SSNBreach.org reports that 8 files were discovered at filer.case.edu containing sensitive personal information of approximately 452 people. Three files identified participants in a medical study, as well as a detailed description of personal medical conditions, treatments, ages, and other demographic information. In that file, one column identifies several individuals who appear to be doctors or medical professionals who participated in the study: Rein Lambrecht, Thomas Chelimsky, Bill Stacey, and Amer Alshekhlee. Applicants were asked to describe details of their conditions like, “…bladder and sexual function inability to stand > 10 secs, several bowel obstructions… 2 years of diarrhea with no constipation….” Participants were also required to list medications they were taking. The list reveals one participant’s treatments as, “glucophage, tricol, bactrim, prinivil, prilosec, crestor, lasix, zetia, aerobid, singulair, zyrtec, albuterol, oxygen, betopic eye, xalatan, wellbutrin, neurontin, iburpofen, mutli vitamin, vitamin E, B-complex, fero-grade.” A column labeled “Consent/HIPAA form” shows that 56% of the entries read either “needs signature,” or “NO.”
Other files contained GPA, addresses, phone numbers, e-mail addresses, a few Social Security Numbers, dates of birth, and other information. Several of the files seemed to be notes from interviews with interview scores, and comments like “Score: 10.5 too generous?… possibly too harsly [sic] graded, but not at up to a 9… Intramurals, no honors/research/ no work experience, bad essay.”
The university was notified, deleted the files within 48 hours, and later Chief Information Security Officer Tom Siu assured the Liberty Coalition that they “take this matter very seriously and continue to work diligently to ensure that our policies and technical security measures promote the integrity and confidentiality of such records.”
The website filer.case.edu appears to be an online filing system for students and faculty of Case Western Reserve University. While the system, called “Filer,” does not claim to be secure, the system does require a login, which may lend a false sense of security to some faculty or students, and may have contributed to some individuals posting sensitive information. Yahoo.com has indexed roughly 44,100 files and websites at filer.case.edu. However, the files in question appeared to be purged from Yahoo’s caches by October 4, 2007.
You can confirm whether you were affected by this breach by searching for your name at www.ssnbreach.org.