CVS Group cyber attack caused widespread disruption

One of the UK’s largest vet companies was hit by a “cyber incident” which caused disruption across all operations and a risk of “malicious access” to personal information.

An “ongoing operational impact” is likely, CVS Group said on April 8, due to increased security and monitoring of IT systems in the wake of the attack.

The company, which owns vet practices as well as diagnostic laboratories and pet crematoriums, said it had “recently detected and intercepted a cyber incident” on the morning of April 8.

There was “unauthorised external access” to a “limited number” of company IT systems, according to the CVS group.

No information on the possible attacker was given by the firm.

The privacy watchdog, the Information Commissioner’s Office, had been contacted due to the “risk of malicious access to personal information”, CVS Group added.

Efforts to contain the attack have “caused considerable operational disruption” over the past week, and IT systems had been temporarily taken offline in an attempt to isolate the issue and prevent wider unauthorised access.

Those steps have, to date, been effective in preventing further external access to CVS systems, it said.

While the majority of veterinary care has continued, some IT systems are “not working as efficiently” as usual which is affecting operations in vet practices, the CVS group said on the day of the attack.

CVS Group buys up smaller vet practices and in February 2022 owned 467 across the UK.

It’s listed on the London Stock Exchange but also has operations in the Netherlands, Ireland and Australia which were unaffected by the attack.