NEWS

  /  

November 28, 2017

University Statement on Maroon's Vulnerability Findings

The privacy and security of University information always has and continues to be of the highest priority. As such, the University has a robust security program that is continually tested and supervised. As with most large organizations, occasionally the University’s Information Security office receives reports of potential network, system, or service security concerns. In such cases, the reports are quickly reviewed and investigated and any security concerns that are uncovered are remediated. Given the ever-changing nature of technology as well as constantly evolving security threats, members of the University community are always encouraged to report any potential security concerns to Information Security at security@uchicago.edu or (773) 702-2378 —such reports are appreciated.

Additional information:

  • The University conducted an analysis of the information reported by The Maroon, and based on the investigation, has not found any indication that any protected health information could be publicly accessed.
  • The University will continue its investigation of the matter.
  • When the University finds an instance where private information has been breached or disclosed, it begins a process to determine if a notification to the affected population is warranted.
  • Aside from such instances, to safeguard the institution and members of the UChicago community, it is the general practice of the University not to comment on any specific findings, legal conclusions, or remediation steps.
  • The University continually monitors and reviews its networks and regularly compares best practices with peer institutions to ensure continued protection of security and privacy.
  • As an educational community, the University’s network is intentionally designed to support its vital mission of research and collaboration. To support this design, the University has set policies in place and all members of the UChicago community with network access have the responsibility to follow those policies.  

RELATED COVERAGE

University Hospital Patient Information Was Potentially Vulnerable to Hackers

By Euirim Choi

A Maroon investigation found that weaknesses in the University’s network could have allowed hackers to steal sensitive information from networked printers, as well as access and, in some cases, control cameras and other connected devices.

  /  

November 28, 2017

MOST READ