The veterinary services company CVS Group has said that efforts to contain a cyberattack will disrupt its British operations for weeks.
CVS said it had recently “detected and intercepted” an incident, which involved unauthorised external access to a “limited number” of its IT systems.
In response, the company took its IT systems temporarily offline to contain the “threat of malicious activity”, but the action has caused “considerable operational disruption over the past week”.
Specialist unnamed consultants have been brought in to investigate and the group has informed the authorities, such as the Information Commissioner’s Office (ICO), “due to the risk of malicious access to personal information”.
An ICO spokeswoman said: “CVS Group has reported an incident to us and we are assessing the information provided.”
Advertisement
A spokeswoman for CVS said a “small number” of vet practices had been shut for a “short time” and clients had been directed to other local practices. She said CVS believed any client data was stored on a separate cloud-based server, “which was not impacted as a result of this incident”.
In its statement to the stock market, CVS said that IT services to practices and business functions had been securely restored across the majority of its estate. However, increased security and monitoring has meant that “some systems are not working as efficiently as previously”, which is “likely to result in an ongoing operational impact”.
Operations outside the UK are unaffected, as are non-CVS-hosted systems and the group’s e-commerce systems, it said.
CVS is one of the largest companies on AIM, the London Stock Exchange’s junior market, providing veterinary services in the UK, the Netherlands, the Republic of Ireland and Australia. Alongside the core veterinary practices division, it operates laboratories providing diagnostic services to CVS and third parties, pet cremation and clinical waste disposal providers and Animed Direct, an online retail business.
The disruption comes at a testing time for CVS, with its shares having slumped in recent months on the back of a planned investigation into the veterinary services market by the Competition and Markets Authority.
Advertisement
CVS said it was accelerating its plans to move its practice management system and IT infrastructure to the cloud to provide “enhanced security” and operational efficiencies. The planned migration and the extra security measures are likely to have an affect on operations for a number of weeks.
A cyberattack was listed among 16 key risk factors to the company in its last annual report and was deemed “possible” on a scale of “remote” to “very likely”. It said that potential consequences could include a loss of client data resulting in reputational damage.
CVS had recently switched providers of antivirus software “to mitigate potential threats arising from the changing political landscape in Europe” and its internal audit performed a cybersecurity “gap assessment” last year.
Analysts at Panmure Gordon, the broker, said: “Not all practices have been affected equally, with some being able to operate ‘normally’ albeit offline.”
Analysts at Jefferies, another broker, told clients: “We cannot rule out an impact to full-year guidance, given the potential for higher costs and slower revenues.”
Advertisement
Shares in CVS closed down 2p, or 0.2 per cent, at 942p.
The stock has nearly halved over the past year and was sold off in September when the Competition and Markets Authority began a review of the market after concerns that customers were facing above-inflation increases in bills and amid rapid consolidation in the industry.
Last month the regulator announced plans for a formal market investigation after its initial review found “multiple concerns”, including that pet owners may be overpaying for medicines and may not be receiving enough information about treatments.
