According to a press release about the University of Florida data breach issued earlier today, an unauthorized intruder recently accessed a College of Dentistry computer server storing patients' personal information.
The breach was discovered Oct. 3, while college information technology staff members were upgrading the server and found software had been installed on it remotely. The server stored names, addresses, birth dates, Social Security numbers, and, in some cases, dental procedure information for patients dating back to 1990.
"It's unfortunate that, like many large institutions, we were targeted," said Teresa Dolan, dean of the Gainesville, Fla.-based UF College of Dentistry. "As soon as we learned of this situation, we launched an investigation and implemented additional safeguards designed to protect personal information."
Some 8,248 patients had data stored on the server, but current mailing addresses could not be identified for them, officials said. The university is notifying the national media in an attempt to reach them. Most of the patients are from Florida.
When the breach was discovered, IT staff immediately disconnected the server from the Internet to cut off the intruder's access. The system has since been rebuilt with even more stringent security controls.
The university says that in recent years, it has added and strengthened firewalls and intrusion detection systems, encrypted data flows containing sensitive information, and increased vigilance in identifying threats and securing servers. "Despite these efforts, this illegal user was able to gain access to the server," Dolan said.
UF officials said they are in the process of screening up to 60,000 additional computers from around campus to ensure appropriate safeguards are in place to protect the information they store.
"Our university, as with any university or college, is constantly under attack by people trying to find and exploit potential weaknesses in our IT security defense mechanisms," said Charles E. Frazier, UF's interim CIO. "It is a sophisticated and never-ending 'cat and mouse' battle in which sometimes the mouse wins."