Hacker Behind FruitFly Malware on University of Virginia Health System

Around 1,900 people who were treated by the University of Virginia Health System are being contacted to be made aware that a hacker has gained access to their medical information using a malware infection.

The malware in question had been loaded onto the devices in use by a physician at UVa Medical Center. When medical histories were accessed by the physician, the malware permitted the hacker to see the data in real time. The malware software was first loaded onto the physician’s devices on May 3, 2015, with access open until December 27, 2016. Throughout those 19 months, the hacker was able to see the medical histories of 1,882 people.

The types of data seen by the hacker incorporated names, addresses, dates of birth, diagnoses, and treatment details, according to a UVa spokesperson. Financial data and Social Security numbers were not accessed as the physician did not have permissions to view them.

Access to the protected health information of its patients ended towards the latter part of  2016, although UVa did not identify the breach for almost a year. UVa was made aware of the security breach by the FBI on December 23, 2017, after an extensive investigation into the hacker’s operations. Patients affected by the breach were notified this month.

UVa has since put in place a number of extra security controls to prevent further incidents of this nature from happening.

Thousands of Victims’ Sensitive Information Accessed

The hacker has been named as Phillip R. Durachinsky, 28, of North Royalton, Ohio. Durachinsky supposedly developed a Mac malware called FruitFly more than 13 years ago and employed the malware to spy on thousands of people and companies. The malware supplied Durachinsky with full access to an infected computer, including access to the webcam. The malware captured screenshots, allowed the uploading and downloading of files, and could record keystrokes. Durachinsky also developed the malware to allow him a live feed from multiple infected computers at the same time. UVa is just one victim of this hacker. Other businesses were also impacted and had information accessed, although the extent of the hacker’s activities have not fully been ascertained. The FBI investigation is ongoing, although the hacker has been arrested and charged in a 16-count indictment for numerous computer offenses including breaches of the Computer Fraud and Abuse Act and Wiretap Act, in addition to aggregated identity theft and child pornography.

Organizations affected include schools, businesses, healthcare groups, a police department, and local, state and federal government officials. Over 13 years, Durachinsky spied on thousands of people, mainly using the Mac form of the malware, although a Windows-based variant was also utilized.