DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

University of Texas Arlington server containing medical records and SSN hacked

Posted on July 24, 2010 by Dissent

From UTA’s web site:

The University of Texas at Arlington recently learned that one of its file servers had been compromised, which potentially exposed the prescription records of approximately 27,000 individuals to an unauthorized source.

Federal and state authorities have been notified, including the U.S. Department of Health and Human Services, the Texas Department of Information Resources, The University of Texas System, and law enforcement officials.

There is no evidence to suggest that the compromised information is being used in an unauthorized manner as a result of this incident.

On June 21, 2010, the UT Arlington Office of Information Technology detected that data on a file server that contained Student Health Center prescription records had been compromised on four occasions: February 19, 2009; April 28, 2009; January 23, 2010; and February 10, 2010. The records dated from 2000 to June 21, 2010, and involved individuals who received a prescription or filled a prescription at the Student Health Center.

The file server in question was immediately taken offline and secured. The compromise was determined to be limited to that single file server. No other servers at the University were affected.

An extensive internal review of the matter has revealed that prescription records for approximately 27,000 individuals — including students, faculty, and staff — were potentially exposed to an outside source. In addition, records for 2,048 of the 27,000 affected individuals included Social Security numbers.

The information that may have been exposed also included names, addresses, prescription names, amount spent, and diagnostic codes. The data stored in the records did not contain credit card information or any other medical records.

To assist those who may be affected, UT Arlington has implemented the following measures:

* The University has established a Data Information Call Center to help answer questions about this incident. The telephone number is 800-913-3055. The call center is open seven days a week, 8 a.m. to 11 p.m., Central Standard Time (CST).
* Although it is possible that approximately 27,000 individuals may have had their data exposed, the University has mailed letters to all 21,554 individuals whose information was potentially exposed and for whom it had sufficient contact information. Since it is not possible to send notification letters to the remainder of those individuals for whom contact information was incomplete or unavailable, the University is using alternate methods to notify them.
* The University has mailed letters to the 2,048 individuals whose Social Security numbers may have been exposed and is offering them free credit monitoring for up to one year.
* Anyone who received a prescription or filled a prescription at the Student Health Center between 2000 and June 21, 2010 — and who does not receive a notification letter from UT Arlington by July 28, 2010 — may call the Data Information Call Center at 800-913-3055 for further information.

Hat-tip, Dallas Business Journal

No related posts.

Category: Health Data

Post navigation

← (follow-up) Former Broward teacher gets house arrest for stealing students’ identities
FL: More credit card skimmers found at Gainesville gas pumps →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Avantic Medical Lab hacked; patient data leaked by Everest Group
  • Integrated Oncology Network victim of phishing attack; multiple locations affected (2)
  • HHS’ Office for Civil Rights Settles HIPAA Privacy and Security Rule Investigation with Deer Oaks Behavioral Health for $225k and a Corrective Action Plan
  • HB1127 Explained: North Dakota’s New InfoSec Requirements for Financial Corporations
  • Credit reports among personal data of 190,000 breached, put for sale on Dark Web; IT vendor fined
  • Five youths arrested on suspicion of phishing
  • Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure
  • Kentfield Hospital victim of cyberattack by World Leaks, patient data involved
  • India’s Max Financial says hacker accessed customer data from its insurance unit
  • Brazil’s central bank service provider hacked, $140M stolen

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • On July 7, Gemini AI will access your WhatsApp and more. Learn how to disable it on Android.
  • German court awards Facebook user €5,000 for data protection violations
  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.