Officials at UMass-Amherst are reporting a malware program has potentially exposed the private health information of clients at a University clinic. The malware was first detected in early April on a workstation at the University’s Center for Language, Speech and Hearing, which provides services for people with communication disorders, differences or delays. Spokesman Ed Blaguszewski says a University investigation found the infected workstation contained the patient records of some 1,670 clients, including addresses, birth dates, social security and insurance numbers, and other confidential information.
“There is no evidence suggesting the data was copied from the workstation, but it’s possible it could be. And so we have an absolute obligation under the law to notify people so they can be monitoring their records and be aware of any misuse.”
Blaguszewski says letters are also being sent to clients whose records were possibly affected. And he says more steps have been taken to improve security at all workstations at the Center.
“That includes installing automated software to detect malicious activity in the future. And we’re going to be providing additional training and security practices for current staff and any new staff that come on board to make sure they’re following the right protocols to protect the data.”
It’s still not known who installed the malware, but Blaguszewski says large businesses and institutions like UMass have come under increasing attack from malware probing for sensitive information.