The University has found no evidence to suggest that social security numbers and protected health information were accessed in the August 2013 security breach, when Emory administrators were notified of unexpected activity occurring on Information Technology (IT) systems, according to a University information security email sent out on Dec. 11.

In August, Emory information security determined that unknown attackers accessed IT systems and obtained a partial list of Emory user accounts and passwords, the email says. Emory information security and private forensic analysis firms are still actively trying to determine the source of the breach.

In an effort to remedy the problem, the Emory Office of Information Security emailed the community mandating that all users change their passwords.

In August, Emory information security was “not aware of any protected health information or social security numbers being compromised,” the email notes.

As of the Dec. 11 update, Emory has concluded that some user accounts and password credentials were accessed, but health information and social security numbers were not compromised.

According to the information security email, a second round of remediation activities designed to improve the system’s defenses were planned and implemented.

Brad Sanford, Emory chief information security officer, said his team relies on community help to ensure safety. Users have to follow several measures to ensure their information is secure.

A password that is eight or more characters and contains a variety of numbers and specials characters is considered a strong password, according to Sanford. He warns if a password is shared with another individual, it should be changed immediately.

“Your password isn’t a secret anymore if you write it down for others to find,” Sanford said.

Sanford also warns against phishing emails in which “phishers” forge a sender’s address to make it look like it came from Emory. Emails sent by phishers have links to mock webpages. When the user is prompted to input on the mock website, the phisher has access to all of the personal information entered.

“If you’re asked to reveal any personal information via email, you should not respond,” he said.

Sanford stressed the importance of cyber-security.

“Information security is one of Emory’s highest information technology priorities, and we are continuously working to enhance and improve our information security safeguards,” Sanford said.

–By Brandon Fuhr

+ posts

The Emory Wheel was founded in 1919 and is currently the only independent, student-run newspaper of Emory University. The Wheel publishes weekly on Wednesdays during the academic year, except during University holidays and scheduled publication intermissions.

The Wheel is financially and editorially independent from the University. All of its content is generated by the Wheel’s more than 100 student staff members and contributing writers, and its printing costs are covered by profits from self-generated advertising sales.