DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

UNCG Discovers Health Information Security Breaches; 2,500 Being Notified

Posted on August 10, 2010 by Dissent

From the University of North Carolina – Greensboro (UNGG) statement:

Computer security breaches at two UNCG clinics allowed unauthorized access to information about more than 2,500 individuals.

The university has mailed letters to the last known addresses of those whose personal information was exposed and posted notices on the clinics’ websites. The two computers infected with malware via the Internet were in the university’s Speech and Hearing Center and Psychology Clinic.

Although the problems were discovered days apart in June, they are believed to be unrelated. Employees of the clinics and Information Technology Services have been working since then to determine what records were vulnerable and who might be affected. It is not known how long the breaches lasted before detection. Although it was determined that the malware would have allowed access to data on the computers, it is unknown whether any information was actually taken from the computers.

[…]

The bulk of the impacted records are in the Speech and Hearing Center, where a breach was found June 10 and corrected the same day. The compromised computer was used for billing and contained records for about 2,300 people who have received services from the Center since 1997. Vulnerable data included names, addresses, social security numbers, dates of birth, telephone numbers, insurance companies, insurance ID numbers, group numbers, diagnosis codes, procedure codes and charges.

The problem at the Psychology Clinic, involving malware on a computer used to document incoming phone calls, was detected and fixed June 7. The vulnerable computer contained a spreadsheet with names, dates of birth, telephone numbers, cities of residence, whether or not callers had insurance and dates of contact from about 240 callers between Sept. 20, 2006, and Sept. 22, 2009. In some cases, the spreadsheet also contained reference to the caller or caller’s family member as “client,” symptoms reported by the caller, reference to an inquiry about testing or evaluation, and reference to “therapist/treatment/provider and/or services.” No social security numbers appeared on the spreadsheet.

The Psychology Clinic computer also held 18 phone intake/client data forms from March 2009 through June 2010. The forms included names, ages, dates of birth, telephone numbers, addresses, insurance providers (if any), social security numbers and dates of contact. In some cases, one or more of the following types of information also appeared on the form: therapist, case number, status of previous treatment, service requested and description of the problem.

Source: UNGG

Related – UNGG Speech and Hearing Center, UNGG Psychology Clinic

Category: Breach IncidentsEducation SectorHealth Data

Post navigation

← What To Do When Your Database Gets Breached
Laptops stolen from Jewish Hospital contained patient data on 2,089 →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Ph: Coop Hospital confirms probe into reported cyberattack
  • Slapped wrists for Financial Conduct Authority staff who emailed work data home
  • School Districts Unaware BoardDocs Software Published Their Private Files
  • A guilty plea in the PowerSchool case still leaves unanswered questions
  • Brussels Parliament hit by cyber-attack
  • Sweden under cyberattack: Prime minister sounds the alarm
  • Former CIA Analyst Sentenced to Over Three Years in Prison for Unlawfully Transmitting Top Secret National Defense Information
  • FIN6 cybercriminals pose as job seekers on LinkedIn to hack recruiters
  • Dutch police identify users on Cracked.io
  • Help, please: Seeking copies of the PowerSchool ransom email(s)

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • 23andMe Privacy Ombudsman Urges User Consent Pre-Data Sale
  • The Meta AI app is a privacy disaster – TechCrunch
  • Apple fixes new iPhone zero-day bug used in Paragon spyware hacks
  • Norwegian Data Protection Authority’s findings on tracking pixels: 6 cases
  • Multiple States Enact Genetic Privacy Legislation in a Busy Start to 2025
  • Rules Proposed Under New Jersey Data Privacy Act
  • Using facial recognition? Three recent articles of interest.

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.