University of North Carolina at Chapel Hill has disclosed a data breach of one of its servers that exposed the identities of 163,000 women.
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.
The women were participating in a mammography study conducted by the UNC School of Medicine. The breach could date as far back as 2007, and has exposed Social Security numbers, dates of birth and other sensitive information on the study participants, according to a report in the Charlotte, NC-based The News & Observer.
Matthew Mauro, chairman of the UNC-CH Department of Radiology said computer forensics experts detected the breach in July. The exposed information was on one of two servers that housed data on more than 662,000 women. The data was being collected as part of the Carolina Mammography Registry, a project that compiles and analyzes mammography results submitted by radiologists in North Carolina.
UNC officials are sending out breach notification letters to all 236,000 study participants. The university began phasing out Social Security numbers as patient identification codes several years ago, according to the report. The university said it has also "tightened" its reporting system for the project.
Mauro told the News & Observer that the hacked server has been taken down while investigators examine server security across the medical school. The medical school has 580 servers housing research and clinical data. UNC Hospital patient data is maintained separately.
Universities have been increasingly targeted by hackers taking advantage of open networks to find holes leading to back-end servers and ultimately sensitive data. Last year, a hacker used a vulnerability scanning tool to compromise a server at the University of Florida's College of Dentistry. In April, a data breach at the University of California, Berkeley, exposed the information of more than 160,000 current and former UC Berkeley students and 3,400 Mills College students.