Why Antivirus Alone Doesn’t Protect Veterinary Practices

Most practices already run antivirus on the front-desk computers, the doctors’ laptops, and the server that holds the PIMS. So when security comes up, the answer is usually “we’re fine, we have antivirus.”

That was a good answer years ago. It isn’t anymore. Antivirus still helps, but it was built to stop one kind of problem, and most of what threatens a busy clinic today is a different kind. Here is the difference, in plain terms.

How antivirus works

Think of antivirus as a guard at the door holding a photo book of known troublemakers. Security companies collect examples of bad programs, take their picture, and send that photo book to your antivirus. When a file shows up on a computer, the antivirus checks it against the book. If it’s a match, it gets stopped. If it isn’t in the book, it walks right in.

That works well against problems the world has already seen and added to the book. For a long time, that covered most of what practices ran into.

Comparison showing traditional antivirus matches files to known-threat lists and runs during scans, while EDR analyzes program behavior, catches new and fileless attacks, and can isolate and roll back.

Why that isn’t enough anymore

The people behind these attacks know how the photo book works, so they go out of their way to stay out of it.

  • Many attacks never install a program at all. They quietly use tools your computer already has, so there’s no new file for the antivirus to check.
  • Some don’t use a virus at all. The attacker steals a password and simply logs in, the same way a staff member would.
  • The programs that lock up your files change constantly. By the time one version makes it into the photo book, a newer version is already going around.

In every case, the antivirus isn’t broken. It’s doing its job. The attack just never gives it the one thing it’s looking for: a face it already recognizes.

A ransomware attack in four steps: a bad link is clicked, it runs with no file to scan, it spreads to other PCs, then files are held for ransom. Antivirus misses the first three steps and only sometimes catches the last. EDR catches all four.

What’s actually at risk

Practices are sometimes told their data doesn’t matter. It does. A clinic keeps client contact details, payment information, and the appointment and medical records the whole day depends on. (Veterinary records are not covered by HIPAA the way human medical records are, so the rules are different. That doesn’t make the information any less valuable, or a shutdown any less painful.)

For most practices, the real damage is simpler: the day stops. If the PIMS won’t load or the server is locked, you can’t check patients in, appointments pile up, and the team is back to paper while someone scrambles to fix it. The cost usually isn’t a fine. It’s the hours, or days, the practice can’t work.

What EDR does differently

EDR stands for endpoint detection and response. The short version: instead of checking files against a photo book, it watches what programs are doing and steps in when something looks wrong.

It doesn’t need to recognize the attacker. If a program suddenly starts locking up hundreds of files, or a computer starts reaching out to a stranger on the internet, or someone logs in at 3 a.m. from a country you’ve never worked with, EDR notices the behavior itself. Then it can act: cut that one computer off from the rest so the trouble can’t spread, show your IT team exactly what happened, and in many cases put things back the way they were.

That ability to step in and contain the problem is the part antivirus never had. Antivirus removes a bad file. EDR stops an attack while it’s happening.

EDR isn’t just a fancier antivirus

It’s easy to assume EDR is antivirus with a new name. It isn’t. They do different jobs, which is why the better setups don’t rely on the photo book alone. The idea is simple: have more than one kind of protection, so if something slips past the first, the next one catches it.

One more thing matters if your practice doesn’t have IT staff on site. EDR raises an alarm, and an alarm only helps if someone hears it and responds. The tool on its own isn’t the whole answer. It works when it’s paired with people who watch for those alerts and act on them.

Where this fits with VetDPS®

VetDPS® (Veterinary Data Protection Standards) treats this kind of protection as a starting point, not a luxury. The standard expects this behavior-watching protection on every practice computer, because plain antivirus no longer keeps up with how attacks really happen. The standard sets the requirement. How any one practice meets it is a separate conversation.

The bottom line

Antivirus isn’t useless, and nobody should tear it out in a panic. But “we have antivirus” is no longer the same as “we’re protected.” If you’re not sure what’s actually running on your practice’s computers, or whether anyone would even know when something went wrong, that’s worth finding out.

If you’d like a quick, plain-language read on where your practice stands, the VetDPS Security Readiness Check takes just a few minutes at heimsys.com/self-check.

Scroll to Top