St. Louis University in Missouri reports that its network was hacked and that personally identifiable and protected health information were on the servers that were accessed without authorization.
A statement on their web site dated January 31 indicates that the breach occurred on December 12 and was discovered on the 13th. An investigation conducted by the university revealed that some of the affected servers contained personally identifiable information of approximately 12,000 current and former employees as well as contractors.
For affected employees, the personal information included Social Security Numbers.
The servers also contained protected health information of approximately 800 students. For some students who received counseling through the university’s Student Health service, the protected health information included “names, dates of birth, dates of service, testing assessments, diagnoses and treatments, ” while for other students who received counseling through the Student Health service, the information included their names and the type of service provided.
The breach was reported to the FBI, which is investigating the incident.
As of January 31, there was no report of any misuse of the information.
Note: This is an update of an incident previously reported on this site in December.