News
Email
Print
Hacker attack leaves women angry, worried
They weren't told their information was in registry
ADVERTISEMENT
Published: October 24, 2009
A security breach that exposed such personal information as the addresses and birth dates of more than 160,000 women enrolled in a mammography registry is raising questions about protecting people's privacy while at the same time making information available for much-needed research, an expert on bioethics said.
"We shouldn't really have to wait until something like this goes wrong," said Nancy M.P. King, a professor of social sciences and health policy at Wake Forest University School of Medicine.
"There ought to be a way to balance the risks to individuals and the public-health value of information," said King, who is also a co-director of Wake Forest University's Center for Bioethics, Health and Society.
Officials at the UNC Chapel Hill School of Medicine said that a hacker accessed a computer server containing files of more than 160,000 women enrolled in the Carolina Mammography Registry, a 14-year-old research project that stores and analyzes mammogram information from radiologists across the state.
Nobody's medical information was exposed, but the files included patients' names, addresses and in the case of 114,000 patients, their Social Security numbers.
It doesn't appear that the hacker removed or copied any information from the server, officials said.
Many of the women didn't know that their information was being used in the study.
Federal regulations allow radiologists to submit the information to the registry without getting permission from their patients because it is a population-based study dealing with large amounts of data, officials say.
It would be impossible to collect this kind of data if consent was required from individual patients, said Karen McCall, a spokeswoman for the UNC Chapel Hill School of Medicine.
"I wasn't told that my information was going to be part of a research study that was going to be shared with six states," said Beverly Olson, a Winston-Salem resident who received a letter from UNC Chapel Hill School of Medicine about the breach.
"Here I went for a routine mammogram and then find my information had been hacked and compromised.… How do I protect myself?"
The N.C. Attorney General's Office is looking into the breach, and Wake Radiology in Raleigh has suspended its relationship with the mammography study over concerns about data security.
The registry was created in 1993 and includes patient's medical history and mammogram results. The information is used for determining the effectiveness of mammogram screenings and for breast-cancer research, McCall said.
Radiologists are required to keep track of certain mammographies, and the easiest way to do that is through a registry, she said.
Althea Taylor-Jones, who lives in Kernersville, said she is vigilant about protecting her personal information. But in this case, she had no idea her information was contained in the registry, she said.
"You trust your heath-care providers, and next thing you know, your information is flying around out there in cyberspace," Taylor-Jones said.
She recently retired as a professor in the gerontology program at Winston-Salem State University and has worked for years with the elderly, teaching them about fraud and how to protect their personal information.
Because of the breach, she said, she has to put a freeze on her credit file.
"I try to protect my data, and I value my identity and don't want someone perpetrating as myself," Taylor-Jones said.
"It could ruin my credit and my life."
King, the bioethicist at Wake Forest, said that those concerns are valid and that more has to be done to protect people's privacy.
The information collected in such registries is invaluable to research, but patients should at least be notified that their information is going to be used, she said.
"There's a whole range of uses that don't relate to the health of the individual that's important for health care and public need," she said.
"The key thing is how do those who supervise the large collection of information … how do they keep up with what's needed to keep those data."
mhewlett@wsjournal.com | 727-7326
Email
Print
