The news that hackers gained access to the medical data of thousands of Ohio University students, due to a security breach at the university's Hudson Health Center, was only the latest in a series of attacks that have plagued the college since late April.
The Hudson Health Center data contained identifying information on 60,000 students, including Social Security and personal identifier numbers, addresses, and data on medical treatments.
The Health Center breach followed an attack on a network server containing data on 300,000 Ohio University alumni and donors, including 137,000 Social Security numbers.
And on April 21st, the university's Innovation Center was hacked, leading to the exposure of intellectual property files, e-mails, and Social Security numbers, according to the university's press statement.
Bill Sams, chief information officer for Ohio University, told the Columbus Dispatch that the information was coded in such a way that medical records and personal identifiers could not be immediately matched, reducing the risk to affected individuals.
Sams claimed that the university "had a 20-person team, working seven days a week" to perform a security audit on the Ohio University network and servers.
No information was available indicating that the breaches were the work of the same group of hackers.
The Department of Health and Human Services stated it would investigate to verify if federal privacy laws governing the collection of personal data and medical records were violated.
The university had announced in late 2005 that it would stop using Social Security Numbers (SSNs) for personal identification, and was updating its systems to use unique ID numbers instead.
The Ohio University breaches were the latest in a trend of identity thefts and data losses targeting universities in recent months. In March, a hacker ring broke into servers hosted by Georgetown University, and stole data on 40,000 residents provided by the city's Office on Aging.
And in one of the many instances of laptop thefts leading to security breaches, a Vermont State College employee's laptop was stolen from his car during a Montreal vacation. The laptop contained data on 20,000 students, faculty, and retired members of the Vermont State College system.
Both houses of Congress are currently considering legislation that would restrict the usage and storage of SSNs in order to stem the tide of potential fraud and identity theft that can result from their misuse.
Rep. Ed Markey (D-MA) has introduced two pieces of legislation designed to place data brokers such as ChoicePoint under the jurisdiction of the Federal Trade Commission (FTC), and to limit the sale and purchase of SSNs, except in specific circumstances.
Under Markey's "Social Security Number Protection Act," only law enforcement and public health agencies would be able to collect and store SSNs. The sale or purchase of SSNs would otherwise be criminalized.