1,900 UVA Patients’ PHI Retrieved by Hacker Behind FruitFly Malware

February 24, 2018

Nearly 1,900 patients of the University of Virginia Health System are being informed that an illegal person has gained access to their medical files as a consequence of a malware infection.
The malware had been loaded onto the appliances used by a doctor at UVA Medical Center. When medical files were retrieved by the doctor, the malware permitted the hacker to see the data in real time. The malware was first loaded onto the doctor’s electronic appliances on May 3, 2015, with access possible until December 27, 2016. Over those 19 months, the hacker was able to see the medical files of 1,882 patients.
The kinds of information viewed by the hacker contained names, diagnoses, dates of birth, addresses, and treatment information, as per a UVA representative. Fiscal information and Social Security numbers were not exposed as they were not accessible by the doctor.
Access to the PHI of its patients ended in late 2016, even though UVA didn’t find the breach for nearly a year. UVA was informed of the safety breach by the FBI on December 23, 2017, after an extensive inquiry into the hacker’s activities. Patients impacted by the break were informed by post this month.
UVA has since applied a number of additional safety controls to avoid further occurrences of this kind from happening.
Thousands of Sufferers’ Confidential Information Seen
UVA is only one sufferer of the hacker. Other companies were also affected and had information undermined, even though the range of the hacker’s activities have not completely been established. The FBI inquiry is continuing, even though the hacker has been arrested and accused in a 16-count indictment for many computer offenses including breaches of the Computer Scam and Misuse Act and Wiretap Law, besides combined identity thievery and the creation of child pornography.
The hacker has been identified as Phillip R. Durachinsky, 28, of North Royalton, Ohio. Durachinsky supposedly created a Mac malware known as FruitFly over 13 years ago and utilized the malware to spy on thousands of companies and people. The malware provided Durachinsky with complete access to an infected appliance, including access to the webcam. The malware took screenshots, permitted the uploading and downloading of records, and might log keystrokes. Durachinsky also created the malware to provide him a live feed from many infected computers at the same time.
Sufferers include healthcare organizations, a police department, businesses, schools, and local, state, and federal government officials. More than 13 years, Durachinsky spied on thousands of people, mainly using the Mac form of the malware, even though a Windows-based variation was also used.
Besides gaining access to UVA patients’ files, Durachinsky used the malware to see extremely confidential information of other non-UVA sufferers. He was able to gain access to photographs, tax records, financial accounts, and internet search histories. Durachinsky also supposedly secretly took pictures of his sufferers through webcams and kept notes on what he was able to see.
The FBI found that an IP address linked with the malware was also utilized to access Durachinsky’s alumni electronic mail account at Case Western Reserve University, which resulted in his arrest. Over 20 million images were found on Durachinsky’s appliances by the FBI agents.