Fruitfly Malware Developer Illegally Accessed Medical Records of Almost 1,900 of UVa Patients

A long-time hacker was able to access medical records of close to 1,900 patients of the University of Virginia Healthcare System using malware infection.

How it was done

For over 19 months— from May 3, 2015 to December 27, 2016— the hacker was able to view medical records of 1,882 patients through a malware loaded onto the electronic devices used by one of the hospital’s physicians. Every time the doctor would access medical records the perpetrator was able to see the name, address, date of birth, diagnosis, and treatment information of the patient in real time.

Despite indication that the unauthorized access ended in 2016, it was only after a year that the FBI notified UVa Medical Center of the security breach. The FBI conducted a thorough investigation of the hacker and his operations and subsequently informed UVa on December 23, 2017.

To prevent similar occurrences in the future, UVa has set in place several security controls over their patients’ information.

Fruitfly Malware Developer

Hacker Phillip R. Durachinsky, 28, of North Royalton, Ohio was also behind the Mac malware named Fruitfly which he developed more than 13 years ago. In a span of 13 years he was able to spy on schools, businesses, healthcare organizations, even government officials and a police department because the malware allowed him full access to their devices. He was able to upload and download files, log keystrokes and take screen shots as he also tapped into the device’s webcam.

In his recent case, there are other businesses that were also affected aside from UVa. Durachinsky was also able to access highly sensitive information from them including financial accounts, photographs, tax records, and internet search history. He likewise purportedly took pictures using his victims’ webcams and noted what he was able to view. The FBI is still conducting further investigation to discover the range and magnitude of Durachinsky’s work.

What led to his arrest was the FBI’s discovery of an IP address which is associated with the malware used to open the hacker’s email account at Case Western Reserve University. Evidence of the extent of his operation was over 20 million images found by the FBI on Durachinsky’s devices.

Following his arrest, Durachinsky has been charged in a 16-count indictment for many computer violations including the Computer Fraud and Abuse Act and Wiretap Act, along with aggregated identity theft and creation of child pornography.