October 27, 2009 – The University of North Carolina School of Medicine has recently disclosed that, in the year 2007, internet hackers gained access to a database called the Carolina Mammography Registry. Apparently, some of the records contained personal information about patients, including dates of birth and social security numbers. Information for thousands of female
patients who had received mammographies in several North Carolina private practices were added to the database, apparently without the knowledge or permission of those patients.
The data was collected by the UNC School of Medicine to conduct research as part of a national study. The database contained information pertaining to approximately 236,000 women. UNC reported that the breach included the records of more 163,000 of those women. The information was retained on a server to be accessible to researchers who were a part of the study. The goals of the study were to improve breast cancer detection, understand risk factors, guide future research, and inform policy makers. The database was part of a national study funded by the National Institute of Health’s National Cancer Institute.
It appears that the IT department at UNC discovered the breach in July, 2009, when
researchers could not access the database. Viruses were discovered, which dated back to 2007. UNC’s IT department immediately took down the server and removed all of the information that had been previously posted. The UNC School of Medicine then began contacting women who they believed may have been affected by the breach. Two different letters apparently went out to women whose information had been exposed; one letter to women whose Social Security Number was in the database, and one letter to women whose number was not.
Both UNC and outside law enforcement officials are investigating the breach, but thus far have not been able to determine if any information was removed, or who was responsible for the breach. Apparently, the investigation remains open at this point.
Given the circumstances, victims of the data breach may have claims both for the unauthorized posting of their personal information and/or for damages associated with the use or misuse of their personal information. the law office, and its affiliates, are interested to learn the identity of any women who may have been notified that their personal information was compromised as the result of this UNC data breach. If you were a part of this data breach, you may be able to participate as part of a class action to be filed against UNC and/or the private practices who supplied personal information to the Registry without prior authorization. If you are a victim of the data breach, please contact the attorney by calling , or .