For immediate release

CORE Responds to Accidental Publication of Sensitive Information on Web Site

(July 24, 2008 -- Pickerington, OH) The Centers for Osteopathic Research and Education (CORE) removed a Web document last week that inadvertently contained personal information belonging to individuals who have provided academic programming for the medical education consortium. CORE has identified, sent information to and developed resources for the 492 presenters affected.

On March 20, an employee at a CORE regional office unintentionally posted to the CORE Web site the wrong version of a speaker information spreadsheet. It contained Social Security numbers for some of the speakers along with other business information, such as contact numbers, addresses, training topics and federal employer identification numbers.

The document that should have been posted was intended to help CORE’s Residency Program Advisory Committees (RPAC) directors, who coordinate education programs for physicians-in-training and identify and engage medical education speakers. It was not intended to carry personal information.

A registered nurse found the information last week while conducting online research, and she alerted CORE to the presence of the data. CORE immediately removed the information from the site.

“We deeply regret that this error occurred and have moved quickly to verify whose information was involved, send out notifications and establish resources to help the affected individuals,” Keith Watson, chairman of the CORE board, said. “These individuals bring so much value to our physicians-in-training and literally make it possible for us to carry out CORE’s mission.”

With the help of experts from CORE partner Ohio University, CORE is examining what happened and how it happened. At this time, CORE knows that the mistake resulted from human error and not from an attack on the system. It was the first time any personal information had found its way onto the CORE Web site, and no personal information remains on the site.

In addition to removing the data, CORE has taken immediate steps in response to the employee’s action. The employee has been placed on paid administrative leave, and the employee’s access to CORE data has been suspended pending the results of a review into what happened, how it happened and what can be done to prevent a recurrence.

“It is a shame that, in the electronic age, a clerical error can produce such unintended consequences,” Watson said. “But that makes it all the more important that we learn from this situation and do all we can to prevent anything like this from happening again.”

Within one week of learning about the error, CORE has undertaken the following to assist those whose information was exposed: published an informational Web site (www.ohiocore.org/answers); provided a toll-free call-in number (866-437-8698); and offered credit monitoring service for one year. Notification letters went out yesterday to all the individuals affected.

CORE (www.ohiocore.org) is an osteopathic medical education consortium comprising member teaching hospitals, clinical training sites and osteopathic medical schools. The Ohio University College of Osteopathic Medicine is the central academic member of CORE.

#30#

Media Contact: Karoline Lane at 740-593-2261.