Aurora Health Care recently discovered it was the target of a cyber-attack that affected some of its workstations and servers. The malware was designed to capture login information used on mostly financial websites and some social media sites, but Aurora chief communications officer Mike Brophy said there is no evidence that the malware accessed any health or insurance information of employees or patients.
“While we have no evidence to suggest that sensitive information has been misused, out of an abundance of caution, we are notifying current and some former employees as to this incident,” Brophy said. “As part of our notification, we are offering free credit and identity monitoring services to those who wish to take advantage of it.”
Aurora’s internal IT team discovered the malware on Jan. 27 and immediately initiated a full investigation. Aurora reached out to the national cybersecurity firm Mandiant to remove the malware, conduct a forensics analysis and help safeguard sensitive information from future attacks. Aurora also notified the FBI.
Aurora, the state’s largest health system, believes that the malware has been removed and the system’s security restored, but it is advising all who may have been affected to change their login credentials to sites that contain sensitive information, such as their personal financial institutions.
“We have taken additional steps to help safeguard against future incidents, including the installation of upgraded surveillance and audit technologies to detect unauthorized intrusions and advanced encryption technologies to protect information assets, such as laptops that may contain sensitive information,” Brophy said. “Additionally, we are reinforcing our existing policies and processes and rolling out enhanced training and awareness programs with employees.”