Skip to content
ADVERTISEMENT
Sign In
  • Sections
    • News
    • Advice
    • The Review
  • Topics
    • Data
    • Diversity, Equity, & Inclusion
    • Finance & Operations
    • International
    • Leadership & Governance
    • Teaching & Learning
    • Scholarship & Research
    • Student Success
    • Technology
    • Transitions
    • The Workplace
  • Magazine
    • Current Issue
    • Special Issues
    • Podcast: College Matters from The Chronicle
  • Newsletters
  • Events
    • Virtual Events
    • Chronicle On-The-Road
    • Professional Development
  • Ask Chron
  • Store
    • Featured Products
    • Reports
    • Data
    • Collections
    • Back Issues
  • Jobs
    • Find a Job
    • Post a Job
    • Professional Development
    • Career Resources
    • Virtual Career Fair
  • More
  • Sections
    • News
    • Advice
    • The Review
  • Topics
    • Data
    • Diversity, Equity, & Inclusion
    • Finance & Operations
    • International
    • Leadership & Governance
    • Teaching & Learning
    • Scholarship & Research
    • Student Success
    • Technology
    • Transitions
    • The Workplace
  • Magazine
    • Current Issue
    • Special Issues
    • Podcast: College Matters from The Chronicle
  • Newsletters
  • Events
    • Virtual Events
    • Chronicle On-The-Road
    • Professional Development
  • Ask Chron
  • Store
    • Featured Products
    • Reports
    • Data
    • Collections
    • Back Issues
  • Jobs
    • Find a Job
    • Post a Job
    • Professional Development
    • Career Resources
    • Virtual Career Fair
    Upcoming Events:
    College Advising
    Serving Higher Ed
    Chronicle Festival 2025
Sign In
News

Chapel Hill Researcher Fights Demotion After Security Breach

By Katherine Mangan October 5, 2010
Bonnie C. Yankaskas of the U. of North Carolina School of Medicine says she is being made a scapegoat for the institution’s security flaws.
Bonnie C. Yankaskas of the U. of North Carolina School of Medicine says she is being made a scapegoat for the institution’s security flaws.

A prominent cancer researcher at the University of North Carolina at Chapel Hill is fighting the university’s decision to demote her and cut her pay in half after a security breach in a medical study she directs was discovered. The breach could have revealed medical records of of more than 100,000 women whose data were studied.

To continue reading for FREE, please sign in.

Sign In

Or subscribe now to read with unlimited access for as low as $10/month.

Don’t have an account? Sign up now.

A free account provides you access to a limited number of free articles each month, plus newsletters, job postings, salary data, and exclusive store discounts.

Sign Up

A prominent cancer researcher at the University of North Carolina at Chapel Hill is fighting the university’s decision to demote her and cut her pay in half after a security breach in a medical study she directs was discovered. The breach could have revealed medical records of of more than 100,000 women whose data were studied.

The researcher, Bonnie C. Yankaskas, an associate professor of radiology and adjunct professor of epidemiology, says the university is responsible for the security flaws, and she is being made a scapegoat. University officials have been pressuring her to resign, she said, but added, “This is my life’s work, and there’s too much to do. I’m not going anywhere.”

Ms. Yankaskas is the lead investigator in the Carolina Mammography Registry, a university project that is part of a nationwide consortium that collects and analyzes mammography results.

Last year, medical-school technology officials discovered that a hacker had infiltrated one of the project’s two computer servers, which contained personal data, including names, addresses, and birth dates, of about 180,000 women. About 114,000 of those files included the patients’ Social Security numbers. The break-in happened in 2007 but was only discovered after Ms. Yankaskas reported having trouble with her server in 2009.

University officials said there was no evidence that any information was removed from the servers, but they still sent letters to all of the women whose data might have been exposed. To comply with federal privacy rules, the university also notified the National Cancer Institute, which financed the project, law-enforcement officials, and local news outlets.

The incident “not only cost the university several hundreds of thousands of dollars but also damaged the university’s reputation as a research institution,” the provost, Bruce W. Carney, wrote in a letter to Ms. Yankaskas last year, informing her that the university planned to dismiss her.

She appealed that decision to a faculty-hearing committee, which concluded that firing wasn’t warranted but a lesser punishment might be.

In a letter dated July 21, 2010, the university’s chancellor, H. Holden Thorp, informed Ms. Yankaskas that she was being demoted from full to associate professor, but she would retain tenure. Her $178,000 salary was cut by 48 percent—to $93,000.

Ms. Yankaskas, who has a doctorate in epidemiology, has appealed the case to the university’s Board of Trustees, and she has vowed to file a lawsuit if that is unsuccessful. She says she is being unfairly blamed for systemic, universitywide security flaws that the university was aware of as early as 2006 but never informed her about.

“This whole thing could have been prevented, and they’re hanging it on me,” she said in an interview on Tuesday.

Science and Cybersecurity

Chancellor Thorp said on Tuesday that Ms. Yankaskas did not attend a 2006 meeting about security issues and that, as the mammography study’s principal investigator, or PI, she should be held accountable for the breach.

ADVERTISEMENT

“The PI is responsible for the security of data in studies like this,” he said.

Her lawyer, Raymond D. Cotton, counters that scientists can’t be expected to be cybersecurity experts.

“We have communications from the chancellor’s office and the medical-center technology office all noting potential and actual problems with the security of the computers, but no one notified her,” he said. “If they had done so, she would have fixed the problem in 2006.”

A few months after the computer breach was discovered last year, the university’s provost, Mr. Carney, sent Ms. Yankaskas a letter telling her the university intended to fire her for neglecting her responsibilities to safeguard the integrity of the data and for using data from University of North Carolina hospitals without permission. She says she did have permission to use that data.

ADVERTISEMENT

The provost also accused her of assigning server-security duties to an inexperienced staff member, who failed to install important patches and upgrades, and of not providing the staff member with the training needed. Ms. Yankaskas countered that the staff member, who has since left, had worked for the university’s technology office and that the employee never submitted a formal request for additional training.

“I had an employee who I trusted who told me things were OK,” she added. “I would have no way to get on the computer and tell if it was secure. Unless I assumed my employee was lying to me, I don’t know what I could have done.”

‘My Worst Nightmare’

Ms. Yankaskas appealed her firing to a faculty-hearings committee, which found in June that the problems resulted from systemwide security flaws, and not the actions of an individual researcher.

It said the case “revealed a weakness in the linkage between campus-security professionals who understand and monitor computer networks and the computer researchers who acquire and use confidential data.”

ADVERTISEMENT

The committee’s report described Ms. Yankaskas as a distinguished researcher whose mammography study has brought the university more than $12-million in grants from the National Institutes of Health and helped improve mammography practices across North Carolina. The committee concluded that she shouldn’t be fired, but that as principal investigator, she should be held accountable. The NIH has continued to support her.

Ms. Yankaskas said when she learned that the information had been accessed, “I literally fell apart. For 14 years, my worst nightmare was that somehow we’d break the trust of the women in the study. I had no inkling or idea or reason to believe that was the case.”

We welcome your thoughts and questions about this article. Please email the editors or submit a letter for publication.
Tags
Scholarship & Research
Share
  • Twitter
  • LinkedIn
  • Facebook
  • Email
mangan-katie.jpg
About the Author
Katherine Mangan
Katherine Mangan writes about community colleges, completion efforts, student success, and job training, as well as free speech and other topics in daily news. Follow her @KatherineMangan, or email her at katherine.mangan@chronicle.com.
ADVERTISEMENT
ADVERTISEMENT

More News

Joan Wong for The Chronicle
Productivity Measures
A 4/4 Teaching Load Becomes Law at Most of Wisconsin’s Public Universities
Illustration showing a letter from the South Carolina Secretary of State over a photo of the Bob Jones University campus.
Missing Files
Apparent Paperwork Error Threatens Bob Jones U.'s Legal Standing in South Carolina
Pro-Palestinian student protesters demonstrate outside Barnard College in New York on February 27, 2025, the morning after pro-Palestinian student protesters stormed a Barnard College building to protest the expulsion last month of two students who interrupted a university class on Israel. (Photo by TIMOTHY A. CLARY / AFP) (Photo by TIMOTHY A. CLARY/AFP via Getty Images)
Campus Activism
A College Vows to Stop Engaging With Some Student Activists to Settle a Lawsuit Brought by Jewish Students
LeeNIHGhosting-0709
Stuck in limbo
The Scientists Who Got Ghosted by the NIH

From The Review

Vector illustration of a suited man with a pair of scissors for a tie and an American flag button on his lapel.
The Review | Opinion
A Damaging Endowment Tax Crosses the Finish Line
By Phillip Levine
University of Virginia President Jim Ryan keeps his emotions in check during a news conference, Monday, Nov. 14, 2022 in Charlottesville. Va. Authorities say three people have been killed and two others were wounded in a shooting at the University of Virginia and a student is in custody. (AP Photo/Steve Helber)
The Review | Opinion
Jim Ryan’s Resignation Is a Warning
By Robert Zaretsky
Photo-based illustration depicting a close-up image of a mouth of a young woman with the letter A over the lips and grades in the background
The Review | Opinion
When Students Want You to Change Their Grades
By James K. Beggan

Upcoming Events

07-31-Turbulent-Workday_assets v2_Plain.png
Keeping Your Institution Moving Forward in Turbulent Times
Ascendium_Housing_Plain.png
What It Really Takes to Serve Students’ Basic Needs: Housing
Lead With Insight
  • Explore Content
    • Latest News
    • Newsletters
    • Letters
    • Free Reports and Guides
    • Professional Development
    • Events
    • Chronicle Store
    • Chronicle Intelligence
    • Jobs in Higher Education
    • Post a Job
  • Know The Chronicle
    • About Us
    • Vision, Mission, Values
    • DEI at The Chronicle
    • Write for Us
    • Work at The Chronicle
    • Our Reporting Process
    • Advertise With Us
    • Brand Studio
    • Accessibility Statement
  • Account and Access
    • Manage Your Account
    • Manage Newsletters
    • Individual Subscriptions
    • Group and Institutional Access
    • Subscription & Account FAQ
  • Get Support
    • Contact Us
    • Reprints & Permissions
    • User Agreement
    • Terms and Conditions
    • Privacy Policy
    • California Privacy Policy
    • Do Not Sell My Personal Information
1255 23rd Street, N.W. Washington, D.C. 20037
© 2025 The Chronicle of Higher Education
The Chronicle of Higher Education is academe’s most trusted resource for independent journalism, career development, and forward-looking intelligence. Our readers lead, teach, learn, and innovate with insights from The Chronicle.
Follow Us
  • twitter
  • instagram
  • youtube
  • facebook
  • linkedin