Last week Microsoft announced that there has been an attack on their widely used Exchange email service which has affected thousands of businesses worldwide. (Exchange is an on-premise email system made by Microsoft and very popular amongst businesses who use it to send and receive emails).
What Happened
Official statements from Microsoft suggest that this hack began in January this year, with the culprits (apparently agents working on behalf of the Chinese Government) having gained access to the servers disguised as someone who should have had access and deploying ‘web shells’ to use as backdoors into the systems. Their aim to steal sensitive data from larger corporates or government agencies.
The breach was announced alongside a launch for the patches that will fix the vulnerabilities, which has resulted in a surge of free for all attacks due to more widespread knowledge of the exploit. Whereas they believe the initial breach to have its origins in China, it seems that more local criminal gangs are now taking advantage of small and medium sized business, such as Veterinary Practices, that are unaware of the issues that may be caused. In essence by announcing the flaw and subsequent patches, Microsoft have opened up a hacking free for all whilst businesses scramble to fix the problems.
Who will be affected
The National Cyber Security Centre (NCSC) has estimated that in the UK 7,000 servers have been affected, of which more than 3,000 are still at risk. This means that if your practice uses a Microsoft Exchange Server it’s more than likely that you have been affected by the recent hack.
Paul Chichester the director for operations at the NCSC has stated that they “are working closely with industry and international partners to understand the scale and impact of UK exposure, but it is vital that all organisations take immediate steps to protect their networks”.
In reality the big businesses affected in the UK will be aware of the hacks, and taken steps to complete the security patches, scanned for and removed any malware in place. But the real worry is for the small and medium sized businesses like Veterinary Practices that do not actively follow security news and might not even be aware of the issue. This will probably mean that the hack will be extensive and far reaching and we wont have the figures to be able to understand the full impact for quite some time.
What to do
If you are concerned that your practice might be affected, then we’d suggest you contact your IT support company, who will be able to identify your risk. But as a hard and fast rule if your practice utilises Microsoft Exchange Server versions 2013, 2016 and 2019 then you will want to start patching immediately and consult a security expert to scan your systems.
If you are using Microsoft Exchange Online or Microsoft 365 then you will not be affected, and no further action will be required.
Why it’s Important for Vets
We get that IT updates just aren’t a priority when compared to ensuring that the x-ray machine is up and running or fixing the sterilizers as these are critical to your practice functioning and the care you give to our furry friends on a daily basis.
But we are here to tell you that there are multiple levels of risk that out of date and comprised software poses to your practice. We’ve listed below the ones we most commonly see across the veterinary industry as a whole:
- Downtime
- Preventing delivery of patient care
- Damage to practice reputation
- Costs (whether direct to the practice or from lack of revenue)
- Impact on team performance
- Client frustration
- Costly fine for breaking GDPR
All of these can have a serious damaging effect on a veterinary practice, especially downtime. We know first-hand just how catastrophic a complete system outage can be for a practice, which is why it’s imperative that your practice is doing everything to avoid this happening.
Simply put, if you are using this compromised software, your practice is extremely vulnerable. And as smaller businesses are being targeted you simply cannot rely on the safety of anonymity.
The security of your practice should never be taken for granted, and small things like updating your software might seem low on your priorities when dealing with a medical emergency but these actions can have a vast impact on your practice’s data security and ability to continue to offer patient care.
If you are using Microsoft Exchange in your practice or are concerned that your practice might have been affected by this hack, then please do get in touch. Our team of Veterinary IT Experts are on hand to help and will work alongside your team to ensure that your practice remains safe.
