A leading UK provider of veterinary services this morning revealed that a major cyber-incident has caused “considerable operational disruption” at the firm.
CVS Group runs hundreds of vet practices as well as a handful of laboratories and crematoria across the UK, Australia, the Netherlands and the Republic of Ireland, employing thousands of staff.
The company revealed in a notice to the London Stock Exchange (LSE) earlier today that it recently “detected and intercepted” a cyber-attack involving unauthorized external access to its IT systems.
“Upon discovery of the incident, CVS took immediate steps to isolate the issue and, to prevent wider unauthorized access, took its IT systems temporarily offline, as part of the group’s response plan. Our responses to contain the threat of malicious activity have caused considerable operational disruption over the past week, but to date have been effective in preventing further external access to CVS systems,” the notice continued.
“Specialist third-party consultants have been engaged to investigate the nature and extent of the incident and to support the response across the group. CVS has also proactively informed the relevant authorities, including the Information Commissioner’s Office, due to the risk of malicious access to personal information.”
Read more on operational disruption: Clorox Operations Disrupted by Cyber-Attack
It’s unclear at this stage whether sensitive information was stolen as part of the attack, which bears all the hallmarks of ransomware. CVS said a forensic analysis of the incident is still ongoing.
The firm did admit that its response to the incident continues to have some impact on operations, although only those reliant on CVS-hosted systems.
“Through the efforts of our colleagues, we have continued to provide our usual high levels of clinical care to clients and patients at the majority of our practices. IT services to our practices and business functions have now been securely restored across the majority of the estate; however, due to the increased levels of security and monitoring, some systems are not working as efficiently as previously and this is likely to result in an ongoing operational impact,” the statement revealed.
“Operations outside the UK remain operationally unaffected as do non-CVS hosted systems and the Group’s e-commerce systems.”
The incident has accelerated the company’s plans to migrate its practice management system and related IT infrastructure to the cloud.
“Whilst we will continue to focus on providing high levels of clinical care to clients and patients, the security steps taken and the planned migration of our operational systems are likely to have an impact on operations for a number of weeks,” CVS concluded.