From The Sip Trunking Experts

TMCNet:  UNC cancer center computers hacked

[January 03, 2013]

UNC cancer center computers hacked

CHAPEL HILL, Jan 04, 2013 (The News & Observer (Raleigh - McClatchy-Tribune Information Services via COMTEX) -- Some 3,500 people had their personal information exposed when hackers hit two servers of the UNC Lineberger Comprehensive Cancer Center.

The attack was discovered by UNC-Chapel Hill's information technology employees in May, yet potential victims were not informed until last week when they received letters from center director Dr. Shelley Earp.

Earp apologized for the breach, which compromised personal data, including Social Security numbers and passport numbers, for employees, contractors and visiting lecturers at the center.

"Despite our investigation, however, we are unable to say for sure whether your personal information was accessed by an unauthorized person as a result of this incident," Earp wrote in a letter dated Dec. 26. "Even if your personal information was accessed, we have no way to know whether it has been or will be misused." The servers were immediately blocked to protect data. The breach involved administrative servers that did not typically store patient data, so the center's patients need not worry, said Ellen de Graffenreid, director of communications and marketing at Lineberger.

She said there were a small number of files that contained data from fewer than 15 people who were subjects in research studies.

So far, de Graffenreid said, no one has reported identity theft as a result of the hacking, but potential victims have been advised to seek a fraud alert or a security freeze on their credit files.

Some potential victims expressed dismay that it had taken the cancer center so long to notify them of the problem.

Paul Farel, a retired professor, said when he received the letter last week, he put an alert on his credit report.

"My concern was that it was over six months between the time when they noted the breach and when I was notified," Farel said.

De Graffenreid said the two servers contained 1.6 million files. Forensic investigators narrowed that number down to 3,300 files that had been touched during the window of vulnerability created by the hacking.

Each of those 3,300 files had to be examined by hand to determine whether personal information had been compromised, she said.

"It was very intensive and very time-consuming to sift through all of the information," she said. "We are very concerned with accuracy." An automated process would have turned up many false positive examples of people who were not really at risk, de Graffenreid said.

Farel said the notifications could have been done as the investigation progressed.

"I don't know how many people are really at risk, but I think the university needs to be very careful about that," Farel said, "or to have a rational procedure in handling cases like this." University servers are on the receiving end of thousands of attempted attacks by hackers each hour, de Graffenreid said, and the IT staff uncovered this one through routine monitoring.

Hacking incidents have caused major headaches at UNC-CH before.

In 2009, UNC School of Medicine officials discovered the hacking of a server with data from a major breast cancer study. The university notified all 180,000 women with data on the server and set up a call center to answer questions, though there was no evidence that personal information was removed.

In that case, the process cost $250,000; the university also slashed the pay and moved to demote a prominent researcher who headed the study. In a 2011 settlement, the researcher was reinstated with full pay before she retired.

Stancill: 919-829-4559 ___ (c)2013 The News & Observer (Raleigh, N.C.) Visit The News & Observer (Raleigh, N.C.) at Distributed by MCT Information Services

[ Back To SIP Trunking Home's Homepage ]

Subscribe here for your FREE
SIP TRUNKING enewslettter.

Featured Partner

Featured Whitepapers

SIP Security for the Enterprise
Voice over IP (VoIP) is incorporated into a variety of computer networks, both public and private, and used for everyday transactions and communications among carriers, businesses, government agencies...

Making A Broadband Purchase Decision
Businesses today have many options for broadband connectivity. Clarifying your particular business needs prior to selecting a broadband provider will ensure an optimal match of broadband service to your requirements.

Voice-Optimized Network Delivers Premier Call Experience
Customers equate call quality with business quality. Real-time communication, interpersonal interaction, and the cordial tone of a call center representative can create a positive impression of your business that no email can match.

Featured Case Studies

Business Telecom Expenses Reduced 50%
A small to medium sized company in the midwest was interested in migrating to IP Communications, but in today's economy, they were hesitant to upgrade their communication system due to their perception that the cost would outweigh the benefits.

Multi-State Company Cuts Telecom Costs 50%
A multi-site, multi-state company with extensive monthly long distance fees and toll-free charges did not have adequate broadband for Broadvox SIP Trunking requirements, nor did they have a SIP enabled telephone system.

Discover Leisure Connects Remote Users to its IP-PBX
Discover Leisure is one of the largest resellers of caravans and motor homes in the UK. With 15 branch of?ces all over the country, the company spent a great deal of money every month just on internal phone calls.

Featured eBOOKS

Internet+: The Way Toward Global Unified Communication
Connecting the telephony of the enterprise PBX or Unified Communications (UC) system using SIP trunks instead of conventional telephone lines has been very successful in recent years.

What is SIP Trunking? Edition 2
SIP trunking is becoming more of a focus for service providers. One key issue many service providers face when deploying SIP trunks is NAT, or Network Address Translation, traversal.

What is SIP Trunking? Edition 1
A vast resource for information about all things SIP - including SIP, security, VoIP, SIP trunking and Unified Communications.

Featured Videos

Broadvox VAR Testimonial VAR 1:
Part 1 of the VAR (Value Added Reseller) Partner Program Testimonials for Broadvox...

E-SBCs AS The Demarcation Point:
Ingate's Steve Johnson talks to Erik Linask about the role session border controller plays as the demarcation point at...

Demystifying DPI
How can deep packet inspection protect your SIP traffic as well as your entire network?

Featured Resources

Partner Program Overview:
Over 4,000 VARs, Master Agents, Solution Providers, and Independent IT Professionals trust Broadvox. We offer customized services and solutions to fit seamlessly into any company's business model. And when you partner with Broadvox, every member of our team stands behind you and your customers 100%...

SIP Trunk UC Summit

What's New

Presenting the New Ingate/Intertex Website:
Internet+ is an extended Internet access allowing high quality SIP (Session Initiation Protocol) based real-time person-to-person communication, everywhere and for any application. It applies to both fixed and mobile networks ...

Featured Blogs

Featured Webinars

Secure SIP Trunking:
What You Need to Know

Successfully Deploying Enterprise SIP Trunking:
Tools and Techniques for Overcoming Common Roadblocks

Featured Podcasts

Getting the Most Out of Your SIP Trunks:
Ingate's Steve Johnson and TMC's Erik Linask discuss how best practices forgetting the most out of SIP Trunking services and common pitfalls to avoid.

Featured Datasheets

Ingate SIParator E-SBCs
Adopting SIP is a simple process with the Ingate SIParator, the secure enterprise session border controller (E-SBC). The SIParator makes secure SIP communications - including VoIP,SIP trunking and more - possible while working seamlessly with your existing network firewall.

Ingate Firewalls
Everyone is talking about enterprise usage of VoIP, instant messaging and other types of realtime communications including presence and conferencing.

SIP Trunk Solutions for Service Providers
The award-winning Ingate Firewall and Ingate SIParator deliver a high quality, reliable SIP trunk connection between the customer's IP-PBX and the service provider network, and solve interoperability issues to simplify deployments and support for remote diagnosis of reported issues.