Skip to main content
Add as a preferred source on Google


Private Data on U Louisville Patients Online for 18 Months

  • By Dian Schaffhauser
  • 06/11/10

According to coverage in the Louisville Courier-Journal, a University of Louisville database with personal information about 700 patients in its kidney dialysis program was publicly available on the Internet for a year and a half. Only when a person unaffiliated with the institution sent e-mail about the exposure did the university become aware of the breach.

The newspaper reported that the information was posted to the Web site of the program by a doctor who thought the data was behind a password wall. Once the university was notified, it shut the Web site down.

The disclosed information included names, Social Security numbers, and dialysis treatment details. The university is providing credit monitoring to those affected.

Shortly after the breach was disclosed, university Chief Information Security Officer Bruce Edwards said in an interview published to the campus Web site that departmental level actions were necessary to help prevent data breaches.

"There are a few basic steps that can greatly enhance the security of sensitive data managed within each department," said Edwards. "Each department's technical support personnel should be familiar with [the university's] information security policies and, with the support of their department, should be able to implement these steps. The steps are simple, but they could very well require a lot of focus in departments with complex environments."

Among the steps specifically related to publishing data to a network or Web site were these:

  • To identify and inventory sensitive information applications and sources on the Web;
  • To assess the need for this type of information to be published online;
  • To verify whether the information is properly restricted;
  • To remove sensitive data and applications that don't need to be posted online;
  • To regularly review sensitive information and applications to verify restricted access and proper functionality; and
  • To maintain audit logs for all activity related to sensitive information.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • Abstract speed motion blur in vibrant colors

    3 Ed Tech Shifts that Will Define 2026

    The digital learning landscape is entering a new phase defined by rapid advances in artificial intelligence, rising expectations for the student experience, and increasing pressure to demonstrate quality and accountability in online education.

  • Businessman holding Chatbot with binary code, message and data 3d rendering

    Anthropic Criticizes OpenAI Ad Strategy

    Anthropic recently launched a multi-million dollar Super Bowl advertising campaign criticizing OpenAI's decision to start showing ads within ChatGPT.

  • glowing crystal ball with network connections

    Tech Outlook 2026: What Higher Ed Tech Leaders Expect this Year

    We asked higher education technology leaders for their predictions on how the tech landscape will change for colleges and universities in the coming year. Here's what they told us.

  • workshop participants discuss sustainability in open science and research

    Open Source: Advancing Our Digital Commons

    IT leaders are recognizing the benefits of a return to open strategies. CT asked Jack Suess, VP of IT and CIO at UMBC, for his views on returning to the digital commons of open source.