Add as a preferred source on Google


Private Data on U Louisville Patients Online for 18 Months

  • By Dian Schaffhauser
  • 06/11/10

According to coverage in the Louisville Courier-Journal, a University of Louisville database with personal information about 700 patients in its kidney dialysis program was publicly available on the Internet for a year and a half. Only when a person unaffiliated with the institution sent e-mail about the exposure did the university become aware of the breach.

The newspaper reported that the information was posted to the Web site of the program by a doctor who thought the data was behind a password wall. Once the university was notified, it shut the Web site down.

The disclosed information included names, Social Security numbers, and dialysis treatment details. The university is providing credit monitoring to those affected.

Shortly after the breach was disclosed, university Chief Information Security Officer Bruce Edwards said in an interview published to the campus Web site that departmental level actions were necessary to help prevent data breaches.

"There are a few basic steps that can greatly enhance the security of sensitive data managed within each department," said Edwards. "Each department's technical support personnel should be familiar with [the university's] information security policies and, with the support of their department, should be able to implement these steps. The steps are simple, but they could very well require a lot of focus in departments with complex environments."

Among the steps specifically related to publishing data to a network or Web site were these:

  • To identify and inventory sensitive information applications and sources on the Web;
  • To assess the need for this type of information to be published online;
  • To verify whether the information is properly restricted;
  • To remove sensitive data and applications that don't need to be posted online;
  • To regularly review sensitive information and applications to verify restricted access and proper functionality; and
  • To maintain audit logs for all activity related to sensitive information.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • open laptop with data streams

    OpenAI Launches AI-Powered Web Browser Built Around User Context

    OpenAI has introduced ChatGPT Atlas, a standalone browser that places ChatGPT at the heart of everyday web activity. This release represents a major expansion of the company's efforts to reshape how users search, browse, and complete tasks online.

  • Red alert symbols and email icons floating in a dark digital space

    Google Cloud Report: Cyber Attackers Are Fully Embracing AI

    According to Google Cloud's 2026 Cybersecurity Forecast, AI will become standard for both attackers and defenders, with threats expanding to virtualization systems, blockchain networks, and nation-state operations.

  • Hand holding a stylus over a tablet with futuristic risk management icons

    Why Universities Are Ransomware's Easy Target: Lessons from the 23% Surge

    Academic environments face heightened risk because their collaboration-driven environments are inherently open, making them more susceptible to attack, while the high-value research data they hold makes them an especially attractive target. The question is not if this data will be targeted, but whether universities can defend it swiftly enough against increasingly AI-powered threats.

  • abstract blocks of technology

    Reimagining Software Access to Transform the Student Experience

    Software access is a strategic priority — not a technical afterthought. Success depends on faculty engagement, institution-wide collaboration, and a clear focus on student outcomes.