Return to Nicholas Johnson's Main Web Site

Return to Nicholas Johnson's Iowa Rain Forest ("Earthpark") Web Site

Return to Nicholas Johnson's Blog, FromDC2Iowa

State auditor to probe UIHC info leak

Neal Sauerberg

The Daily Iowan

January 30, 2007

[Note: This material is copyright by The Daily Iowan, and is reproduced here as a matter of "fair use" for non-commercial, educational purposes only. Any other use may require the prior approval of The Daily Iowan.]

The probe into a recent security breach at the UI Hospitals and Clinics took a new turn on Monday, when UI interim President Gary Fethke announced that State Auditor David Vaudt will investigate access to the hospital's information services.

"Our own investigation indicates that this was a case in which a university employee violated our policy on the acceptable use of information," Fethke said in a statement. "However, the fact that this incident occurred in the administrative area of the hospital requires us to review whether our processes there can be improved to prevent future occurrences."

University Relations Director Steve Parrott said the move came after much consideration from Fethke. Parrott also stressed that any probe into the security compromise would go forward in an open manner.

"It's good to get the audit out to an unbiased, independent body," he said on Monday night.

The case did not involve a hacker or virus, said Parrott, who refused to comment on who UIHC officials believe is responsible for the security breach. He also would not reveal what information was compromised.

Local media reports in the past several weeks have included UIHC Director Emeritus John Colloton, who maintains an office space at the hospital and a paid secretary, though he doesn't currently serve as an official employee.

Parrott on Monday again refused to comment on Colloton's link to the security probe.

"I think we'll pretty much leave that one alone," he said.

This issue first publicly surfaced when state Board of Regents President Michael Gartner asked for an investigation into the incident during a Jan. 11 telephone conference.

Vaudt will now sort through the case to determine preventative measures that the university can take in the future, officials said. He must also decide who within the UIHC was ultimately responsible for compromising the private information.