UMass center notifies patients about possible breach of health data
Winter on the UMass Amherst campus. Purchase photo reprints »
AMHERST — The University of Massachusetts Amherst on Tuesday began notifying 1,670 patients of its Center for Language, Speech and Hearing that private data, including Social Security numbers, addresses, names of health insurers, primary health care or referring doctors and other information might have been revealed after a computer workstation was infected by a malicious software program.
Officials said university information specialists found no evidence that private patient data was actually taken from the workstation where the problem was detected April 5.
But because the system was penetrated and in accordance with federal law requiring notification after such events, patients are being contacted via a letter from Dan Gerber, associate dean of the School of Public Health and Health Sciences which manages the language center.
University spokesman Edward Blaguszewski said two similar malware issues have been reported at the UMass Career Services Center and University Health Services over the past three to four years.
He stressed that malicious software infections are common at universities and other large institutions. “If you talk to IT directors, you will hear that institutions are perpetually under attack by automated programs that probe for weaknesses,” Blaguszewski said. “It’s a struggle to keep ahead of the people trying to do you harm.”
When asked why it has taken the university since April to notify patients of the potential security breach at the language center computer, Blaguszewski said technology staff needed time to analyze exactly what happened after the system was penetrated.
“They have to figure out what the problem was, what the vulnerability was and who needs to be notified,” he said.
The letter from Gerber to affected patients advises them to pay attention to any unusual activity regarding health insurance information to limit the likelihood that information will be misused.
It also describes steps that UMass has taken to improve security of computer workstations at the center, including installation of malware detection software and additional staff training.
The Center for Language, Speech and Hearing offers a range of clinical services for people with communications disorders or delays.