Telecom Signaling Industry News

TMCNet:  UNC cancer center computers hacked

[January 03, 2013]

UNC cancer center computers hacked

CHAPEL HILL, Jan 04, 2013 (The News & Observer (Raleigh - McClatchy-Tribune Information Services via COMTEX) -- Some 3,500 people had their personal information exposed when hackers hit two servers of the UNC Lineberger Comprehensive Cancer Center.

The attack was discovered by UNC-Chapel Hill's information technology employees in May, yet potential victims were not informed until last week when they received letters from center director Dr. Shelley Earp.

Earp apologized for the breach, which compromised personal data, including Social Security numbers and passport numbers, for employees, contractors and visiting lecturers at the center.

"Despite our investigation, however, we are unable to say for sure whether your personal information was accessed by an unauthorized person as a result of this incident," Earp wrote in a letter dated Dec. 26. "Even if your personal information was accessed, we have no way to know whether it has been or will be misused." The servers were immediately blocked to protect data. The breach involved administrative servers that did not typically store patient data, so the center's patients need not worry, said Ellen de Graffenreid, director of communications and marketing at Lineberger.

She said there were a small number of files that contained data from fewer than 15 people who were subjects in research studies.

So far, de Graffenreid said, no one has reported identity theft as a result of the hacking, but potential victims have been advised to seek a fraud alert or a security freeze on their credit files.

Some potential victims expressed dismay that it had taken the cancer center so long to notify them of the problem.

Paul Farel, a retired professor, said when he received the letter last week, he put an alert on his credit report.

"My concern was that it was over six months between the time when they noted the breach and when I was notified," Farel said.

De Graffenreid said the two servers contained 1.6 million files. Forensic investigators narrowed that number down to 3,300 files that had been touched during the window of vulnerability created by the hacking.

Each of those 3,300 files had to be examined by hand to determine whether personal information had been compromised, she said.

"It was very intensive and very time-consuming to sift through all of the information," she said. "We are very concerned with accuracy." An automated process would have turned up many false positive examples of people who were not really at risk, de Graffenreid said.

Farel said the notifications could have been done as the investigation progressed.

"I don't know how many people are really at risk, but I think the university needs to be very careful about that," Farel said, "or to have a rational procedure in handling cases like this." University servers are on the receiving end of thousands of attempted attacks by hackers each hour, de Graffenreid said, and the IT staff uncovered this one through routine monitoring.

Hacking incidents have caused major headaches at UNC-CH before.

In 2009, UNC School of Medicine officials discovered the hacking of a server with data from a major breast cancer study. The university notified all 180,000 women with data on the server and set up a call center to answer questions, though there was no evidence that personal information was removed.

In that case, the process cost $250,000; the university also slashed the pay and moved to demote a prominent researcher who headed the study. In a 2011 settlement, the researcher was reinstated with full pay before she retired.

Stancill: 919-829-4559 ___ (c)2013 The News & Observer (Raleigh, N.C.) Visit The News & Observer (Raleigh, N.C.) at Distributed by MCT Information Services

[ Back To Telecom Signaling's Homepage ]

Featured Events

5G NA Signaling Day

November 14-16, 2016
Sheraton Dallas, Dallas, TX

Featured Webcasts

Securing The Signaling Interconnect: Oracle's Perspective On Recent Security Events

Today's telecommunications landscape is changing rapidly, and the "institution" of trust between networks that has been assumed over the decades is no longer relevant. We are now hearing of vulnerabilities in CSP interconnection points that have been known ...

Applications of Wi-Fi Calling

With all of the discussion about faster data access and richer content, it could be assumed that voice services no longer play an important role in the business model of the communications service provider. Join ReThink Technologies Research and Oracle Communications as we explore ...

Featured Whitepapers

Oracle Communications Diameter Signaling Router Main Differentiators

Diameter is the protocol used by network elements in LTE and 3G networks to enable and monetize services, such as voice, video and data. Diameter enables revenue-generating data services; including tiered data plans, loyalty programs, application specific QoS, content provider and Internet of Things (IoT) solutions ...

Multi-Layer Security Protection for Signaling Networks

The sanctity of mobile operators' networks and brands will depend greatly on their ability to deliver QoS guarantees to roaming and interconnect partners, while simultaneously protecting increasingly multimedia-savvy and socially connected ...

Featured Datasheets

Oracle Communications Diameter Signaling Router

Centralizing Diameter routing with cloud deployable Oracle Communications Diameter Signaling Router creates a secure signaling architecture that reduces the cost and complexity of the core network and enables elastic growth, interoperability and rapid introduction ...

Oracle Communications Mobile Security Gateway

The Oracle Communications Mobile Security Gateway is a high performance gateway that allows the Communications Service Provider (CSP) to cost effectively expand network coverage and increase capacity by incorporating Heterogeneous ...

Oracle Communications Evolved Communications Application Server

As service providers drive their networks toward an all-IP and virtualized state, they require the means to design and deliver compelling high definition voice, video and multimedia offers via Voice over LTE (VoLTE) and Voice over WiFi (VoWiFi) ...

Featured Infographic