UC Berkeley says hacker broke into health-services databases

About 160,000 individuals believed to be affected by security breach

University of California at Berkeley Friday disclosed that hackers broke into restricted computer databases in the campus health-services center, as the university began notifying current and former Berkeley students their personal information may have been taken.


The attackers may have taken information related to health-insurance coverage and certain medical information as well as the University Health Services (UHS) medical-record number, dates of visits or names of healthcare providers seen, as well as information such as Social Security Number, according to the statement released by UC Berkeley.

7 burning security questions answered 

About 160,000 individuals are believed to be impacted, including about 3,400 Mills College students whose medical care is tied to health care at Berkeley. Social Security Numbers are used as unique identifiers for students enrolled in the campus Student Health Insurance Plans, the university says.

"The university deeply regrets exposing our students and the Mills community to potential identity theft," said Shelton Waggener, UC Berkeley"s associate vice chancellor for information technology and CIO, said in the statement.

A brief history of data breach apology letters 

The university believes the server breach began on Oct. 9 last year and continued until April 9, when administrators performing maintenance identified messages left by the hackers, whose attack was launched from overseas. The attackers accessed a public Web site and subsequently bypassed additional secured databases stored on the same server, the university contends.

The Berkeley administrators do not believe the hackers were able to steal extensive medical records, said to be stored on a different system.

"Patient privacy and quality care are cornerstones of our services," said Steve Lustig, associate vice chancellor for health and human services, adding the university is "deeply troubled" by the breach but that "medical records were not touched in this incident. We anticipate that the audit of our systems will inform UHS and the campus of steps that can be taken to continually improve security."

Berkeley is working with campus police and the Federal Bureau of Investigation in investigating the data breach, and the university urged victims of the incident to contact the university hotline established to answer questions at 1-888-729-3301 and to consider placing a fraud alert on their credit-reporting accounts. The campus has also set up a Web site, for information.

UC Berkeley made headlines a few years back because of a couple of security breaches, including a stolen laptop containing personal information on graduates and a compromised database of California residents. 

Learn more about this topic

Virginia prescriptions database hacked but not deleted

Microsoft, Intel, to fund multi-core research at UC Berkeley

Security breach costs Heartland $12.6 million so far

Securing UC Berkeley's network
Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2009 IDG Communications, Inc.

IT Salary Survey: The results are in