Hackers attack UNC-based mammography database

On Friday, Sept. 25, the UNC School of Medicine will begin notifying women statewide whose Social Security numbers and other personal data may have been exposed when hackers breached the security of a database containing information recorded as part of a mammography research project.

“We deeply regret that this security breach exposed thousands of people to the possibility of identify theft,” said Dr. Matthew Mauro, chair of the Department of Radiology. “We take our responsibility to protect the personal information of patients very seriously. We are working with information security specialists and law enforcement to understand how this happened and to put measures in place to prevent it from happening again.”

The database, called the Carolina Mammography Registry, serves as a resource for researchers and for radiologists who practice mammography. The registry collects data from community-based mammography practices around North Carolina and is part of a national mammography project funded by the National Institute of Health’s National Cancer Institute.

Mammography practices participate to promote research on screening mammography and to receive feedback that allows them to compare their outcomes to others in North Carolina and in six other states. The registry relies upon the data provided by mammography practices to conduct research on screening mammography practice and outcomes in order to improve breast cancer detection, understand risk factors, guide future research, and inform policy makers.

In late July 2009, information technology employees at UNC discovered that the registry had been the target of a criminal hacker attack. Once they learned that the server was compromised, the server was taken down and the data on the server were removed. 

University officials have notified law enforcement and consumer protection agencies about the incident.

The server contained personal information, including some Social Security numbers, for approximately 236,000 individuals. The UNC School of Medicine is sending notification letters to each person who may have been affected, along with instructions for actions they should take to protect themselves against the possible fraudulent use of their information.

UNC will have a toll-free number to call if women are concerned that their information may have been in the database:  1-877-434-3065; Monday-Friday from 9 a.m. - 6 p.m. EST beginning Sept. 28, 2009. 

Additional information about the registry’s work is available on the Internet at: http://www.unc.edu/cmr and http:\\breastscreening.cancer.gov.

Filed under: ,