The University disciplined a student for providing The Maroon with network scan logs that contributed to a report on serious security vulnerabilities with the University’s printers. The vulnerabilities put legally-protected patient health information at risk to potential hackers.
The Maroon did not disclose the student’s identity, but the University nonetheless became aware of who was responsible. After The Maroon informed IT Services of the vulnerabilities, but before the article was published, the student was summoned to meet with an assistant dean regarding the network scan.
The student was subsequently placed on disciplinary probation for the rest of their academic career.
The logs reveal that printers that handle potentially sensitive patient information, including health records and surgery logs, were publicly accessible on the web. The documents themselves might have been accessible as well.
Other findings included printers with names that seem to have been previously defaced, and public-facing cameras at the Oriental Institute and Regenstein Library that could be accessed from the web.
You can contact The Maroon here if you have more information about this story.