Hackers had access to a database for about six months at the University of California at Berkeley and stole health-related data on more than 160,000 students and other people who used the school’s health services center. College officials said that the attack on the health center’s database was discovered last month and that they are just now beginning to notify the affected people.
In a statement released Friday, Berkeley officials said that the attack did not affect the database that houses the University Health Services medical records, which includes information on patient diagnoses, treatment and therapy. Instead, the attackers went after a machine storing other personally identifiable information, including Social Security numbers and health insurance information.
The attack, which affects students, alumni and some parents of students, depending on how the health care coverage was set up, netted records going back to 1999, the school said.
“The server breach began on Oct. 9, 2008, and continued until April 9, 2009, when campus computer administrators performing routine maintenance identified messages left by the hackers. Administrators immediately activated an emergency security incident team to investigate the scope and impact of the breach; evidence uncovered to date suggests that the attack was launched by hackers based overseas. The attackers accessed a public Web site and subsequently bypassed additional secured databases stored on the same server,” the Berkeley statement says.
Although the attackers did not get into the main health record database, according to Berkeley, they may have gotten access to some students’ health histories.
“The hackers may have stolen information related to health insurance coverage and some medical information such as one’s immunization history, UHS medical record number, dates of visits or names of providers seen or, for a student participating in UC Berkeley’s Education Abroad Program, certain information from his or her self-reported health history,” the statement said.
*Composite image via Shazari‘s Flickr photo stream.