Ransomware attacks have severely affected the animal healthcare industry, prompting the United Veterinary Services Association (UVSA) to take immediate action

UVSA’s mission is to be the hub of relevant information leading to innovation in the supply chain and, in doing so, to enable animal care by supporting those who serve the veterinary channel.

Best practices recommended by UVSA include:

1. End User License Agreements (EULAs): EULAs are now standard practice for those engaged in B2B e-commerce. EULAs must be in place for all users before allowing access to systems.

2. Logging of Site Access and Use: Logging of Customer Authenticated Site access and use of activity is necessary for EULA compliance monitoring and notification to users for violation of the EULA or potential breach of security.

3. Multi-Factor Authentication (MFA): MFA is now a cybersecurity best practice for business and financial systems. Implementation of multi-factor authentication protocols must be in place as a required component for platform access.

  • If full implementation of MFA is not possible, consider requiring MFA for a subset of user actions focused on securing private data (SSN, license information , etc.) and financial data (payment information, banking information, etc.).
  • If full MFA implementation is not possible, consider using a CAPTCHA test to differentiate human users from bots (machines) for all access or to limit access to private/financial data (as described above).

4. Third Party Access EULA: In the event a Third Party requires Access to provide an Authorized Commercial Application, each Third Party must execute an EULA before receiving access to the Systems. Such access must then be provided only through an approved application programming interface (API).

  • A third-party EULA should clearly define acceptable use of the platform, platform usage limits, security expectations for connected systems, security expectations for retrieved data, usage limits data and data access and security/use audit rights.
  • The API must allow access via unique third-party identifiers and limit such access only to data required by the third party for legitimate business operations. Use of the API may be subject to rate limits and data limits to ensure that the e-commerce platform is not unduly loaded.

The “best practice” recommendations were developed by IronNet, a cybersecurity company engaged by the United Veterinary Services Association (UVSA) as a subject matter expert, based on the work of the UVSA Distributor Task Force on cybersecurity.

UVSA’s mission is to be the hub of relevant information leading to innovation in the supply chain and, in doing so, to enable animal care by supporting those who serve the veterinary channel. Cybersecurity recommendations are designed to support and protect UVSA members. UVSA is a national trade association made up of distributors, manufacturers and suppliers of animal care products in the veterinary circuit. http://www.uvsa.net

Interview Availability:

  • Betsy Watkins, UVSA Board Chair, PRN Pharmacal
  • Photos are available on request for media use

MEDIA CONTACT:

Kathleen Cairns, Communications Strategist

Fallston Group

443-714-4836

[email protected]

Share the article on social networks or by e-mail:

Boyd S. Abbott