Patient confidentiality is a top priority for hospitals, but IU Health Goshen is now taking added steps after learning a virus snaked its way into an online server. The terminals housed personal information for nearly 13,000 job applicants and patients combined.
Lilupophilupop is the bug's official title. While an exact originating IP address is still unknown, internet investigators have tracked the source to one of six locations, all outside of the United States.
Hospital officials are now doing all they can to calm nerves and improve online security.
"We moved very quickly as soon as we found out that there was a virus on our server,” hospital spokeswoman Melanie McDonald said.
It was Dec. 22, 2011 when officials first learned a virus had infiltrated its offsite server, located 900 miles away in Waltham, Mass. By doing so, it potentially gathered data like names, addresses, Social Security Numbers and personal insurance history.
"It’s a server that's connected to the internet and therefore with that connection being online, it opens you up to vulnerabilities,” McDonald added.
Of the 13,000 files potentially compromised, fewer than 500 involved online pre-registration forms for the hospital's birthing unit and outpatient wing. The bulk involved more than 12,300 job applications filed during the last five years.
"This has become all too common for banks and universities and health care institutions. Everyone is somewhat vulnerable, no matter how sophisticated your security measures are,” McDonald said.
While it's still unclear if the hackers actually managed to access any files, IU Health Goshen is offering every victim one year of free credit monitoring through Equifax to err on the side of caution.
“We’re going to pay for that because we realize that ultimately it is our responsibility. We want to be sure, absolutely 100-percent sure, that should that data have been accessed, we're going to do something about it,” McDonald concluded.
Hospital officials say no detailed patient medical data was compromised by this virus. That sort of information is stored offline for this exact reason.
For people who’ve filed forms online or applied for work at IU Health Goshen in the past, the hospital sent its first waive of notices Monday with a second round to be mailed-out by Friday. Officials say if you don’t receive a letter by next week, you’re information was not lodged on the server in question.