Share this article on:
Ransomware attacks on healthcare organizations have increased, although that is far from the only malware threat. Keylogging malware can be used to obtain sensitive information such as login credentials, or in the case of the San Antonio Institute for Women’s Health (IFWH), credit and debit card information as it was entered into its system.
The keylogging malware was discovered on the IFWH network on July 6, 2017, prompting a forensic investigation of its systems. That investigation revealed the malware had been installed on June 5, although it took until July 11 for the malware to be removed from the majority of its systems and a further two days for IFWH to confirm that the malware had been completely removed from all terminal servers and workstations.
During the time that the malware was present, it recorded and transmitted sensitive data as information was entered into its system. The types of data recorded by the malware between June 5 and July 11 includes names, dates of birth, addresses, Social Security numbers, scheduling notes, current procedural technology and other billing codes and other information that was entered into its system between those dates.
Any patient that paid for medical services using a credit or debit card between the above dates may have had their card data captured by the malware. IFWH said the incident was limited to information entered internally via keyboards. Data entered into its patient portal was not obtained by the hackers.
The Department of Health and Human Services has been informed of the breach and the incident has been reported to the Federal Bureau of Investigation. All patients impacted by the incident have now been notified of the breach by mail and have been offered identity theft protection services via ID Experts MyIDCare program. Patients will also benefit from 12 months of credit monitoring services and protection with a $1,000,000 insurance reimbursement policy.
Since credit card details were obtained, patients have been requested to contact their credit card companies and work with them to resolve any fraud issues and secure their accounts.
IFWH issued a statement confirming layered security defenses had been implemented prior to the malware attack, but those controls failed to prevent the virus from being installed. Those measures included network filtering and security monitoring solutions, firewalls, antivirus solutions and password protection. The malware attack has prompted IFWH to bolster its defenses to prevent further breaches, including enhancing data security on its web server infrastructure.