The women were participating in a mammography study conducted by the UNC School of Medicine. The breach could date as far back as 2007, and has exposed Social Security numbers, dates of birth and other sensitive information on the study participants, according to a report in the Charlotte, NC-based The News & Observer.
Matthew Mauro, chairman of the UNC-CH Department of Radiology said computer forensics experts detected the breach in July. The exposed information was on one of two servers that housed data on more than 662,000 women. The data was being collected as part of the Carolina Mammography Registry, a project that compiles and analyzes mammography results submitted by radiologists in North Carolina.
UNC officials are sending out breach notification letters to all 236,000 study participants. The university began phasing out Social Security numbers as patient identification codes several years ago, according to the report. The university said it has also "tightened" its reporting system for the project.