Skip to content
ADVERTISEMENT
Sign In
  • Sections
    • News
    • Advice
    • The Review
  • Topics
    • Data
    • Diversity, Equity, & Inclusion
    • Finance & Operations
    • International
    • Leadership & Governance
    • Teaching & Learning
    • Scholarship & Research
    • Student Success
    • Technology
    • Transitions
    • The Workplace
  • Magazine
    • Current Issue
    • Special Issues
    • Podcast: College Matters from The Chronicle
  • Newsletters
  • Events
    • Virtual Events
    • Chronicle On-The-Road
    • Professional Development
  • Ask Chron
  • Store
    • Featured Products
    • Reports
    • Data
    • Collections
    • Back Issues
  • Jobs
    • Find a Job
    • Post a Job
    • Professional Development
    • Career Resources
    • Virtual Career Fair
  • More
  • Sections
    • News
    • Advice
    • The Review
  • Topics
    • Data
    • Diversity, Equity, & Inclusion
    • Finance & Operations
    • International
    • Leadership & Governance
    • Teaching & Learning
    • Scholarship & Research
    • Student Success
    • Technology
    • Transitions
    • The Workplace
  • Magazine
    • Current Issue
    • Special Issues
    • Podcast: College Matters from The Chronicle
  • Newsletters
  • Events
    • Virtual Events
    • Chronicle On-The-Road
    • Professional Development
  • Ask Chron
  • Store
    • Featured Products
    • Reports
    • Data
    • Collections
    • Back Issues
  • Jobs
    • Find a Job
    • Post a Job
    • Professional Development
    • Career Resources
    • Virtual Career Fair
    Upcoming Events:
    An AI-Driven Work Force
    University Transformation
Sign In
News

Chapel Hill Researcher Fights Demotion After Security Breach

By Katherine Mangan October 5, 2010
Bonnie C. Yankaskas of the U. of North Carolina School of Medicine says she is being made a scapegoat for the institution’s security flaws.
Bonnie C. Yankaskas of the U. of North Carolina School of Medicine says she is being made a scapegoat for the institution’s security flaws.

A prominent cancer researcher at the University of North Carolina at Chapel Hill is fighting the university’s decision to demote her and cut her pay in half after a security breach in a medical study she directs was discovered. The breach could have revealed medical records of of more than 100,000 women whose data were studied.

To continue reading for FREE, please sign in.

Sign In

Or subscribe now to read with unlimited access for as low as $10/month.

Don’t have an account? Sign up now.

A free account provides you access to a limited number of free articles each month, plus newsletters, job postings, salary data, and exclusive store discounts.

Sign Up

A prominent cancer researcher at the University of North Carolina at Chapel Hill is fighting the university’s decision to demote her and cut her pay in half after a security breach in a medical study she directs was discovered. The breach could have revealed medical records of of more than 100,000 women whose data were studied.

The researcher, Bonnie C. Yankaskas, an associate professor of radiology and adjunct professor of epidemiology, says the university is responsible for the security flaws, and she is being made a scapegoat. University officials have been pressuring her to resign, she said, but added, “This is my life’s work, and there’s too much to do. I’m not going anywhere.”

Ms. Yankaskas is the lead investigator in the Carolina Mammography Registry, a university project that is part of a nationwide consortium that collects and analyzes mammography results.

Last year, medical-school technology officials discovered that a hacker had infiltrated one of the project’s two computer servers, which contained personal data, including names, addresses, and birth dates, of about 180,000 women. About 114,000 of those files included the patients’ Social Security numbers. The break-in happened in 2007 but was only discovered after Ms. Yankaskas reported having trouble with her server in 2009.

University officials said there was no evidence that any information was removed from the servers, but they still sent letters to all of the women whose data might have been exposed. To comply with federal privacy rules, the university also notified the National Cancer Institute, which financed the project, law-enforcement officials, and local news outlets.

The incident “not only cost the university several hundreds of thousands of dollars but also damaged the university’s reputation as a research institution,” the provost, Bruce W. Carney, wrote in a letter to Ms. Yankaskas last year, informing her that the university planned to dismiss her.

She appealed that decision to a faculty-hearing committee, which concluded that firing wasn’t warranted but a lesser punishment might be.

In a letter dated July 21, 2010, the university’s chancellor, H. Holden Thorp, informed Ms. Yankaskas that she was being demoted from full to associate professor, but she would retain tenure. Her $178,000 salary was cut by 48 percent—to $93,000.

Ms. Yankaskas, who has a doctorate in epidemiology, has appealed the case to the university’s Board of Trustees, and she has vowed to file a lawsuit if that is unsuccessful. She says she is being unfairly blamed for systemic, universitywide security flaws that the university was aware of as early as 2006 but never informed her about.

“This whole thing could have been prevented, and they’re hanging it on me,” she said in an interview on Tuesday.

Science and Cybersecurity

Chancellor Thorp said on Tuesday that Ms. Yankaskas did not attend a 2006 meeting about security issues and that, as the mammography study’s principal investigator, or PI, she should be held accountable for the breach.

ADVERTISEMENT

“The PI is responsible for the security of data in studies like this,” he said.

Her lawyer, Raymond D. Cotton, counters that scientists can’t be expected to be cybersecurity experts.

“We have communications from the chancellor’s office and the medical-center technology office all noting potential and actual problems with the security of the computers, but no one notified her,” he said. “If they had done so, she would have fixed the problem in 2006.”

A few months after the computer breach was discovered last year, the university’s provost, Mr. Carney, sent Ms. Yankaskas a letter telling her the university intended to fire her for neglecting her responsibilities to safeguard the integrity of the data and for using data from University of North Carolina hospitals without permission. She says she did have permission to use that data.

ADVERTISEMENT

The provost also accused her of assigning server-security duties to an inexperienced staff member, who failed to install important patches and upgrades, and of not providing the staff member with the training needed. Ms. Yankaskas countered that the staff member, who has since left, had worked for the university’s technology office and that the employee never submitted a formal request for additional training.

“I had an employee who I trusted who told me things were OK,” she added. “I would have no way to get on the computer and tell if it was secure. Unless I assumed my employee was lying to me, I don’t know what I could have done.”

‘My Worst Nightmare’

Ms. Yankaskas appealed her firing to a faculty-hearings committee, which found in June that the problems resulted from systemwide security flaws, and not the actions of an individual researcher.

It said the case “revealed a weakness in the linkage between campus-security professionals who understand and monitor computer networks and the computer researchers who acquire and use confidential data.”

ADVERTISEMENT

The committee’s report described Ms. Yankaskas as a distinguished researcher whose mammography study has brought the university more than $12-million in grants from the National Institutes of Health and helped improve mammography practices across North Carolina. The committee concluded that she shouldn’t be fired, but that as principal investigator, she should be held accountable. The NIH has continued to support her.

Ms. Yankaskas said when she learned that the information had been accessed, “I literally fell apart. For 14 years, my worst nightmare was that somehow we’d break the trust of the women in the study. I had no inkling or idea or reason to believe that was the case.”

We welcome your thoughts and questions about this article. Please email the editors or submit a letter for publication.
Tags
Scholarship & Research
Share
  • Twitter
  • LinkedIn
  • Facebook
  • Email
mangan-katie.jpg
About the Author
Katherine Mangan
Katherine Mangan writes about community colleges, completion efforts, student success, and job training, as well as free speech and other topics in daily news. Follow her @KatherineMangan, or email her at katherine.mangan@chronicle.com.
ADVERTISEMENT
ADVERTISEMENT

More News

Illustration showing the logos of Instragram, X, and TikTok being watch by a large digital eyeball
Race against the clock
Could New Social-Media Screening Create a Student-Visa Bottleneck?
Mangan-Censorship-0610.jpg
Academic Freedom
‘A Banner Year for Censorship’: More States Are Restricting Classroom Discussions on Race and Gender
On the day of his retirement party, Bob Morse poses for a portrait in the Washington, D.C., offices of U.S. News and World Report in June 2025. Morse led the magazine's influential and controversial college rankings efforts since its inception in 1988. Michael Theis, The Chronicle.
List Legacy
‘U.S. News’ Rankings Guru, Soon to Retire, Reflects on the Role He’s Played in Higher Ed
Black and white photo of the Morrill Hall building on the University of Minnesota campus with red covering one side.
Finance & operations
U. of Minnesota Tries to Soften the Blow of Tuition Hikes, Budget Cuts With Faculty Benefits

From The Review

A stack of coins falling over. Motion blur. Falling economy concept. Isolated on white.
The Review | Opinion
Will We Get a More Moderate Endowment Tax?
By Phillip Levine
Photo illustration of a classical column built of paper, with colored wires overtaking it like vines of ivy
The Review | Essay
The Latest Awful Ed-Tech Buzzword: “Learnings”
By Kit Nicholls
William F. Buckley, Jr.
The Review | Interview
William F. Buckley Jr. and the Origins of the Battle Against ‘Woke’
By Evan Goldstein

Upcoming Events

07-16-Advising-InsideTrack - forum assets v1_Plain.png
The Evolving Work of College Advising
Plain_Acuity_DurableSkills_VF.png
Why Employers Value ‘Durable’ Skills
Lead With Insight
  • Explore Content
    • Latest News
    • Newsletters
    • Letters
    • Free Reports and Guides
    • Professional Development
    • Events
    • Chronicle Store
    • Chronicle Intelligence
    • Jobs in Higher Education
    • Post a Job
  • Know The Chronicle
    • About Us
    • Vision, Mission, Values
    • DEI at The Chronicle
    • Write for Us
    • Work at The Chronicle
    • Our Reporting Process
    • Advertise With Us
    • Brand Studio
    • Accessibility Statement
  • Account and Access
    • Manage Your Account
    • Manage Newsletters
    • Individual Subscriptions
    • Group and Institutional Access
    • Subscription & Account FAQ
  • Get Support
    • Contact Us
    • Reprints & Permissions
    • User Agreement
    • Terms and Conditions
    • Privacy Policy
    • California Privacy Policy
    • Do Not Sell My Personal Information
1255 23rd Street, N.W. Washington, D.C. 20037
© 2025 The Chronicle of Higher Education
The Chronicle of Higher Education is academe’s most trusted resource for independent journalism, career development, and forward-looking intelligence. Our readers lead, teach, learn, and innovate with insights from The Chronicle.
Follow Us
  • twitter
  • instagram
  • youtube
  • facebook
  • linkedin