DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Boston University notifies medical research participants after server compromise

Posted on August 29, 2015 by Dissent

When a Boston University server was used to launch attacks against a system in Nova Scotia in May, the Nova Scotia network administrator contacted BU to alert them.

BU’s month-long investigation revealed that one of its servers had been compromised – possibly by a hacker in Russia – in March 2015. Of note, the compromise also enabled the attacker to access and download a file on that server that contained the names and Social Security numbers of 828 individuals who had participated in a research study.  The principal investigator of the study, which ran from 2004 – 2011, was Edward Bernstein, MD of Boston Medical Center Emergency Medicine and Boston University School of Public Health Community Health Sciences.

In addition to names and Social Security numbers, the file on the compromised server also contained the participants’ date of birth, medical record number, and dates relating to the research.

As soon as BU discovered the server contained a file with personal information, they removed the file from the server.

BU informed affected research participants by letter on July 10, and offered them free credit monitoring services for one year, noting that BU had no evidence that the individuals’ information had actually been accessed or downloaded.

You can access BU’s notification to the Maryland Attorney General’s Office and the attached notification to those affected here (pdf).

 

 

 

No related posts.

Category: Education SectorHackHealth DataU.S.

Post navigation

← “Small” breach, big impact, redux
Duty of confidentiality trumps your desire to defend your reputation →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • National Health Care Fraud Takedown Results in 324 Defendants Charged in Connection with Over $14.6 Billion in Alleged Fraud
  • Swiss Health Foundation Radix Hit by Cyberattack Affecting Federal Data
  • Russian hackers get 7 and 5 years in prison for large-scale cyber attacks with ransomware, over 60 million euros in bitcoins seized
  • Bolton Walk-In Clinic patient data leak locked down (finally!)
  • 50 Customers of French Bank Hit by Insider SIM Swap Scam
  • Ontario health agency atHome ordered to inform 200,000 patients of March data breach
  • Fact-Checking Claims By Cybernews: The 16 Billion Record Data Breach That Wasn’t
  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.