Hackers Breach System At UMass

[rchick <rchicker () etiolated org>]

Apr 22, 2008
 By Lesley Tannerhttp://www.cbs3springfield.com/news/local/18021744.html

Hackers breached the computer system used by UMass Amherst's Health
Services, potentially gaining access to thousands of medical records.

More than half of the student population at UMass Amherst are patients on
record at the University Health Services.

"I've been here every time I've been sick this semester," says Freshman
Brooke Quinn.

"That's my doctor, it's where I go," says Senior Jennifer Scott.

That's why university officials were so concerned when they found a security
breach on the clinic's computer server. Though many of the most personal
medical records are kept on paper files, officials say some personal
information is available on the 150 computers used by the department.

"What we're doing is going through as quickly as we can," says UMass
Spokesperson Ed Blaguszewski. "And we are making an assessment and can't say
for sure that the material wasn't breached."

"I think that it is scary that anybody on our campus could have our personal
information and medical records," says Quinn.

But it's not their on-campus classmates students need to worry about.
Officials believe outside hackers wanted to use the server as a host for
illegal music and video downloads, one that would make the culprits
untraceable.

"It wasn't a case from what we can tell of someone being in the office and
breaking into a computer," says Blaguszewski. "These things are done
remotely often times from countries all over the world."

A fact that's even more unsettling for patients who were unaware of the
breach more than a week after it occurred. The University did post a notice
on the Health Services website, and say they are notifying patients when
they enter the clinic. But we found one student on her way out who still
didn't know.

"I wasn't aware of it, and no one I know was aware of it," says Scott. "If
it's that easy for someone who just wanted to get music who knows what would
happen for someone who was trying to get confidential information."

Campus officials say it will be weeks before they are completely sure what
information, if any, was taken off the computers. They say the entire campus
system is being looked at to avoid future breaches.

_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml