The following is a statement from University of Wisconsin Oshkosh Provost and Vice Chancellor Lane Earns:
August 26, 2011
The Living Healthy Community Clinic operated by the College of Nursing at the University of Wisconsin Oshkosh recently experienced a computer security incident that may have exposed records containing the names, addresses, Social Security numbers of individuals who received services at the clinic and health records of a smaller group of such individuals.
On July 25, 2011, University technology staff members found evidence of a computer virus on a desktop computer at the clinic. The computer was removed from the network, and a forensically sound image of the computer’s hard drive was analyzed by the UW-Madison Office of Campus Information Security. Analysis determined that the desktop computer contained approximately 3,000 instances of personal identifying information, but there was no indication that any data had been taken.
The investigators have not been able to identify those who gained unauthorized access, but it appears that this was not a targeted attack, since the same virus has been found in unrelated computers in other areas of the state. While there is no proof of any attempt to download the names, addresses, Social Security numbers or health records from the desktop computer that was compromised, we wish to inform those people who had records stored on the desktop computer.
UW Oshkosh is in the process of individually contacting affected clinic patients to inform them of the nature of the security incident, the steps taken to thoroughly investigate it, the efforts put in place to address future security concerns in this area, and resources that are available to protect personal information and prevent identity theft. These resources can be found at http://www.uwosh.edu/go/security.
The University takes the protection and integrity of data very seriously, and its recent investment in information security technology has been one of its most robust in years. “The recent threat, those that have emerged at other UW System institutions and those that daily challenge universities and businesses large and small around the country are reminders of the need for safe computer use throughout an organization’s culture,” said Nick Dvoracek, UW Oshkosh director of learning technologies and interim chief information officer.
“UW Oshkosh has strong policies, protocols and programs in place that not only protect sensitive information but also empower computer users to be part of the security solution,” Dvoracek said. “As we approach a new academic year, this recent security concern reinforces our commitment to continue educating students, faculty and staff about the smart, safe, vigilant use of technology connected with our institution.”
Provost and Vice Chancellor