163,000 Notified in UNC Breast Survey Breach

Patients from 31 sites across country affected
September 29, 2009

Women enrolled in a University of North Carolina breast cancer study got some unwelcome news last week from Chapel Hill. A hacker had managed to gain access to a server containing information on 263,000 mammogram research participants, the school informed them. Of these records, 163,000 included Social Security numbers, according to a report in The News & Observer.

It’s not clear whether the hacker copied any of the data (though doing so and covering one’s tracks isn’t that difficult, a security firm consultant tells the newspaper). Also unclear is the identity of the perpetrator or even where the attack originated. While UNC-CH officials and a private computer forensic expert have been on the case two months, there are still no leads, according to the newspaper.
 
Computerworld reports that the intrusion, as well as traces of a virus dating back to 2007, was discovered in July after a researcher reported problems accessing the system.

The Carolina Mammography Registry, funded by the National Institutes of Health, houses data on more than 662,000 women. The compromised server was one of two holding information submitted by radiologists at 31 sites across North Carolina, according to The News & Observer. Until recently, SSNs were still used as patient identification codes and, as a result, that information was available in some files.

The school has responded by shutting down the breached server and initiating a security review of the medical school’s 580 servers, as well as the process by which study data is electronically submitted, according to media reports.

Unfortunately, this latest university data intrusion is unlikely to be the last. Hackers prey on colleges and universities, in part because of their computer systems’ decentralized nature.  It’s a shame to see important research interrupted by a data snafu, and to see sensitive patient info compromised – making this yet another reminder of the importance of data security in an ever-evolving IT landscape.

Related alerts

New Health Data Rules Take Effect

800+ Patient Record Violations Reported in Calif.

Stolen University of Miami’s Tapes Hold Patients’ Data


Related newsletter

America's Universities: A Hacker's Dream [pdf]


©2003-2010 Identity Theft 911, LLC. All rights reserved.

.
.