NOTICE OF BREACH OF RESEARCH INFORMATION RESIDING ON A UNIVERSITY OF TEXAS AT SAN ANTONIO FILE SERVER

On April 2, 2012, the University of Texas at San Antonio Office of Information Technology observed anomalous activity occurring on a file server used for research. Investigation revealed that unauthorized access had occurred which potentially exposed personal health information of approximately 151 individuals to an unauthorized source.

The file server was taken offline and has been secured. The unauthorized access was determined to be limited to this single file server. No other servers at the University were affected.

Federal and state authorities have been notified, including the Federal Bureau of Investigation, the University of Texas at San Antonio Police Department, the Texas Department of Information Resources and The University of Texas System.

There is no evidence to suggest that the compromised information is being used in an unauthorized manner as a result of this incident.

The server contained DICOM-formatted computed tomography angiography scans of the abdomen of patients that had an abdominal aortic aneurysm (“scans”). The scans were dated from 1997 to 2010, and were limited to the following:

  1. Scans of 149 patients who visited Allegheny General Hospital, 320 East North Avenue Pittsburgh, PA 15212, for follow-up on their abdominal aortic aneurysm from 1997 to 2010; and
  2. Scans of 2 patients who visited Northwestern Memorial Hospital, 251 E Huron St. Chicago, IL 60611 for follow-up on their abdominal aortic aneurysm in 2007.

The 151 scans that may have been exposed also contained the patient’s name, date of birth, gender, age, blood pressure, a patient identifier number, and the date of the scan. The data stored in the records did not contain social security information, credit card information or any medical records other than those mentioned.

Unfortunately, this data was not properly de-identified before it was placed in the Research Lab servers. Please be assured that all remaining data has been properly de-identified.

To assist those who may be affected, UTSA has implemented the following measures:

  • Anyone who believes their information may have been included in the potentially exposed data may contact Dr. Marianne Woods, the Senior Associate Vice President for Research Administration at (210)458-6185 for further information.
  • The data did not contain contact information for the individuals and so it is not possible to send notification letters. The University is using this posting as an alternate method to notify them.
  • Additionally, the Federal Trade Commission offers resources for anyone who suspects he or she may be the victim of identity theft. The website is at www.ftc.gov/bcp/edu/microsites/idtheft/.

Please be assured that UTSA takes such matters very seriously and we apologize for any inconvenience this event may have caused.