Click here to receive your FREE subscription to Campus Technology
News Feature
Once More unto the Breach
4/13/2007
The announcement earlier this month of a potential data security breach at the University of California, San Francisco (UCSF) may have come as a shock to the 46,000 individuals who received notification that their personal information might have been compromised. But for industry observers, this latest revelation was just another in a long string of security incidents impacting institutions of higher learning.Higher ed isn't the only sector suffering from breaches in security, but it is, in some ways, in a unique predicament. Adam Thermos, founder of Strategic Technology Group, said that universities typically implement standard security measures. "However," he said, "this is [academia].... Most of the problems are more out of negligence and less out of malice. Too much instability in operations, too many work study and graduate students in and out, too many cooks in the kitchen...."
Regardless of the causes--and it should be noted that the specific cause of the UCSF breach is not known publicly, if at all, as of this writing--data breaches in higher education are more common than in most other sectors. Are higher education institutions doing all that can be done to safeguard the personal data of their students, employees, and customers? And, when breaches do occur, are the universities doing everything they're supposed to be doing?
We spoke with a number of analysts and industry observers on this issue in light of the UCSF incident. For the most part, they agreed that higher education is doing well in many cases when it comes to responding to incidents; but efforts at safeguarding data leave something to be desired, especially given some obvious and relatively unobtrusive measures that could be adopted.
What Happened at UCSF?
In March, UCSF discovered that a file server located at the University of California Office of the President in Oakland, CA might have been accessed electronically by an unauthorized, as-yet-unidentified entity. The server itself contained information on staff, students and faculty at UCSF and the UCSF Medical Center--including Social Security numbers and bank account information related to payroll and "reimbursement deposits."
According to UCSF, there was no patient information from the UCSF Medical Center on the server.
As of this writing, the university had not determined whether there had been any unauthorized access to the data (or had at least not shared such information with the public). And no incidents of identity theft as a result of the potential breach had been reported.
UCSF's Response
The university's response to the situation was, initially, to remove the system in question "immediately" from service so there would be no further possible risk. Following this, in April, UCSF then sent out notices to some 46,000 individuals who had ben associated with the university or the Medical Center over the last two years.
Recommended Reading
- College of Southern Nevada Implementing Angel To Run Online Courses
The College of Southern Nevada (CSN), a community college in Las Vegas with 41,000 students, has adopted the Angel Learning Management Suite (LMS) to support its online course offerings. In Spring 2008 CSN began evaluating alternatives to WebCT, which it currently runs, and made the decision to adopt Angel in the fall. In January 2009, CSN's 865 sections of online enrollment will be delivered using the Angel LMS.
- Toshiba Brings DisplayLink to Docking Station
Toshiba has introduced a new USB docking station that incorporates DisplayLink--a technology that allows computers to connect to projectors and other types of displays through USB 2.0.
- Mitsubishi Ships SXGA+ Projector with DICOM Simulation
Mitsubishi has begun shipping a new LCD-based SXGA+ projector aimed at higher education, specifically medical schools. The new MH2850U, according to Mitsubishi, is "specially engineered for projecting DICOM simulation images for use in medical education and training."
- First Look: Komodo IDE 5.0
Last month, ActiveState released Komodo IDE 5.0, the company's latest integrated development environment (IDE). Komodo supports multiple programming and markup languages, including HTML, JavaScript, PHP, Perl, Java, Python, C++ and more. It does not support some .NET languages at present, such as ASP/ASP.NET, C# and VB.NET.
- IBM Offers Cloud Computing Help
IBM last week announced consulting services specifically designed to help organizations assess their options in using cloud computing technology. "Cloud computing" is a much argued term, but it typically refers to solutions delivered over the Internet, rather than via customer premises-installed software.
- Hollins U Chooses Omnilert for Emergency Notification Ahead of VA Deadline
Hollins University, among other higher ed institutions in Virginia, has implemented Omnilert's e2Campus emergency notification system (ENS) just ahead of a state-mandated deadline requiring them at every public institution of higher education by Jan. 1. Hollins itself isn't a public campus, but wished to implement an ENS before the end of the year, the school said in a company statement.
