UK vet network CVS hit by cyber attack

Operations at UK veterinary services provider CVS Group are being disrupted by a developing cyber incident of a currently undisclosed nature that has forced the organisation to take key IT systems offline.

AIM-listed CVS, which is not to be confused with the American retail pharmacy chain of the same name, said it had detected and intercepted a cyber attack in which an unknown actor obtained unauthorised external access to a limited number of its IT systems.

The organisation said it took a number of systems offline to prevent the incident from spreading, and that although this has caused “considerable operational disruption”, it has successfully prevented further access. It is currently working with third-party security consultants on a resolution, and has informed the relevant authorities, including the Information Commissioner’s Office (ICO). 

“Whilst the prompt actions taken by the Group have limited the cyber incident, they have resulted in disruption to UK operations,” CVS said in a statement to the stock market.

“Through the efforts of our colleagues, we have continued to provide our usual high levels of clinical care to clients and patients at the majority of our practices.

“IT services to our practices and business functions have now been securely restored across the majority of the estate; however, due to the increased levels of security and monitoring, some systems are not working as efficiently as previously, and this is likely to result in an ongoing operational impact,” it added.

“Operations outside the UK remain operationally unaffected, as do non-CVS hosted systems and the Group’s ecommerce systems. We would like to thank all our colleagues for their support and professionalism in maintaining our veterinary services throughout this incident.”

Employing over 2,000 veterinary surgeons and 3,000 veterinary nurses, CVS operates 500 practices – including nine specialist referral hospitals and 39 dedicated out-of-hours sites – in Australia, the UK, Ireland and the Netherlands – although Computer Weekly understands that only its UK services were affected.

CVS said that following the incident, it would move up its plans to migrate its practice management system and related IT infrastructure into the cloud to enhance security across its estate, and that this would likely continue to have some operational impact for a few weeks to come.

The nature of the disruption suggests CVS has rebuffed an attempted ransomware attack on its systems, although the organisation has made no statement in this regard, and at the time of writing, no ransomware operator had claimed responsibility.

ESET global cyber security advisor Jake Moore said it was impressive to see the organisation had recovered key systems so quickly.

“Although threat actors were able to penetrate here, companies are getting quicker at detecting and responding to attacks, and with the correct restoring procedures and even prior simulation of such events, it is impressive to see firms act in a way that minimises the impact of cyber attacks,” he said.

“Due to a rise in cyber attacks including from Russia and China in recent months, this will hopefully act as a signal for all firms to raise awareness and boost protection where possible.”