Mammography study hacked, personal data at risk
Posted October 14, 2009
Chapel Hill, N.C. — Hundreds of thousands of women found out by letter this week that their personal information, including Social Security numbers, might have been exposed to identity theft.
The Carolina Mammography Registry at the University of North Carolina School of Medicine gathers data from radiologists across the state. The breach at UNC affects women who did not know the registry existed and did not give consent to have their information included.
Patients, like Pam Bridges, were surprised and angered.
“To find out my information is out there floating around somewhere -- and this could happen to anybody,” she said. “That's what's frustrating to me as a citizen who does her best to try to protect her personal information ... because I don't want to be a victim of ID theft.”
Computer experts don’t know how or when the hack originated or how much data was compromised.
The North Carolina Department of Justice recommends that people who are notified of a possible breach of personal information monitor their credit closely, request a fraud alert from major credit bureaus and consider putting a freeze on new requests for credit.
Bridges wondered why Social Security numbers were passed along with study data. Some radiology offices used those numbers as patient identifiers.
Wake Radiology issued a statement Wednesday withdrawing from the study and any others that require personal data. “Involvement in future studies will be limited to anonymous, unidentified data,” the statement said.