University of Florida Fails to Protect Personal Information, Again

Ok, this blog does not deal with VoIP, but while we’re talking about security vulnerabilities…

A University of Florida College of Dentistry server containing sensitive patient information was compromised; providing access to more than 344,000 current and former patient records. What type of information? Names, birthdays, social security numbers, addresses, were just some of the information compromised.

The Gainesville Sun states:

While UF officials have no evidence the intruder used the information for fraudulent purposes, letters were mailed to 336,234 people who had information on the system to alert them. The university lacked mailing addresses for nearly 8,250 additional patients with data on the server and is seeking help in locating them.

A hotline, 866-783-5883, has been established for patient inquiries.

Although the FBI and Police are investigating, the University of Florida needs to raise their hand and say “My bad.” As an institution of higher learning, the Univeristy prides itself on leading the way. Having a security breach to sensitive systems that’s noticed only during an upgrade is consistent with and organization that places a low value on the privacy of their “clients.” From a hospital this would be unacceptable. But from the “flagship” of the State University System of Florida, it’s truly inadmissible.

Of course, this isn’t the first time the University of Florida has allowed access to sensitive data. As we said on June 12th:

The time for excuses is over. After all, our hero Benjamin Franklin used to say, “He that is good for making excuses is seldom good for anything else.“