[swader999]

So are vet hospitals. At this very moment there's a chance you'll walk into one that has fallen back to paper records and billing due to a continent wide ransom ware attack.

https://www.reddit.com/r/msp/comments/dnd7aq/ransomware_atta...

From that thread: Avimark is an old style load the EXE from a share program with a flat file structure for the data. Most clinics are not in a domain, just workgroup, and the share is read/write access for Everyone. So, yeah.

[heartbreak]

It's worse than that thread reveals. NVA was hit by a ransomware attack in May. They're now in a second attack that began in late October (ongoing). The latest one was described by CIO Joe Leggio as a "coordinated and sophisticated" attack in an internal email. He said it was designed to breach the NVA system specifically and that the attackers had three separate entry points. Only this week did NVA deploy endpoint security software to every computer in their 500+ veterinary practices.

Note: Avimark itself is not at fault here. The Avimark issue that the practices are having is related to NVA not having a solid DR plan with working backups. Part of the problem there is that because of Avimark's architecture, most practices have an on-prem server that each workstation RDPs into for using Avimark. Because this equates to 500 or so Avimark SQL Server instances spread around the United States, it's perhaps not surprising that NVA's unsophisticated IT department did not have working backups for each instance.

[drpaul]

AVImark is not SQL. AVImark runs at workstation as a UNC path shortcut and no application is installed on the workstations. Entire program resides on the Server and is much like it's DOS predesessor from the 1980's. Everything it needs to run is installed in it's AVIark folder on the Server. Very few of the 8,000 plus hospitals run it in an RDP mode. Usually those that do have multiple locations with satellite hospitals connected to the main server via Internet back to the central or main hospital. Problem is NVA does not know what they are doing for security and has paid no attention to this problem, and has no well defined distaster recovery plan. They do not allow for outside expert AVImark or IT consultants to help their hospitals.

Dr. Paul DVM and AVImark Consultant and Trainer since 1998.

[tbdubz]

Hello. I'm a reporter at the Wall Street Journal and I've been looking into this second attack for two weeks now. Some users from that Reddit thread have passed along some internal emails to me, and some customers have reached out with complaints as well and I've been looking to corroborate some details. Would you be willing to chat with me via Signal?

[ccwtech]

AVImark does not use SQL in general. They did an experiment with SQL a few years ago but abandoned it. They have a flat file database written in Delphi.

[imglorp]

This sounds ideal for a SaaS. Why is each practice messing around with an IT dept and SQL and DR when it could be hosted and managed at low cost for all them at once?

[heartbreak]

The industry has been really slow to move to SaaS. Avimark's primary competitor has a strong SaaS offering with Idexx Neo [0], but NVA requires the practices they buy to switch to Avimark.

[0] https://www.idexx.com/en/veterinary/software-services/neo/

[swader999]

This sounds exactly correct unfortunately. Also taking down clinics in Canada.