The University of Texas at Arlington recently learned that one of its file servers had been compromised, which potentially exposed the prescription records of approximately 27,000 individuals to an unauthorized source.
Federal and state authorities have been notified, including the U.S. Department of Health and Human Services, the Texas Department of Information Resources, The University of Texas System, and law enforcement officials.
There is no evidence to suggest that the compromised information is being used in an unauthorized manner as a result of this incident.
On June 21, 2010, the UT Arlington Office of Information Technology detected that data on a file server that contained Student Health Center prescription records had been compromised on four occasions: February 19, 2009; April 28, 2009; January 23, 2010; and February 10, 2010. The records dated from 2000 to June 21, 2010, and involved individuals who received a prescription or filled a prescription at the Student Health Center.
The file server in question was immediately taken offline and secured. The compromise was determined to be limited to that single file server. No other servers at the University were affected.
An extensive internal review of the matter has revealed that prescription records for approximately 27,000 individuals — including students, faculty, and staff — were potentially exposed to an outside source. In addition, records for 2,048 of the 27,000 affected individuals included Social Security numbers.
The information that may have been exposed also included names, addresses, prescription names, amount spent, and diagnostic codes. The data stored in the records did not contain credit card information or any other medical records.
To assist those who may be affected, UT Arlington has implemented the following measures:
Additionally, the Federal Trade Commission offers resources for anyone who suspects he or she may be the victim of identity theft. The website is at www.ftc.gov/bcp/edu/microsites/idtheft/.