Two potential data breaches at colleges in the region are drawing attention to cyberhacking and the security of identity records.
On June 4th, UMass Amherst reported a malware breach at the college’s Center for Language, Speech, and Hearing. As a result, protected health information of nearly 1,700 clients was potentially revealed. College Spokesman Ed Blaguszewski says that the information at risk included addresses, names of health insurers, primary healthcare or referring doctors.
The day before UMass Amherst reported its hacking, Champlain College in Burlington, Vt. notified more than 14-thousand students and former applicants of a breach of data security. A portable storage device had been left unattended in a computer lab for 48 hours. Digital forensics indicates there has been no misuse of the data, which included names and Social Security numbers on a temporary file. Nevertheless, the college notified all students and applicants from over the past three years and offered identity monitoring services. Champlain College Senior Vice President of Finance and Administration David Provost says because of the college’s focus on financial literacy, they opted to use the incident as a teachable moment.
That sort of proactive preparation is something more companies and institutions should be doing, according to GreyCastle Security Founder Reg Harnish. The company, an information technology security firm specializing in data security, assessment, remediation and management, is based in Troy, NY. Harnish notes that security breaches are very common, but many are unreported.
Champlain College hosts the Senator Patrick Leahy Center for Digital Investigation, which has been named the best cyber security higher education program in the country by SC Magazine, a publication targeting the IT security market. Center Director and Professor Jonathan Rajewski helped investigate the possible breach at the college. He also works with the Vermont Internet Crimes Task Force. He says companies need to have a response plan in place.
GreyCastle Security’s Reg Harnish says too many organizations rely on technology to save them once a breach or security problem has occurred.
If digital security is compromised, experts advise company officials remain calm, retain evidence, and seek out professional digital forensic experts.