On April 2, 2012, the University of Texas at San Antonio Office of Information Technology observed anomalous activity occurring on a file server used for research. Investigation revealed that unauthorized access had occurred which potentially exposed personal health information of approximately 151 individuals to an unauthorized source.
The file server was taken offline and has been secured. The unauthorized access was determined to be limited to this single file server. No other servers at the University were affected.
Federal and state authorities have been notified, including the Federal Bureau of Investigation, the University of Texas at San Antonio Police Department, the Texas Department of Information Resources and The University of Texas System.
There is no evidence to suggest that the compromised information is being used in an unauthorized manner as a result of this incident.
The server contained DICOM-formatted computed tomography angiography scans of the abdomen of patients that had an abdominal aortic aneurysm (“scans”). The scans were dated from 1997 to 2010, and were limited to the following:
The 151 scans that may have been exposed also contained the patient’s name, date of birth, gender, age, blood pressure, a patient identifier number, and the date of the scan. The data stored in the records did not contain social security information, credit card information or any medical records other than those mentioned.
Unfortunately, this data was not properly de-identified before it was placed in the Research Lab servers. Please be assured that all remaining data has been properly de-identified.
To assist those who may be affected, UTSA has implemented the following measures:
Please be assured that UTSA takes such matters very seriously and we apologize for any inconvenience this event may have caused.