The San Antonio Institute for Women’s Health, touted as San Antonio’s largest OB-GYN practice, has been struck by keylogging malware, breaching both financial and personal health data.

IFWH officials discovered the malware on its network on July 6, though cybercriminals had installed the malware on June 5. It took the team at IFWH until July 11 to remove the virus and another two days to confirm it was completely removed from servers and workstations.

During the month it was installed on the network, the keylogging malware recorded and transmitted all data as it was entered into the system. Officials said hackers stole names, dates of birth, Social Security numbers, addresses, medical procedures, billing codes, scheduling notes and other data.

[Join Your Peers at HIMSS’ Healthcare Security Forum! Register Today]

Further, the malware captured the financial information of all patients who paid for their services with credit or debit cards. But officials said the breach was limited to information internally entered by keyboards.

Officials are instructing patients to contact their credit card companies to secure their accounts and resolve any potential fraud issues, as some credit card information was obtained during the breach.

IFWH is providing all patients with one year of free identity theft protection and credit monitoring services and protection with a $1 million insurance reimbursement policy.

[Also: The biggest healthcare breaches of 2017 (so far)]

“A variety of security measures were in place before this incident, including network filtering and security monitoring, firewalls, antivirus software and password protection,” officials said in a statement. “After the incident, IFWH implemented additional safeguards to improve data security on its web server infrastructure and  reduce the risk of exploitation.”

IFWH is continuing to assess its security systems.

No information entered into its patient portal was accessed by the cybercriminals, officials said.

The provider reported the breach to the FBI and the U.S. Department of Health and Human Services’ Office of Civil Rights. The OCR’s breach reporting tool does not yet have the number of patients affected by the breach.

While ransomware and phishing attacks are often seen as the most notorious and disruptive attack method on the healthcare sector, keylogging malware can often go undetected for long periods of time and are used to quietly obtain sensitive data by running underneath the operating system.

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com