College of Dentistry at UF breached

University of Florida college IT staff were upgrading a server on October 3, 2008, when they discovered some unauthorized installed software that was apparently some sort of malware.  The server contained "patient names, addresses, birth dates, Social Security numbers and, in some cases, dental procedure information".  This has led to UF sending out notices to the over 330,000 patients affected (data went back all the way to 1990), and they have started scanning an additional 60,000 computers (getting the whole campus I guess) to make sure the software hasn't been installed anywhere else.

One excerpt from the article was especially telling when talking about universities:

"Serious security is not a core part of their genome. It's something they're still learning," Argast [security analyst for Sophos Labs] said. "Those practices just aren't habits. But we're seeing a huge uptick in interest. This is a very real, present threat, and it threatens their user community."

This is very true.  In my day-to-day job, I am seeing a lot of movement by higher education to become more actively secure instead of fighting the fires that open networks always have.  It really comes down to them having to face the music.  There are A LOT more tech-savvy students now days, and that is something I have had to personally protect against.  It is not fun.  But it is necessary.  Open and free dialogue and the search for truth is not very efficient if your network is down.

And now I am going to poke a little fun at the article.

Excerpt:

In recent years, the university has beefed up its security infrastructure with firewalls, intrusion detection systems and by encrypting data flows containing sensitive information, and has increased its vigilance of threat identification and security servers.

"Despite these efforts, this illegal user was able to gain access to the server," Dolan said.

But some say that the university's efforts might not have been enough. (emphasis added)

Gee, ya' think??  Sheesh...