University of North Carolina School of Medicine Study-Server Hacked

ComputerWorld reported late last week that a server at the University of North Carolina School of Medicine at Chapel Hill was discovered in late July to have been hacked into, and that the social security numbers of 163,000 women participating in a UNC medical study were at risk.

The women were part of a National Institutes of Health funded mammography research project called the Carolina Mammography Registry. The hacked server contained the records of a total 231,000 women, but some 68,000 did not have their social security numbers as part of their records.

According to a story in today's The Daily Tar Heel, the UNC paper, the Carolina Mammography Registry "is a multi-site data collection network that tracks trends in breast cancer detection. It collects information from 31 locations across the state and analyzes them."

The Tar Heel also says that the hacked server was where research data was uploaded, and that it was not located behind a firewall. The records of another 400,000 women in the mammography study, however, were behind the firewall and were not breached.

UNC officials, who are notifying the women who did and did not have their social security numbers exposed say they are now looking for another way to transit study data.

And of course, they "sincerely" apologized for the security breach.

At least they didn't add the trite phrase that they took security seriously.


Risk Factor

IEEE Spectrum's risk analysis blog, featuring daily news, updates and analysis on computing and IT projects, software and systems failures, successes and innovations, security threats, and more.

Robert Charette
Spotsylvania, Va.
Willie D. Jones
New York City