Archives for posts with tag: computers

The Missing I.T. Skill

April 2, 2022 //
0

For all the time that I have been managing veterinary hospitals I have also had oversight responsibility for the computers and technological systems (I.T.) employed at those hospitals. Coming from a technical background in the entertainment lighting world, this just seemed to be a natural extension of my existing skill sets – the things that make me good (hopefully) at what I do.

One of the things that I have always been passionate about is data security. I’ve written articles and had them published on the subject. I made sure my hospitals had proper backup procedures, good anti-virus protection, updates ran regularly, and great firewalls.  I’d always felt that there is always an element of carelessness, or lack of understanding of the risks, when hearing about those that have fallen foul of hardware failures or ransomware. Nothing in my years of experience did anything to dissuade me from this impression.

Until one of my hospitals was hacked.

The story starts first thing on a Sunday morning when I get a call from the office manager on site saying that they are unable to get their practice management software up and running. I try logging in remotely and get nowhere so I make the five-minute drive to take a look. What meets me on the screen of the server is a message that runs my blood cold and leads to feeling of despair sinking into my stomach.

“Your System has been hacked. All of your data has been encrypted. To release your, data payment must be made via Bitcoin….”

We have backups, we have a replication server, we’ll be fine.

We were not.

The ransomware attack had been possible due to one the connections that we used to allow doctors to write up their medical records from home. In addition, there had been an old user with administrator rights that had somehow been overlooked and led to the hacker being able to access the server. The height of irony was that we were in the process of moving over to a more secure system to allow remote access when this attack took place. If we had been a couple of weeks further along this attack would not have been possible as it unfolded.

Our server was encrypted, our replication server was encrypted, our daily incremental backup drive was encrypted, our weekly full backup drive was encrypted, and several workstations were also encrypted. We had no internet, no practice management software, and so no access to medical records, schedule, email, or files.

Paying was not an option on general principles.

Our last hope was offsite cloud backup.

This backup had been fully protected and within 24 hours we were able to have remote access to this so we could access schedule and records.

We tried for three days to download the massive database onto a drive to allow us to restore the server. After three days of failure, in part cause by file size, an inopportune Windows automatic update, and network / computer stability issues, our cloud backup vendor arranged for a physical drive to be sent to us. Once the drive arrived (at 8PM at night several days later) the instructions were unclear as to how to access what had been sent to us and the cloud backup provider did not have anyone on staff late at night who knew how the drive had been prepared. We finally restored functionality to most of the hospital on the seventh day after the attack.

Lessons learned

Our I.T. vendor had, for the most part, been great. They understood the position we were in and I, in turn, protected them from the owners and staff who were rightly upset and frustrated. I had several moments of frustration myself , particularly when it came to getting a physical drive from the cloud backup vendor which turned into a comedy of errors. But both sides were able to work on the problem and maintain a professional atmosphere. We’ve had a long relationship with our I.T. support vendor and they have been very good to us in turn. They understood our need to go with other suppliers for things such as phone systems and servers but were still being prepared to help support those items and the overall health of our networks. Without that long term relationship, and atmosphere of mutual trust, things could have been very difficult indeed.

We used our barely functioning network to try and download a huge amount of data. We should have done this offsite, at one of our other locations. We should have also immediately requested a physical drive to be sent to us. I offered multiple times to get on plane and courier the drive personally, however, this was turned down but did add to the pressure on the cloud backup company to get their act together.

Try to be calm. After all was said the done the total loss of business for the week that we were unable to either take care of that week or squeeze into the following week was estimated at 4% – well within the normal variation from week to week. Not even close to the amount to bother our insurance company with. Clients will understand. Deal with what you can, improvise, and communicate as much as possible with everyone.

The major lesson that I learned, however, was one of humility. Anything can he hacked. All it takes is time and a willingness to spend that time. There was, in the heat of the moment, a number of times when the blame game reared its head. I made the decision to not allow that from anyone, feeling that if there was any blame it was the wrong time to even talk about it. What I ultimately realized that what is important was not in preventing a hack, but our resilience if the face of that attack. It is not a matter of if, but when. We lost no data – I consider that a great victory. We lost little to no business – I also consider that a victory. We also came out the other side of the ransomware attack with a much stronger awareness and agreement on the importance of cyber security.

Humility is not an excuse, or a reason to not try everything possible to prevent issues. But it helps with the realization that all systems are vulnerable. That the very things that make I.T. systems so great and useful, are also the things that can lead to vulnerabilities.

Humility is directly related to resilience. When bad things happen what is important is that we can recover from them as quickly and easily as possible- not to pretend that there are no bad things or that we are immune to them.

Tags , , , , , , , , , , , , ,
Categories I.T., Management

So you want to be a Manager? Part Two: Know What You Need to Know

March 23, 2014 //
2

In this ongoing, and occasional, series I discuss the process of learning to be a manager. Since my background is for the most part in the veterinary field we will mostly focus on the peculiarities of that industry; however, the majority of points made here are transferable to other professions / industries.

In the previous post, we looked at the initial steps in becoming a new manager. In this post we look at potential areas of responsibility.

New managers, or rather managers who are new to managing, can face a couple of dilemmas in their first few days in the job. The unlucky ones face both!

The first is being overwhelmed by all the areas of responsibility that have now landed squarely upon your shoulders. The second is not knowing what your responsibilities actually are, and therefore, not really knowing what your job is.

Take a deep breath and relax.

The first is easy – you will be overwhelmed, you will always be overwhelmed. It is the middle name of all managers. Split your days up, as much as you can, by focusing on different areas each day (see below), and prioritize.

The second is also easy – the buck stops with you. If it doesn’t, then you need to act like it does unless instructed to by your owner, or a more senior manager. You may not know anything about Information Technology (I.T.) other than it is a fancy term for computers. But if the computers are not working then you are the one responsible and in all likelihood fixing them or calling the person who can.

I have identified a number of areas that managers may, or may not, be responsible for. Depending on your particular circumstance, some of these will not apply, or you may share the responsibility with another person. If nobody is looking after that area then guess what? That area is now your responsibility.

We will look some of these areas in more depth in future posts, but for now, welcome to your new world…

The Building

I have worked in buildings that are over 100 years old and in buildings that are brand new and they all had one thing in common: things always break down, never worked properly, or need upgrading. In other words buildings, and the equipment inside them, need looking after. Few things can grind a business to a halt as quickly as a building problem. Having no water, no electricity, or no access to your building, means that in very short order you are closed. This does not mean that you have to understand plumbing, electricity, how quickly concrete sets, or the basics of I.T. (however a little knowledge is very useful) but it does mean you need to work closely with those that do and ensure that you trust them. You do also have to listen to them, and not just hear what you want to hear. They know nothing about veterinary medicine, for example, so they know more about their field than you do.

Staff

We are going to cover managing people in a future post; however, it is important to note that the staff look to you to be there for them. Remember the only stupid question is the one not asked and communication can never be a bad thing. So encourage the staff to talk to you.

H.R.

Human Resources (or H.R.) is the general catchall term given to the hiring, firing, benefits, coaching, and disciplining of employees. It is usually a job that requires a lot of paperwork and attention to detail. Depending on your circumstances, H.R. can make up a significant proportion of your time and it can also land you in hot water if handled incorrectly. I consult colleagues regarding H.R. issues more than any other subject.

Payroll can also sometimes fall under H.R. although this may be more of a support roll to either an outside company or in-house accountant. If you do find yourself handling payroll in its entirety and you do not know what you are doing – STOP! There are computer programs, companies, and accountants who can all help with this. Nothing will undermine you quicker than getting payroll disastrously wrong. 

Belonging to an organization such as your local SHRM (The Society for Human Resource Management) chapter is also a great way to get tips, C.E. and to build a support network in what in itself can be an overwhelming area of the manager’s responsibilities.

 Financial

You don’t need to be an accountant to have a significant interest and impact on the financial management of your business. The days takings need to be reconciled and deposited with the bank. Credit cards need to reconciled both daily and monthly when the statements come in. If they are not already in place, controls need to be developed so that nobody, including you, has too much access and unsupervised control over any financial area. Bills need paid, money put aside for taxes and payroll, but an eye also need to be kept on how the business is doing. Are we doing better than last year or worse? Not are we busier, but is more money coming in the door?

Marketing

I’ve covered starting a marketing program in this series of posts; however it is important to remember that marketing can be as simple as making sure that your opening hours are correct on the front door and, for a veterinary hospital, that your vaccine and appointment reminders are going out.

Inventory

Supplies need to be ordered, expired stock needs to be removed / returned, and checks and balances need to be put in place so that pilfering can be noticed and stopped.

Safety

Safety is more than making sure that all of OSHA’s boxes are ticked. Although this in itself can be a monumental task depending on where you are starting from. Being responsible of the safety of the employees, and your clients, means that you have to be the bad guy. It is not enough to tell staff to wear the proper Personal Protective Equipment (PPE) you are now responsible for ensuring that they do.

San Juan College have a great presentation on OSHA and the veterinary practice that forms part of their Veterinary Technician program – well worth checking out.

Scheduling

Even if you do not handle the mechanics of your hospital’s schedule, you may well have to give guidance as to staffing levels and when is a good time to give vacation time and when is not – for example. It may not be your fault that you do not have enough staff on a busy day or time of year but it is your responsibility.

Regulatory Compliance

Taking a critical eye to a practice, or any business for that matter, and ensuring that things are being done in a correct and legal way can be a seriously challenging task. This is particularly true when you may be asking people to change how they have done things for a significant period of time. However, it is part of the job and is one of the areas where getting it wrong can have significant consequences for both the business and you personally.

State Veterinary and Pharmacy boards vary widely in how helpful they are in response to questions about interpretation, but as a rule it never hurts to ask.  Certainly reading the practice acts that govern your state is a great start and reaching out to other managers through a local organization as we discussed in the last post will also be extremely useful.

Clients

All businesses are ultimately about clients. You can have the best veterinary practice in the world but without client’s you’ll close. Ensuring that they are looked after and that they have a great experience at your facility is outside the remit of this post; however, it is part of yours as manager. If you want a starting point take a look at this earlier post of mine about getting the basics right.

Managers can have an extremely wide, and challenging, portfolio of responsibilities. The most challenging ones; however, are the ones you don’t know about.

Remember, the buck stops with you. 

Did I miss anything? Let me know in the comments!

For those looking for more on being an existing manager and starting a new position, this may be for you.

Additional Resources:

Be Safe! Manager's Guide to Veterinary Safety by Philip J. Seibert, Jr. CVT

Click on the image to take you to the AAHA Press page for this book.

It is hard to beat Philip J. Seibert, Jr. CVT when it comes to putting together an OSHA program and this single volume, Be Safe! Manager’s Guide to Veterinary Safety which I reviewed here, although pricey is a great place to start your program.

Just like Phil is hard to beat when it comes to safety, it is hard to beat Scott Stratten when it comes to customer service. I strongly suggest seeking Scott out on YouTube; but for those of you who might like the written word The Book of Business Awesome / The Book of Business UnAwesome is for you and my review is here.  

As always, clicking on the pictures will take you to Amazon and where Amazon may give me a tiny percentage to help my book buying habit.

Tags , , , , , , ,
Categories Business, Career Advice, Customer Service, Leadership, Management, Regulations, Veterinary
%d bloggers like this: