Movie Sharing Program Causes A Security Breach In University Of California San Francisco
During routine University of California San Francisco (UCSF) monitoring of the campus computer network on January 11, 2008, UCSF discovered unusual data traffic on one of its computers. The investigation was completed this month and shows that an unauthorized movie-sharing program had been installed on this computer on or about December 2, 2007, by an unknown individual. The computer also held personal patient information of 3569 patients of Pathology and Laboratory Medicine. Installation of this program required high-level system access, which is why the incident is considered a security breach.
The University of California San Francisco alerted the group of patients that it has discovered a security breach after immediately removing the computer from the network to prevent further access. There is no indication that any patient files were accessed. According to UCSF, the administration takes this situation very seriously and is therefore responding with the highest level of caution and concern.
UCSF conducted a thorough investigation into the incident to assess how this breach occurred and whether any patient information may have been compromised. The data included information such as patient names, dates of pathology service, health information and, in some cases, social security numbers. The Department of Pathology has notified 2,625 UCSF patients whose information was contained on the computer. The files also included 944 patients whose tissue samples had been referred by other health care providers to UCSF for analysis.
A top-level task force has been created to improve the system of controls to protect patient information and other sensitive data. This task force is composed of campus leadership and is chaired by Executive Vice Chancellor and Provost Eugene Washington.
UCSF has established a special phone line (415) 353-7427 and a special email address [email protected] to answer questions from patients who received notification letters informing them about this recent breach.
More on CyberInsecure:
April 19th, 2009 at 10:08 am
Well written. It’s an enjoyment to read fluent articles like this.