14 DAY TRIAL // The IT personnel from UF's College of Dentistry discovered, during maintenance, that one of their servers had been remotely compromised. The staff found unauthorized software installed on the server that also contained personal information of more than 330,000 former and current patients.
The personal records included names, addresses, social security numbers, dates of birth and even medical notes. Even if this information would be worth a pretty penny on the black market, the university management claims that they have not received any reports of the records being misused. The IT technicians did not find any evidence that the data had been accessed or downloaded, but because this represented a possibility, the college decided to send out letters to all potentially affected patients.
The letters included instructions regarding identity protection procedures, as well as other preventive measures. “We urge patients to take the preventive steps we’ve outlined, and want to express our dismay at the inconvenience this occurrence may cause anyone,” said Teresa Dolan, dean of the UF College of Dentistry.
The dean also pointed out that the College had made efforts in the past several years to implement better security policies and solutions such as firewalls in order to protect their network. "It's unfortunate that, like many large institutions, we were targeted. We work hard to continually fine-tune our security protections, and maintaining our patients' trust and confidence is of utmost importance," she added.
The FBI is assisting the University Police in the investigation, while a massive campaign of checking the security of around 60,000 campus computers has been launched. “Our IT teams are particularly vigilant in their work, understanding the importance of protecting the information on UF’s data systems and the importance of those records to our educational mission,” noted Charles E. Frazier, UF’s Chief Information Officer.
Universities are important targets for identity thieves, because, just like financial or health institutions, they keep detailed personal records on thousands of people, students and employees. However, unlike banks or hospitals, universities are generally lax in computer security policies or infrastructure, due to the high costs of implementing such solutions. “We cannot stress enough how seriously we take this matter. As soon as we learned of this situation, we launched an investigation and implemented additional safeguards designed to protect personal information,” concluded Teresa Dolan.