Share
CHAPEL HILL A hacker has infiltrated a computer server housing the personal data of 236,000 women enrolled in a UNC Chapel Hill research study. Among the information exposed: the Social Security numbers of 163,000 participants.
The data is part of the Carolina Mammography Registry, a 14-year-old project that compiles and analyzes mammography data submitted by radiologists across North Carolina.
Though the intrusion was detected in late July, computer forensics experts say it might have happened two years ago, said Matthew Mauro, chairman of the UNC Department of Radiology.
UNC officials and a private computer forensic expert have spent two months investigating, but they still don't know who did the hacking, where the attack originated, or even whether data was downloaded.
"There's no direct evidence that any information has been removed," Mauro said. "But we can't say for sure."
The compromised server had all required security measures, Mauro said. It was one of two housing data on more than 662,000 women. That information is submitted to UNC electronically, a process that will be tightened, Mauro said.
Until several years ago, Social Security numbers were used as patient identification codes, which is why that information was part of some patient files.
The project is funded by a five-year National Institutes of Health grant worth more than $2million. Mauro and the project's chief researcher, Bonnie Yankaskas, say they hope the security breach doesn't affect future federal funding.
A spokeswoman for the NIH declined to comment Thursday.
"This is the worst thing that could possibly happen," said Yankaskas.
While they didn't find evidence files were downloaded, investigators found traces of viruses dating to 2007, Mauro said, an indication the registry had been compromised for that long.
Snyder cautioned that information might have been removed without trace.
