Keylogger malware found on three UC Irvine health center computers

Share this article:

More than 1,800 University of California (UC), Irvine, students, as well as nearly two-dozen non-students, are being notified that they may have had unencrypted personal information compromised after keylogger malware was discovered to have been on three Student Health Center (SHC) computers for about six weeks.

How many victims? An investigation is ongoing, but it is estimated that 1,813 students and 23 non-students were impacted. 

What type of personal information? Names, addresses, phone numbers, student ID numbers, non-student patient ID numbers, health and dental insurance policy ID numbers, bank names and check numbers for services paid by check, amount of payment received by SHC for services rendered, Current Procedural Terminology descriptions and codes, and ICD-9 codes and diagnoses.

What happened? The California Information Security Office (CISO) notified UC Irvine that one of the computers in the SHC had been infected by malware. An investigation then revealed that three computers had been infected with keylogger malware for about six weeks.

What was the response? The three infected computers were taken down from the network. SHC employees were required to change their passwords. A report was filed with law enforcement and an investigation is ongoing. Regularly performed campus-wide reviews of data security practices are being expanded and all SHC computers are being upgraded with anti-virus and other security programs. All impacted individuals are being notified and offered a free year of monitoring services.

Details: CISO notified UC Irvine on March 26 that one of the SHC computers contained malware. The infection lasted from Feb. 14. to March 27. The malware sent the unencrypted information to an IP address outside the UC Irvine network.

Quote: “We have no indication that the data [has] been fraudulently used,” according to a statement emailed to SCMagazine.com on Thursday.

Source: A statement emailed to SCMagazine.com on Thursday.

Share this article:

Sign up to our newsletters

POLL

More in The Data Breach Blog

Hackers breach social network MeetMe

Hackers took advantage of a vulnerability and were able to access information on an undisclosed number of MeetMe users.

Professor hacks University Health Conway in demonstration for class

A computer science professor from the City College of San Francisco accessed a University Health Conway server containing patient data as part of a demonstration for a class.

Another breach involving Onsite Health Diagnostics, Kansas City hospital impacted

Children's Mercy Hospital is notifying more than 4,000 individuals that their information may have been compromised after an Onsite Health Diagnostics system was breached.