QUARTERLY BEAT / JULY 2023 ///
/// QUARTERLY BEAT / JULY 2023
SECURITY Cyber THE CURRENT STATE OF CYBER SECURITY IN VETERINARY MEDICINE
BUILDING A CYBERATTACK Contrary to popular belief cyber criminals rarely seek out an individual business, unless that business will net them millions of dollars in ransom. Thus, how are cyberattacks crafted to attack smaller businesses and more importantly veterinary hospitals? The waterfall approach. When a cybercriminal looks to go after small businesses they build an attack like a waterfall. As a river flows down the river it looks for the path of least resistance. Thus, the cybercriminal will build an attack vector that looks for known exploits that will allow them to easily flow into the hospital. We can look at the steps used by cyber criminals by analyzing the seven links in Lockhead Heed Martins Cyber Kill Chain. The seven steps are:
Education is the most powerful weapon you can use to change the world.
Clint Latham J.D. Lucca Veterinary Data Security; Palisade, CO
Is your business Cyber-Safe? If you missed Clint Latham, JD’s VETgirl practice management webinar on June 1, 2023 entitled The Most Important Thing No One is Talking About, read the highlights below! In this webinar, Clint discusses the current statistics surrounding cyber security attacks in veterinary medicine, how cyberattacks are deployed, and what the hackers are after. Tune in as he shares industry examples that you can learn from and 5 simple things you can do to help protect yourself from cyber-crime!
- Nelson Mandela
1.
Reconnaissance
2.
Weaponization
SMALL ANIMAL WEBINAR
3. Delivery 4. Exploitation 5. Installation 6.
Command & Control
complicated and unique passwords for every account you use. They also easily integrate with Windows and Google’s Chrome web browser. They allow you to easily share passwords with staff and notify you if any of your passwords have been compromised. The best part is that when an employee leaves you simply deactivate their password manager access and don’t have to change every password in the hospital. 2. UPDATE, UPDATE AND THEN UPDATE AGAIN : One easy path down the river is through known exploits on the network. All technology software companies offer regular security updates. Some of these updates are known as Zero days, which indicate that these vulnerabilities are actively being exploited by criminals and you need to update immediately. Thus, you should regularly update anything that touches the internet. Not just computers and the software that they use. But also any IOT (Internet of Things) devices. Things like smart phones, tablets, smart thermostats, Amazon Alexa or Google Home devices, ring camera systems, and the list goes on. The eternal blue
7.
Actions & Objectives
WATCH FULL WEBINAR
These tools then look for a weakness in area’s 1-3; which are then deployed to the World Wide Web. The most common attack vector is email phishing followed by business email compromise. A few industry examples include sending hospitals fake resumes embedded with Ransomware, or gaining access to the clinic email address, which then gets them access to cloud based practice management systems allowing them to create fake invoices to send to all of your clients. 5 SIMPLE STEPS TO PROTECT YOUR HOSPITAL The great news is that it doesn’t have to be expensive or complicated to start protecting your hospital from the waterfall of cyberattacks. Thus we are going to cover five actions you can take that will have the greatest impact on your veterinary hospital’s cyber security. 1. PASSWORDS : Start by leveraging a good password manager. The recent JBS & Kasyea attacks carried out by ReVil, using compromised password lists they acquired from the dark web. A good password manager will make it easy to create
WHY DON’T WE HEAR ABOUT ALL THESE ATTACKS? In June of 2020 the AVMA gave an online presentation concerning cyber security and why having a Cyber Security PLIT was important. The AVMA trust division stated that at the time of the presentation their average cyber claim was $135,000. Unfortunately, a ransom demand of $135,000 isn’t large enough to be newsworthy. In fact, in order for the federal government to get involved the ransom has to be in excess of $500,000. The sad fact is that just because we don’t hear about them doesn’t mean that it’s not happening. On June 3rd, 2021, the White House released an open letter to all businesses in the United States. They specifically state “no company is safe from cyberattacks”. Yet the veterinary industry largely thinks they are in some sort of safe zone. This is largely due to a lack of understanding how cyberattacks work.
Cyber security has become a bit of a buzzword in 2021. The high profile cyberattacks on businesses, like the Colonial Pipeline, CNA, Kasyea & JBS, have raised a lot of concerns amongst larger organizations. However, veterinary medicine largely remains unconcerned. With common messaging of “Why would anyone want Fluffy’s medical records” and “Our IT guy has us covered”. However, the statistics tell us that over one third of small to medium sized businesses were affected by a cyberattack. With veterinary medicine being lumped into the health care sector it’s hard to know exactly the number of practices that are affected each year. However, using the rough estimate of one third of small- medium sized businesses from the research of Malwarebytes, roughly 11,000 veterinary practices each year are affected by a cyberattack. That’s 228 veterinary hospitals per week!
Continued on page 18
Webinar Highlights
16
17
VETGIRL BEAT EMAGAZINE | VETGIRLONTHERUN.COM
VETGIRL BEAT EMAGAZINE | VETGIRLONTHERUN.COM
Made with FlippingBook - Online Brochure Maker