Keylogger hack at root of HIPAA breach

Computers infected for more than a month
By Erin McCann
11:00 AM
Share
A keystroke logger infecting three computers has been blamed for swiping the medical and financial data of UC Irvine Student Health Center patients. 
 
The keylogger was discovered by the California Information Security Office March 26, and had been capturing and transmitting the data to unauthorized servers for more than one month before being detected, according to a UC Irvine patient notification letter. Some 1,836 patients were affected by the breach, according to an SC Magazine report
 
 
Patient names, unencrypted medical information, including diagnoses, bank name, check numbers and ICD-9 codes were believed to have been transmitted to the unauthorized servers. 
 
The three infected computers were reportedly immediately disconnected from the Internet upon discovery. UC Irvine will be providing affected patients with one year of credit monitoring services. 
 
"UC Irvine regrets that your information may have been subject to unauthorized access, and we have taken and continue to take remedial measures to ensure that this situation is not repeated," wrote J. Patrick Haines, executive director of the Student Health Center, and Marcelle C. Holmes, assistant vice chancellor of wellness, health and counseling services at UCI. 
 
 
Attempts to reach UC Irvine officials regarding details of the breach were unsuccessful. 
 
The best way to protect your organization from keyloggers includes using one-time passwords or two-step authentication; using system virus protection that detects keylogging software; and utilizing a virtual keyboard, wrote Nikolay Grebennikov, chief technology officer at Kaspersky Lab, in a blog post on the topic. Most anti-virus vendors, as he pointed out, already include keylogger detection in their database. 
 
Hacking has been involved in the HIPAA breaches of more than 2.6 million patient records since 2009, according to data from the Department of Health and Human Services. Some 31.4 million people have had their protected health information compromised following a breach. 
 
Just in March, a small-town Colorado hospital reported that a computer virus was responsible for a breach involving 5,400 patients after it collected screen shots and encrypted patient data in a hidden file system.