ComputerWorld reported late last week that a server at the University of North Carolina School of Medicine at Chapel Hill was discovered in late July to have been hacked into, and that the social security numbers of 163,000 women participating in a UNC medical study were at risk.
The women were part of a National Institutes of Health funded mammography research project called the Carolina Mammography Registry. The hacked server contained the records of a total 231,000 women, but some 68,000 did not have their social security numbers as part of their records.
According to a story in today's The Daily Tar Heel, the UNC paper, the Carolina Mammography Registry "is a multi-site data collection network that tracks trends in breast cancer detection. It collects information from 31 locations across the state and analyzes them."
The Tar Heel also says that the hacked server was where research data was uploaded, and that it was not located behind a firewall. The records of another 400,000 women in the mammography study, however, were behind the firewall and were not breached.
UNC officials, who are notifying the women who did and did not have their social security numbers exposed say they are now looking for another way to transit study data.
And of course, they "sincerely" apologized for the security breach.
At least they didn't add the trite phrase that they took security seriously.
Robert N. Charette is a Contributing Editor to IEEE Spectrum and an acknowledged international authority on information technology and systems risk management. A self-described “risk ecologist,” he is interested in the intersections of business, political, technological, and societal risks. Charette is an award-winning author of multiple books and numerous articles on the subjects of risk management, project and program management, innovation, and entrepreneurship. A Life Senior Member of the IEEE, Charette was a recipient of the IEEE Computer Society’s Golden Core Award in 2008.
