SAN ANTONIO – The Institute for Women’s Health (IFWH) has notified patients of a web security incident that took place earlier this summer.
On July 6, 2017, IFWH discovered a keylogger virus on its computer network. The company took swift action to remove it from the majority of all network computers and terminal servers by July 11, 2017, resolving it completely by July 13, 2017. Subsequent investigation confirmed the keylogger program was installed June 5, 2017.
IFWH recently sent letters to those patients who may be affected by this incident. If a patient paid for services with a credit or debit card from June 5, 2017 through July 11, 2017, some of their credit or debit information may have been captured. Other types of information found to be affected generally include the following: names, addresses, dates of birth, Social Security Numbers, scheduling notes, current procedural technology and other billing codes, and any other information that may have been keyed (typed) into the IFWH system during this time period. Any information that was not keyed into the system was not affected. Patient Portal information was not accessed at any point.
The letter recently sent to patients whose information may have been compromised included instructions on how to utilize the safeguards IFWH implemented in light of this incident. IFWH is offering these potentially affected patients identity theft protection services through ID Experts® to provide them with MyIDCare™. MyIDCare services include: Twelve months of credit monitoring, a $1,000,000 insurance reimbursement policy, exclusive educational materials and fully managed ID theft recovery services. IFWH encourages patients to work with their credit card company or bank to take appropriate measures to protect their accounts, and also to contact ID Experts with any questions. More information can be found in the letter provided to affected patients. IFWH also notified both the Federal Bureau of Investigation and the Department of Health and Human Services.
A variety of security measures were in place before this incident, including network filtering and security monitoring, firewalls, antivirus software and password protection. After the incident, IFWH implemented additional safeguards to improve data security on its web server infrastructure and reduce the risk of exploitation. IFWH continues to assess its security systems and work with the appropriate law enforcement agencies to prevent future breaches.
IFWH takes its patients’ privacy and the security of information very seriously, and deeply regrets any inconvenience this may have caused. Patients should call 1-844-402-8564 for assistance or with any additional questions.