Wisconsin-based Aurora Health Care is notifying current and former caregivers after discovering malware on some of their workstations and servers. The malware was discovered on January 27.
A forensics investigation revealed that the malware was designed to intercept active sessions and capture login information when certain web sites – mostly financial and some social media – were accessed. A list of the sites is available on Caregiver Connect, but employee or partner login is required to access that.
Those affected have been offered one year of Experian ProtectMyID services and have been encouraged to change their passwords to web sites that may have been accessed from Aurora computers.
As a result of the incident, Aurora Health has implemented additional safeguards that include upgraded audit and surveillance technologies to detect intrusions and advanced encryption to protect information assets. Additionally, they are reinforcing existing policies and processes and rolling out enhanced training and awareness programs for caregivers.
A copy of the notification letter was uploaded to the Vermont Attorney General’s site, here.
Updated: Brian Krebs uploaded the FAQ from the incident with the list of web sites.