More details are emerging about why the breach involving the UNC-Chapel Hill Carolina Mammography Registry led to consequences for the researcher.
C. Ryan Barber reports:
[…]
School of Medicine Office of Information Systems officials first alerted the University to the breach in July 2009 after uncovering a virus and potential security breach on the Carolina Mammography Registry’s FTP server.
As the registry’s principal investigator, Yankaskas has been blamed for the breach, which also compromised about 114,000 Social Security numbers. She has since claimed that the University is using her as a scapegoat for systemic data security weaknesses.
On Oct. 27, Yankaskas received an intention to discharge letter from Executive Vice Chancellor and Provost Bruce Carney, who said Yankaskas exhibited “deliberate neglect” in her oversight of the project’s data security.
“I was appalled,” said Carney, who held his current position on an interim basis in July 2009. “The first question you have to ask is, ‘How does this happen?’”
In the intention to discharge notice, Carney wrote that Yankaskas was negligent in assigning security duties without granting additional training to Melinda Boyd, whom he deemed to be underqualified. Carney later became aware that his wife’s Social Security number was exposed and said his personal connection to the breach has not clouded his judgment.
“At the time, Ms. Boyd had no certification or experience as a server administrator,” Carney wrote. “She has stated that she requested that you provide additional training for her in server administration but that you declined to do so.”
[…]
Read more on Daily Tar Heel.