One Scary Glitch

Harvard University Health Services (UHS) promises privacy for a reason. All students and affiliates of the university need to feel secure in sharing their most personal information with their individual care providers as well as with UHS pharmacists and other medical personnel. Until roughly two weeks ago, a company called PharmaCare provided UHS and its patients a means to store and access this information. Before intersession, Crimson reporters discovered a glitch in the system that allowed any internet user on Harvard’s network to generate a complete list of prescription medications purchased by individual students through the UHS pharmacy. The reporters used only the last name of a student and an ID number—easily obtained through other Harvard websites or from lost student ID cards— to access the PharmaCare website and retrieve private prescription lists.

Among those who could have been affected by the glitch were students with “secure flags,” which mandate that their personal information be kept absolutely secret. The purpose of these flags is to protect students who have legitimate reason to fear a leak of this information—celebrities or those in political asylum, or even students fearing a stalker. Health Services’ mistake compromised the safety of these students.

The implications of this leak are problematic on many levels. Harvard students should fear for their privacy, as this was a security hole that could be potentially dangerous. Prescription medications are the business of a patient and doctor, releasing the information to anyone else could have dire social and legal consequences. Knowledge of a Prozac prescription or medication for a potentially embarrassing illness affects not only the way we think about others but the way they are treated as well. Moreover, this security hole was open for a long period of time without attracting notice. It begs the question whether other Harvard databases are equally vulnerable.

They needn’t be that way. The PIN authentication system, utilized by the College’s Registrar and Harvard College Libraries, to name a few, is the standard at Harvard for restricting access to privileged information. With such an effective system already in place—one that requires an ID number and a privately-held PIN password—it’s a wonder UHS didn’t feel the need to jump on the PIN bandwagon.

It needs to now. Though UHS should be commended for its quick action in shutting down the PharmaCare-run website, that cannot erase the mistake it made. UHS officials are currently evaluating the system to determine the next steps to take. We recommend that PIN-access be instituted to access drug records, as it has proven itself as an easy-to-use and secure password authentication system. This essential safety measure would require minimal work and yield a major security payoff. Harvard administrators in other areas must also take an in-depth look at the security of their databases, especially those that do not yet require PIN access—notably, the Office of Career Services’ e-Recruiting website. Until then, Harvard students, faculty and staff cannot be sure whether or not their personal information is truly as safe as it should be.