Slashdot Mirror

← Back to Stories (view on slashdot.org)

Break-In Compromises 160k Medical Records At UC Berkeley

Posted by timothy on from the no-ivy-league-nudes-on-file-at-berkeley dept.

nandemoari writes "Hackers have reportedly infiltrated restricted computer databases at the University of California Berkeley, putting the private data of 160,000 students, alumni, and others at risk. According to UC Berkeley, computer administrators determined on April 9, 2009 that electronic databases in University Health Services had been breached by overseas criminals. The breakins began in October 2008. Information contained on the breached databases included Social Security numbers, health insurance information, and non-treatment medical information such as records of immunization and names of treating physicians."

4 of 167 comments (clear)

  1. Auditing Logs by DigiWood · · Score: 5, Insightful

    Part of my daily duties as a systems administrator was auditing connection logs for odd behavior. Don't admins do that anymore?

    --


    Nothing is impossible. It just hasn't been figured out yet.
  2. This is a huge, everyday, constant problem. by silver007 · · Score: 5, Interesting

    Surf on over to datalossdb.org and sub to the RSS feed. Something like this happens everyday, multiple times per day. The bad part is most of the time it's not hackers, it's employees that dump SSN's, DOB's, etc into the garbage or post them to the net. It's horrific. At least when hacker does it, it was done deliberately by someone with half a brain. Most of the time, it's clueless employees scattering our personal information about the grounds like it's fertilizer.

  3. Sometimes you need an air gap by davidwr · · Score: 5, Insightful

    It's not just military-grade information that needs protecting.

    If medical and financial information were warehoused in a way that required a "man in the middle" to approve a request, it might not prevent spear-fishing, and it might not prevent theft of "in use" data, but it would at least prevent wholesale data breaches from information warehouses.

    With a man-in-the-middle, you'd need to bribe or blackmail the man in the middle to allow a larger number of access requests to get through.

    For some systems, a man in the middle is overkill, alarms that trigger when there are more than a typical number of data requests is sufficient. However, automated alarms, like any automated system, can theoretically be compromised.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  4. privacy? what privacy? by bugi · · Score: 5, Funny

    So? It's not like there's any expectation of privacy. If the govt isn't expected to respect anyone's privacy, then surely one can't expect it of criminals.

    I wish that were funny.