UC Berkeley Health Records Hacked

By Jane McEntegart
published

The University of Berkley, California has begun notifying current and past pupils that their information may be at risk.

Following an attack on the university’s health-services centre, the information of more than 160,000 individuals is at risk. According to Berkeley, the hacked databases contain individuals' Social Security numbers, health insurance information and non-treatment medical information, such as immunization records and names of some of the treating physicians. About 160,000 individuals are believed to be impacted by the breach. Both past (as far back as 1999) and present students are affected as well as 3,400 Mills College students (as far back as 2001) who received, or were eligible to receive, health care at UC Berkeley.

According to a statement, Berkeley learned of hacking in April and immediately removed from service the exposed databases to prevent any further attacks. The college alerted campus police as well as the FBI.

"The university deeply regrets exposing our students and the Mills community to potential identity theft," said Shelton Waggener, UC Berkeley's associate vice chancellor for information technology and its chief information officer. "The campus takes our responsibility as data stewards very seriously. We are working closely with law enforcement and information security experts to identify the specific causes that may have contributed to this breach and to implement recommendations that will reduce our exposure to future attacks."

UC Berkeley administrators pointed out that the hackers did not access University Health Services' (UHS) medical records, which include patients' diagnoses, treatments and therapies. Those records are stored in a separate system and were not affected by this crime.

Jane McEntegart
9 Comments Comment from the forums
  • kategra84
    it's all a set-up only to get this law voted : http://www.tomshardware.com/news/obama-shut-down-internet-legislation,7478.html
    Reply
  • Roffey123
    And if it gets passed, kategra84 and everyone else will get Swine Flu! THE SKY IS FALLING!

    In other news, I'm sure it'll get sorted soon.
    Reply
  • kategra84
    no the sky is not falling, just the internet, freedom off speach, the right to be trialed in court;
    Bit no worry i live in EU where we are mostly divided and our goverments still have some independence ...

    just look for information, don't be naive and think things will only get better
    Reply
  • jsschneidereit
    They better figure this out... >
    Reply
  • Were they "hacked" or was this poor security, lazy users/admins or lack of enforcement?
    Reply
  • Well, it's a good thing the Obama administration snuck in language requiring migration to electronic records into the "emergency stimulus act". I think it was between the anti-tobacco advertising money and the STD education grant - you know several of the items that are key to 'stimulating' the US out of this recession :)

    I say good thing because by doing this we avoided all that pesky discussion about the change and any issues that might be associated with it. The law also allows the gov't to take any action they deem 'reasonable' against any doctor/health provider that does not do this within a prescribed timeline (of course this is done at the health providers expense). Again all of this was stuffed (snuck?) into a 1200+ page bill that congressmen were given
    Reply
  • mdillenbeck
    @a new world
    Unfortunately, this is the sad state of the US political system. Myself, I think of all the riders that ALL sides and administrations have added to legislation along with the PATRIOT ACT reprint the night before the vote. Some senators have stated that the huge packet they received to vote on was still warm from the presses when they received it.

    @think about this
    We think alike. I was going to go into CS, but what I really wanted was a software engineering program with an eye on security. Over the last few years I have become painfully aware that computer scientists are obsessed with optimization of algorithms and often times completely ignore security - and this is indicative of the industry on a wider scale. I've since realized I can code, but what I can't do is code securely and thus have given up my aspirations in CS.

    Unfortunately, these news stories of large scale hacks are becoming all too common. However, such things did happen before computers existed. Computers only make the scale much greater.
    Reply
  • hungryghost
    Yeah, this really sucks. I'm a Berkeley student and received emails about this from the university several days ago. Here's the website the school created with information about this breach:

    http://datatheft.berkeley.edu/
    (it's funny they created an entire subdomain for this.)

    From other reports I've seen, the hack appears to have originated overseas. I've read that this is probably an organized criminal act with the aim of obtaining personal info for identity theft purposes. The only really sensitive data they got was my SSN though, but this worries me none-the-less. I've known people who've been the victims of identity theft, and it's a pretty awful.
    Reply
  • Raidur
    Is there a point in keeping the records of so many people's SSN's? And why aren't they stored a little more securely...? You would think they would have them on a separate non-internet network or something. Especially with all these 'worms and hacks' on the news.
    Reply