Keylogger virus nabs data from women’s health center

The Institute for Women’s Health, with eight care delivery sites in San Antonio, Texas, on July 6 discovered a keylogger virus on its computer network.

The provider organization now has completed the patient notification process and reported the data breach to the Office for Civil Rights for the Department of Health and Human Services and the FBI.

An investigation found the virus was installed on July 5. A keylogger virus, also known as spyware, logs keys struck on a keyboard in a covert manner with the intent to collect account information, credit/debit card numbers, user names, passwords and other data, according to data security vendor McAfee. The breach was resolved by July 13.

Additional information that was compromised includes dates of birth, addresses, Social Security numbers, scheduling notes and CPT and billing codes. The patient portal was not affected.

Also See: Feds issue an urgent alert on North Korean cyber threat

The Institute for Women’s Health declined to disclose the number of affected individuals, but that information soon will be posted on the HHS data breach web site.

The organization is offering affected individuals one year of credit monitoring and identity theft protection services from ID Experts, along with a $1,000,000 insurance reimbursement policy and educational materials on protecting accounts.

The Institute in a media notice said that a variety of security measures were in place before the attack, including network filtering and security monitoring, firewalls, antivirus software and password protection. As part of the remediation process, the Institute added new safeguards to improve the security of its web server and reduce the risk of exploitation.

The organization declined to provide additional details about the incident.

For reprint and licensing requests for this article, click here.