UK calls COVID-19 test results left vulnerable, “a regrettable error”

Tom Kenny,

LEXINGTON, Ky. (WTVQ) – The University of Kentucky says it learned this weekend a spreadsheet with negative COVID-19 test results of hundreds of students and some employees was left vulnerable and could be viewed by anyone with an active UK email address.

Names, dates of birth and the test results were viewable in a public Microsoft Sharepoint file that the school’s contact tracing team was using to share information internally, according to the school.

The test results are from the last two weeks as part of UK’s initial round of mandatory testing.

The university says the data has been moved to a more secure and private location.

The school says it will reach out to people early this week to those who may have been impacted.

Anyone with questions can email UK by clicking here.

There is also a website where the university will post updates.  To visit the site, click here.

Below is a release the school sent out on Sunday:

“The university was notified this weekend that a spreadsheet that the University’s contact tracing team was utilizing – containing the names of several hundred students and a small number of employees – was not appropriately protected. It may have been viewed by people with university email addresses who were not on the tracing team. While not an external security incident with respect to University systems, this was, without question, a regrettable error. We deeply apologize for it and will do everything possible to make it right on behalf of our students and employees.

Here is what we know:

  • The contact tracing team was a utilizing a file sharing platform to coordinate notification of members of the UK community, who had received a negative test result as part of Phase 1 testing of university students and employees over the past two weeks.
  • As soon as we realized this issue, the files in question were moved to a private and secured location.
  • However, some personal information – including a name, date of birth and negative test result – may have been viewed by people with university email addresses who should not have had access. None of the data involved social security numbers. We are analyzing now to what extent such information was viewed. Only those with active UK credentials would have been able to view the files. We are able to determine who accessed the files in an unauthorized manner and plan to follow up with each individual.
  • None of the information is considered protected health information under the Health Insurance Portability and Accountability Act (HIPAA). For students, though, the information is protected by the Family Educational Rights and Privacy Act (FERPA). For our employees, this is a violation of our normal privacy standards.
  • The university is working with the appropriate officials and technical teams to ensure the privacy and security of information is strongly safeguarded.
  • The university also is reaching out early this week to those students and employees who may have been impacted.
  • If someone has questions about this issue, they can contact coronavirus@uky.edu. This information also is being posted on the uky.edu/coronavirus site, where updates will be made.

Again, we apologize for this error to members of our community who were impacted by this issue. We are working quickly to address it and will keep everyone informed about our next steps.” – Jay Blanton

Categories: coronavirus, Coronavirus Updates, Featured, Local News, News
Tags: , , , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

Related