WVIR reports:
The University of Virginia Health System is notifying patients of a cyber attack that affected the hospital.
The hacker was able to get access to private medical records for 19 months.
The FBI discovered that a physician’s devices with the Health System were infected with malware, which allowed the hacker to see what the employee was viewing on devices at the same time.
According to the FBI, the hacker may have been able to view patient information from May 2015 to December of 2016.
Read more on NBC29. See also WHSV. It’s pretty good that they discovered the breach in December 2017 and have already made an arrest. They do not say how they discovered the breach, though, and why it wasn’t discovered much sooner.