University Health Center Hacked – Well Really Alumni Relations

Not too long ago I ran accross an article that talked about Ohio University’s server being hacked and in a hackers hands for a long period of time. I honestly don’t think this is really all that common. In fact, after working with a friend of mine in college who was excellent at hacking I think this happens a lot more than we ever realize and definitely more than ever gets published. Not that the practices of this article are acceptable, but I don’t think we should be naive.

Many may be wondering what a University getting hacked is doing on an EMR and HIPAA blog. Well, read this quote from the article:

How a server could be left open to intruders is still under investigation. But this much is known: A server supporting the alumni relations department was supposed to be offline, Sams said. The people responsible for shutting it down thought they had done so. The server continued to be connected to the Internet but didn’t receive security updates. It was the equivalent of leaving a backdoor open for thieves to walk in and seize what they wanted.

The culprits who broke into the other two servers made off with health records belonging to students treated at the university’s health center, as well as Social Security numbers of an additional 60,000 people.

Does this really make sense to any rational person? What is a student’s health record doing on a server supportint the alumni relations department? Not to mention on a server that someone isn’t updating. At the rate that Windows puts out updates I think we are all guilty of sometimes being a bit lazy in our updating policy. However, to forget about the machine and think it is shutdown is ridiculous. That has HIPAA violation and HIPAA lawsuit written all over it.

About the author

John Lynn

John Lynn

John Lynn is the Founder of the, a network of leading Healthcare IT resources. The flagship blog, Healthcare IT Today, contains over 13,000 articles with over half of the articles written by John. These EMR and Healthcare IT related articles have been viewed over 20 million times.

John manages Healthcare IT Central, the leading career Health IT job board. He also organizes the first of its kind conference and community focused on healthcare marketing, Healthcare and IT Marketing Conference, and a healthcare IT conference,, focused on practical healthcare IT innovation. John is an advisor to multiple healthcare IT companies. John is highly involved in social media, and in addition to his blogs can be found on Twitter: @techguy.


  • When requesting my medical records for a lengthy hospital stay, I received someone elses records. About 3 pages which said I have cancer (I do not), I am 20 (I am not), I’m in remission (I am not) and I have an 8 month old son. (I do not) What do I do?

  • My x who is a MD at a Military facility used another doctors pass code to access my medical records during the time we were seperated. In error he sent a text to my phone that was ment to go to his attorney. In it he stated that he used another doctors code to access my medical records to see if I had a back surgery. He stated that I had not had the surgery and that I had lieing to the divorce court.

    I did have the surgery but had it done at a private facility which of course would not show on my military records.

    This doctor has a long history of conduct of this type but the military protects him.

    The laws are great if they work, I can honestly say they are not working if you are a military patient.

  • Karen,
    I don’t really give specific legal advice. I’ll leave that to lawyers. I did recently come across a health care attorney on Twitter. I don’t know her very well yet, but from what I’ve read she seems to know what she’s talking about. You can find her:

    From what you describe it might be worth consulting with an attorney to see what your options might be. It’s unfortunate when people do things like this.

  • My local ambulance squad apparently spread some half-true gossip after a call to our house. What, if anything, is my legal remedy?
    The incident was minor; my husband was transported to the local medical center to be checked out. One of the crew apparently suspected an overdose and started telling other people. This rumor spread to my daughter’s school (and probably other parts of the community).
    I became aware of it a couple of years later at a parent-teacher conference. My daughter’s teacher said she had heard there were “drugs in the house” and asked us some pretty invasive questions. She would not tell me who had mentioned it to her, but eventually told us that it stemmed from the ambulance service.
    Needless to say this is a very bad thing in a small town. I can only imagine the harm this reputation may have caused me — and I wasn’t even the patient!
    Are ambulance volunteers covered under HIPPA? What about half-truths that grow out of confidential information?
    I’ve had a hard time finding work
    where I eventually

  • Liz,
    Best to contact a lawyer since I’m pretty sure each state would handle this differently. Sorry to hear about your situation.

Click here to post a comment