Keylogger Hack At Root Of HIPAA Breach

Erin McCann | HealthCare IT News | May 19, 2014

Computers infected for more than a month

A keystroke logger infecting three computers has been blamed for swiping the medical and financial data of UC Irvine Student Health Center patients. The keylogger was discovered by the California Information Security Office March 26, and had been capturing and transmitting the data to unauthorized servers for more than one month before being detected, according to a UC Irvine patient notification letter. Some 1,836 patients were affected by the breach, according to an SC Magazine report.

Patient names, unencrypted medical information, including diagnoses, bank name, check numbers and ICD-9 codes were believed to have been transmitted to the unauthorized servers. The three infected computers were reportedly immediately disconnected from the Internet upon discovery. UC Irvine will be providing affected patients with one year of credit monitoring services...