Women's data breach probed

A security breach involving patient data in a UNC-Chapel Hill medical school computer server has prompted an investigation by the state Attorney General's Office.

By Tuesday, the consumer division of Attorney General Roy Cooper's office had received 25 calls from women whose personal data had been submitted to a UNC-CH mammography study. University officials recently discovered a hacker had infiltrated one of the study's computer servers.

Many women learned of their participation in the study when UNC-CH sent them letters detailing the breach.

But radiologists who submit the mammography data to a UNC medical school study do not need patients' consent to do so, a UNC Health Care spokeswoman said Tuesday.

Federal regulators waive the consent requirement for projects like the Carolina Mammography Registry because it is a population-based study dealing with hundreds of thousands of pieces of data, said Karen McCall, the UNC Health Care spokeswoman.

That's no comfort to Tammy McCauley of Clayton, who didn't even know her mammograms were part of the study until she got a letter recently detailing how a computer server containing her Social Security number and other personal information had been compromised by a hacker.