Private Data on U Louisville Patients Online for 18 Months

  • By Dian Schaffhauser
  • 06/11/10

According to coverage in the Louisville Courier-Journal, a University of Louisville database with personal information about 700 patients in its kidney dialysis program was publicly available on the Internet for a year and a half. Only when a person unaffiliated with the institution sent e-mail about the exposure did the university become aware of the breach.

The newspaper reported that the information was posted to the Web site of the program by a doctor who thought the data was behind a password wall. Once the university was notified, it shut the Web site down.

The disclosed information included names, Social Security numbers, and dialysis treatment details. The university is providing credit monitoring to those affected.

Shortly after the breach was disclosed, university Chief Information Security Officer Bruce Edwards said in an interview published to the campus Web site that departmental level actions were necessary to help prevent data breaches.

"There are a few basic steps that can greatly enhance the security of sensitive data managed within each department," said Edwards. "Each department's technical support personnel should be familiar with [the university's] information security policies and, with the support of their department, should be able to implement these steps. The steps are simple, but they could very well require a lot of focus in departments with complex environments."

Among the steps specifically related to publishing data to a network or Web site were these:

  • To identify and inventory sensitive information applications and sources on the Web;
  • To assess the need for this type of information to be published online;
  • To verify whether the information is properly restricted;
  • To remove sensitive data and applications that don't need to be posted online;
  • To regularly review sensitive information and applications to verify restricted access and proper functionality; and
  • To maintain audit logs for all activity related to sensitive information.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • open laptop in a college classroom with holographic AI icons like a brain and data charts rising from the screen

    4 Ways Universities Are Using Google AI Tools for Learning and Administration

    In a recent blog post, Google shared an array of education customer stories, showcasing ways institutions are using AI tools like Gemini and NotebookLM to transform both learning and administrative tasks.

  • illustration of a human head with a glowing neural network in the brain, connected to tech icons on a cool blue-gray background

    Meta Launches Stand-Alone AI App

    Meta Platforms has introduced a stand-alone artificial intelligence app built on its proprietary Llama 4 model, intensifying the competitive race in generative AI alongside OpenAI, Google, Anthropic, and xAI.

  • three main icons—a cloud, a user profile, and a padlock—connected by circuit lines on a blue abstract background

    Report: Identity Has Become a Critical Security Perimeter for Cloud Services

    A new threat landscape report points to new cloud vulnerabilities. According to the 2025 Global Threat Landscape Report from Fortinet, while misconfigured cloud storage buckets were once a prime vector for cybersecurity exploits, other cloud missteps are gaining focus.

  • Stylized illustration showing cybersecurity elements like shields, padlocks, and secure cloud icons on a neutral, minimalist digital background

    Microsoft Announces Security Advancements

    Microsoft has announced major security advancements across its product portfolio and practices. The work is part of its Secure Future Initiative (SFI), a multiyear cybersecurity transformation the company calls the largest engineering project in company history.