Researcher fights data breach pay cut

A US breast cancer researcher is battling a pay cut and demotion imposed on her by the University of North Carolina after a server she was responsible for was hacked, exposing some 180,000 patient details. 

Epidemiologist Bonnie Yankaskas was demoted from full to associate professor and had her pay cut from US$178,000 to US$93,000 after the data breach was detected in 2009, some two years after the incident. 

The university had reportedly attempted to fire Yankaskas before demoting her over the incident. 

Yankaskas believed the IT department should be held responsible for the security of the server and has taken her case to the university's board.  

"I clearly have been scapegoated," she told North Carolina publication the News Observer.

"I bear the responsibility for my group doing what's right. But do I bear the responsibility for this machine not being secure? How do you lay that on me?" 

The data breach was caused by a hacker which stumbled onto the university's Mammography Registry. The registry contained details collected from 35 breast testing clinics across North Carolina. The exposed data was not stored behind a firewall.

The cost to the university to send out notifications of the breach and establish a call centre to handle questions by recipients was $250,000, according to the News Observer report. 

"At some point, you may have obtained a mammogram from one of the more than 35 practices in North Carolina that partner with the Carolina Mammography Registry," the university said on an explanatory page. 

Although the university was unable to determine whether any personal information was accessed, it said that 114,000 social security numbers were exposed in the incident. 

The university said it no longer received complete Social Security Numbers but only the last four digits and was exploring ways for women to opt out of the research.