 2020 cyberattack potentially cost NVA millions in losses and meant the shutdown of nearly 400 clinics, while Merck had $670 million in losses from a ransomware attack in 2017.

The AVMA provides information on cybersecurity resources and Lucca Veterinary Data Security offers a free e-book on the topic.

A version of this story appears in the October 2023 print issue of JAVMA