Researcher fights data breach pay cut

A US breast cancer researcher is battling a pay cut and demotion imposed on her by the University of North Carolina after a server she was responsible for was hacked, exposing some 180,000 patient details.

Epidemiologist Bonnie Yankaskas was demoted from full to associate professor and had her pay cut from US$178,000 to US$93,000 after the data breach was detected in 2009, some two years after the server was breached.

The University had reportedly attempted to fire Yankaskas before demoting her over the incident.

Yankaskas believed the IT department should be held responsible for the security of the server and has taken her case to the University's board.

"I clearly have been scapegoated," she told North Carolina publication the News Observer.

"I bear the responsibility for my group doing what's right. But do I bear the responsibility for this machine not being secure? How do you lay that on me?"

The hacker had breached the University's Mammography Registry, which also contained details collected from 35 breast testing clinics across North Carolina that took part in the research.

The indirect path patient details took to the server left the University facing questions by women who received the breach notification as to why their details were on the registry.

"At some point, you may have obtained a mammogram from one of the more than 35 practices in North Carolina that partner with the Carolina Mammography Registry," it said on an explanatory page.

The cost of sending out notifications and establishing a call centre to handle questions by recipients was $250,000, according to the News Observer report.

Although the University was unable to determine whether any personal information was accessed during the breach, it said that 114,000 social security numbers were exposed in the incident.

The University said it no longer received complete Social Security Numbers but only the last four digits and was exploring ways for women to opt out of the research.