Quotable ..... “Repetition is the mother of learning, the father of action, which makes it the architect of accomplishment.” -- Zig Ziglar

This month we begin a deeper dive into each specific category from 2021 with a focus on Information Technology. IT risks are vitally important to manage and will not ever simply go away, so they require special vigilance. We always like to look back, even just one year prior, to what we are reviewing, and when we did, we noticed something familiar in the IT category.

Top 3 types of stories in the IT category 2020:

1. Data Breaches
2. Cyberattacks
3. Privacy Issues

Top 3 types of stories in the IT category for 2021:

1. Data Breaches
2. Cyberattacks
3. Privacy Issues

Since we think we gave some fairly good advice last year on managing this risk, we again present our suggestions for avoiding the headline.

We invite you to review the stories across higher education from the prior month with a view toward proactively managing them and avoiding the headlines. As always, we welcome your comments and suggestions.

M. Kevin Robinson, CIA, CFE
Associate Vice President
Office of Audit, Compliance & Privacy
Follow us on Twitter

Information Security & Technology Events

Feb 22: HIPAA Breach: Michigan Medicine proactively monitors access to patients' electronic medical records for potential inappropriate accesses. From these proactive efforts, on 1/27/2022 Michigan Medicine found that a newly-hired employee accessed patient medical records without a business need. All inappropriate accesses by this individual occurred between 12/1/2021 and 1/25/2022. The individual is part of and has close ties with the local Korean community and accessed records of patients that he knows from this local network. Patients involved in this HIPAA breach were notified via U.S. mail. (link)

Feb 12: Location Monitoring: George Washington University interim president Mark S. Wrighton apologized Friday to the campus community for the university's failure to inform it in advance of a data analytics pilot program that monitored locations -- though not individualized data --of students, faculty and staff last fall. The project, Wrighton wrote in his letter to the campus community, was a combined effort of the school's IT, student affairs, and safety and facilities divisions that used data collected from Cisco WiFi points across GWU's campuses "to determine density and use of buildings by students, faculty, and staff in the aggregate in order to assess how this could help inform the Safety and Facilities team's operational priorities." (link)

Feb 09: Ransomware: Ohlone College was hacked in late January and the private information of some current and former students, staff and faculty was compromised, including Social Security and bank account numbers, according to school officials. The community college said in a Feb. 4 notice on its website and letters sent to students it had determined "that certain information on the network was accessed by an outside party" through a hacking incident on Jan. 20. (link)

Feb 01: Mistaken Scholarship Message: Oakland University accidentally sent emails to 5,500 of its admitted students Jan. 4 notifying them they were to receive the school's highest scholarship, the Platinum Presidential Scholar Award. The award is worth $12,000 a year for four years of undergraduate school. The mistake was due to "human error," university spokesman Brian Bierley said in a statement. "Unfortunately, the students who received the message do not meet the eligibility requirements for this award, but have qualified for varying levels of OU scholarship awards," Bierley said. "While the emails were sent in error, OU notifies students of scholarship awards through official scholarship award letters sent to students via United States mail." (link)

Fraud & Ethics Related Events

Feb 19: Occupational Fraud: A former employee has admitted to stealing nearly $50,000 from Miami University using funds he collected as parking operation supervisor, according to the Butler County Prosecutor's Office. The employee was able to steal using two methods, according to prosecutors. He was given access to card readers, which are digital devices that are used to accept or refund parking payments. He also had access to parking payment kiosks/machines. (link)

Feb 14: Ethics/Due Diligence: A KING 5 investigation found that the largest medical school in the Northwest unwittingly helped supply donated human bodies to a former Seattle man who is now facing criminal charges for abandonment or concealment of a dead body. FutureGenex explained to donors that the company sold their bodies, or parts of them, for use at medical seminars, private educational facilities, and medical device manufacturing firms. KING 5's investigation found that the FutureGenex owner worked himself into a position where his company would be next in line to receive donated bodies that were rejected by the prestigious University of Washington School of Medicine. (link)

Feb 14: Fraud: A former University of Wisconsin-Milwaukee professor has agreed to plead guilty to federal crimes related to a years-long scheme to defraud Chinese graduate students and visiting scholars. According to a plea agreement filed Friday in federal court, in 2016 the professor created UW International Education Foundation LLC, and in 2017 changed its name to Wisconsin International Education LLC. He made promises to foreign students accepted into graduate programs at UWM that his organizations could help them meet various expenses. (link)

Feb 09: Occupational Fraud: The former director of emergency management at the University of Pittsburgh pleaded guilty Wednesday to stealing more than 13,000 pieces of personal protective equipment from the school's stockpile at the beginning of the covid-19 pandemic to sell at inflated prices online. The FBI said the employee netted $18,783.50 from the online PPE sales from Feb. 27, 2020, through March 22, 2020. (link)

Feb 07: Occupational Fraud: The head of security at Florida State University's Strozier Library was arrested last week and charged with stealing nearly 5,000 rare comic books from a collection worth a half-million dollars. The employee, who had one of only four keys to access the Robert M. Ervin Jr. Collection that consists of comics and serials on superheroes, science fiction, fantasy and horror, sold the stolen property to private buyers and comic book stores for two years, police say. He is charged with grand theft of more than $100,000, fraud, dealing in stolen property and sale of stolen property using the internet, according to court records. (link)

Feb 02: Financial Aid Fraud: A former Richmond community college director has been charged with stealing student financial aid funds during her more-than-ten year tenure in the position at the school. An indictment alleges that during six years of her employment, from 2011 to 2017, the director falsely procured financial aid for co-conspirators, including her son, ex-fiancé, goddaughter and cousin. (link)

Compliance/Regulatory & Legal Events

Feb 23: China Initiative: The Justice Department said Wednesday that it is scrapping its China Initiative, a program that it launched under the Trump administration to counter Beijing's theft of American intellectual property but increasingly came under criticism from civil rights groups that say it created a climate of fear among Asian Americans. The decision to end the program comes after a months-long review ordered by the new head of the National Security Division, Assistant Attorney General Matthew Olsen. The department announced the China Initiative in 2018 to combat what officials said at the time -- and still say -- is the Chinese government's relentless campaign to steal U.S. secrets, technology and cutting-edge research. (link)

Feb 22: NCAA Compliance: The Big Ten Conference suspended the University of Michigan's men's head basketball coach for five games and fined him $40,000 for hitting an assistant coach from the University of Wisconsin. The Michigan coach slapped the Wisconsin coach after Michigan lost to Wisconsin Sunday. The initial hit set off a melee among players, and the conference suspended three players for fighting as well. The suspension means the coach will miss the rest of the regular season, but he could be allowed to return for the conference tournament and the NCAA tournament if Michigan qualifies. (link)

Feb 18: Wrongful Termination Lawsuit: A former associate professor at Georgia Military College who suffers from chronic illnesses is suing the school for wrongful termination, claiming he was fired early last year after refusing to return to in-person teaching when the school relaxed its coronavirus protocols. Joshua Fields taught biology primarily at the college's Augusta campus from 2013 until his dismissal last February. Fields, 42, suffers from what the lawsuit describes as "serious medical conditions," including Crohn's disease and kidney failure, which "compromise his immune system" and "place him at higher risk for serious illness ... were he to contract COVID-19." (link)

Feb 18: Soliciting Prostitution: The vice president of student life at the University of Alabama has resigned from his post after being arrested on a charge of soliciting prostitution, according to the school and police. No officers employed by the university were involved in Pope's arrest. UA President Stuart Bell announced Friday that the VP stepped down. (link)

Feb 18: Sexual Harassment: In an email sent to students, faculty and staff of the Harrison School of Pharmacy, Provost Bill Hardgrave announced that the dean of the college of pharmacy resigned from his position. Yesterday, the Plainsman reported that the dean had sexually harassed a student last spring, though details of the corrective action implemented by Title IX were unknown even to the victim. (link)

Feb 16: Antitrust Lawsuit: An amended complaint in the 568 Presidents Group lawsuit directly accused Yale of practicing need-conscious admissions, thus violating antitrust law in its collaboration with other schools to determine financial aid formulas. On Jan. 9, five alumni sued the 568 Presidents Group -- 17 elite universities who collaborate in devising financial aid formulas -- on the grounds that they breached section 568 of the 1994 Improving America's Schools Act, which states that such a collaboration can only exist if all members of the group do not consider financial need in their admissions process. (link)

Feb 10: Free Speech Settlement: Haskell Indian Nations University has settled a lawsuit filed after a former university president sought to dictate what student journalists could report and write. Nally sued school official s in October 2020 when the university's then-president, Ronald Graham, sent him a directive telling him not to contact any government agency for information while representing the newspaper or "attack" any student, faculty member or staff in copy. Nally was editor of the student newspaper, The Indian Leader, at the time. (link)

Feb 09: Sexual Abuse Lawsuit Settlement: The University of California system has reached a $243.6 million settlement with more than two hundred people who allege they were sexually abused by a former UCLA obstetrician-gynecologist, according to a statement Tuesday from university officials and the plaintiffs' attorneys. The doctor worked part-time as a gynecologist at the UCLA student health center from about 1983 to 2010 and was hired by UCLA Health in 2014. He was arrested in June 2019 and charged with sexual battery of two former patients in 2017 and 2018. He pleaded not guilty and is awaiting trial on the criminal charges. (link)

Feb 09: Sexual Harassment Lawsuit: Three Harvard University graduate students said in a federal lawsuit filed Tuesday that the Ivy League school for years ignored complaints about sexual harassment by a renowned professor and allowed him to intimidate students by threatening to hinder their careers. All three plaintiffs lodged complaints with Harvard's Office for Dispute Resolution in July 2020 alleging that the school was in violation of Title IX, the federal law that bars gender discrimination in education. (link)

Feb 08: Mental Health Lawsuit: A civil trial in the case of a former University of Pennsylvania student who died by suicide after the campus failed, her parents say, to adequately respond to her pleas for help started Tuesday in Philadelphia. Ao "Olivia" Kong, a Central High School graduate, was a 21-year-old student at Wharton when she went to the SEPTA station at 40th and Market Streets on an early April morning in 2016 to end her life. (link)

Feb 08: Cheating Lawsuit Settlement: Virginia Tech student who flunked an engineering class for cheating has settled a lawsuit that contested the university honor system's handling of his case. The unidentified student had sought a preliminary injunction from a federal judge that would have overturned his "F" and removed a finding of academic misconduct from his record. In a lawsuit filed last year, the student argued that that he was the victim of unclear policies regarding the use of online sources for a class taught by Zoom during the midst of the COVID-19 pandemic. (link)

Feb 07: Title IX Lawsuit: Seventeen current or former female athletes at San Diego State filed a federal class action lawsuit Monday alleging the university violated Title IX gender equity requirements by not providing women's sports with enough scholarship money. Eleven of the 17 were on the women's rowing team that SDSU eliminated last spring for different Title IX reasons. The 29-page complaint filed in U.S. District Court says SDSU has failed to equitably fund athletic scholarships for women "for more than a decade" and cites a $1.2 million shortfall over the previous two academic years. (link)

Feb 06: Mishandling Sexual Misconduct: A newly disclosed, long-secret memo reveals how Mary Papazian received a dire warning in 2016 when she arrived at San Jose State University to begin her tenure as president: "there was inappropriate handling, touching of female athletes by the director of sports medicine, who is still here!" Despite the disturbing message from her predecessor, Papazian took no direct action for another three years to root out a trainer's sexual abuse of more than a dozen female athletes in an explosive scandal that would ultimately lead to her downfall last year. (link)

Feb 04: Mishandling Sexual Misconduct: In his final weeks as president of Fresno State, California State University Chancellor Joseph I. Castro quietly authorized a $260,000 payout and a retirement package with a glowing letter of recommendation for a campus vice president after an investigation found "credible evidence" that the administrator engaged in sexual misconduct against an employee, according to public documents and university officials. The Cal State faculty union and state Sen. Connie Leyva (D-Chino), who chairs California's Senate Education Committee, have called on the Board of Trustees to investigate Castro's handling of the misconduct claims and earlier knowledge of workplace harassment while he served at Fresno State. (link)

Feb 02: Arbitration Order: The University of Connecticut said Tuesday it has complied with a recent arbitration ruling and has paid former men's basketball coach Kevin Ollie more than $11.1 million. Arbitrator Mark Irvings ruled last month that Ollie had been fired improperly under the school's agreement with the American Association of University Professors, of which Ollie was a member. He noted the school had past NCAA violations in the men's and women's programs without going as far as firing the coaches. (link)

Feb 01: Sexual Assault Lawsuit: Eight women who were allegedly sexually assaulted by a former professor at the University of Michigan have filed a lawsuit in Washtenaw County Circuit Court against the university and the professor. The lawsuit alleges the university failed to protect its students from who the women call a predatory professor. Katherine McMahan and Issabelle Brourman spoke publicly Monday morning about how they say the professor sexually harassed, abused and assaulted them. (link)

Feb 01: Free Speech Lawsuit: A Chicago law professor who was suspended and forced to undergo diversity training after using redacted racist and sexist slurs in a test question about a hypothetical instance of discrimination in the workplace has filed a First Amendment suit against his employer. Jason Kilborn, a law professor at the University of Illinois Chicago, filed the suit Thursday in partnership with the Foundation for Individual Rights in Education (FIRE), claiming the punishment doled out by the institution last year was unconstitutional. (link)

Campus Life & Safety Events

Feb 24: Stabbing: Chester County police have arrested a Philadelphia woman and charged her with stabbing three Lincoln University students ― one fatally ― during a dorm room brawl last week. The deadly violence erupted inside the Thurgood Marshall Living Learning Center at around 9:30 p.m. During the fight, one person wielding a knife attacked three students, resulting in the death Jawine Evans, 21, of Philadelphia, who was stabbed in the neck and pronounced dead at the scene. (link)

Feb 23: Explosion: Brigham Young University police say that an individual in a residence hall, who they refer to as "Rocket Man," conducted an experiment on Sunday afternoon which caused extensive damage and caused 22 students to temporarily relocate from their living space. According to the Brigham Young University Police Department, "Rocket Man" was conducting "experiments" in the kitchen, which involved making "homemade rocket fuel," causing an explosion. The explosion caused the fire sprinkler system to go off, and 22 students near the room were relocated due to damage caused by the sprinkler system. (link)

Feb 23: Campus Threat: Iowa State University officials on Wednesday said two students have been arrested in connection with social media posts that warned people to avoid campus buildings. ISU said university police received a report Monday of a post on YikYak that contained a warning to "not come to Carver tomorrow at 4:30 p.m." ISU said a second anonymous post was made hours later with a warning to avoid Parks Library. University officials said there is no known connection between the two students and the posts were made separately. (link)

Feb 22: Kidnapping/Robbery: Two people were kidnapped at gunpoint early Sunday morning on the campus of Wofford College and forced to go to an ATM to get cash. Spartanburg Police said the two victims, a Wofford student and the student's friend, were in a car on campus just after midnight when two people approached them, pulled out a gun, and told them to get in the back of the car. The case is being investigated by the Wofford College Campus Safety and the Spartanburg Police Department. (link)

Feb 22: Sexual Assault: A Florence man is accused of a dorm room sex assault on the UNA campus. The man, 19, is charged with half a dozen crimes, including sexual abuse, domestic violence strangulation, unlawful imprisonment, furnishing alcohol to minors, interference with a domestic violence 911 call, and being a minor in possession of alcohol. All of them involve a woman he knew inside her room at Mattielou Hall on the UNA campus. (link)

Feb 16: Voyeurism: A student at the University of British Columbia's Okanagan (UBCO) campus has admitted he filmed a fellow student in a campus bathroom, pleading guilty to a criminal charge the victim believes was almost never laid because of the RCMP's initial response to the case. CBC News first reported on the case last year, detailing the victim's experience with the RCMP. (link)

Feb 11: Campus Police: A Purdue University police officer received death threats and is on leave until further notice, the university said, after he was caught on video using his elbow to pin a Black student to the ground by the neck as the student yelled "You're choking me." The student, 24-year-old Adonis Tuggle, told The Associated Press on Thursday that the officer also punched him and pressed his face into the snowy ground during the Feb. 4 arrest on the school's campus in West Lafayette, Indiana. (link)

Feb 11: Cultural Issues: Asian students at the University of Toronto are calling for their administrators to take action after staff distributed "hell money" in traditional Lunar New Year envelopes last week. The bank notes, also known as joss paper or incense paper, were given to students at a graduate student residence in place of cash normally given as gifts during the season. The notes are meant to be used in specific ceremonies around someone's death, but when sent to the living, they can imply ill will and are highly offensive. (link)

Feb 08: Hate Crime Hoax: A college student at Southern Illinois University Edwardsville (SIUE) is facing criminal charges after a hate crime hoax targeted two white students before it unraveled, according to reports. The student, a 19-year-old black female, claimed the now debunked hate crime occurred in her dorm last month. Further exacerbating the charade was that two white students were initially accused of the crime. However, after extensive investigative resources were deployed, investigators concluded it was the accuser who purported the false allegations, the Post Millennial reported. (link)

Feb 08: Hazing: On Feb. 7, West Virginia University's Delta Chi fraternity was suspended after a hazing incident in violation of the Student Conduct Code was reported. The interim suspension prevents Delta Chi from "all recruitment activities, as well as participating, organizing or attending social functions, among other restrictions." During the investigation and review process, Delta Chi will remain suspended. (link)

Feb 08: Racial Issues: The Virginia Military Institute says it will change its student-run honor court to make it more fair to cadets as part of a response to a state-ordered investigation into racism and sexism at the school. Data obtained by the newspaper showed Black students at VMI were expelled by the honor court at a disproportionately high rate for the three academic years between the fall of 2017 and the spring of 2020. Though Black cadets made up about 6% of the student body, they represented about 43% of those expelled for honor code violations. (link)

Feb 02: Free Speech: As the Board of Regents this week debuts new free speech training to students, faculty and staff across its public universities, a Des Moines-area attorney is saying they have "a lot of work to do," given how University of Iowa faculty members reacted to a student expressing his views on "homosexual conduct." Ostergren told The Gazette on Wednesday that his client -- UI graduate student Jacob Johnson -- brought a formal complaint before the university in November, accusing three faculty members of violating his due process, free speech and academic freedom rights as outlined in UI policy. (link)

Feb 04: Campus Threat: An Eckerd College student who was arrested on campus Thursday was accused of threatening to shoot up the school, authorities said. Campus security located the student in his dorm room and held him there until police officers arrived. Police said he ingested pills and had to be hospitalized. Once he was medically cleared, he was Baker Acted and booked into the Pinellas County Jail, the report said. (link)

Feb 02: Greek Life: The University of Utah has suspended all fraternity and sorority activities after a second student came forward to report a sexual assault at a Greek Row house -- and more have posted anonymously online about their experiences. The second student submitted a report to the school this week, which stated that they were assaulted in December. No social activities will be permitted for the next two weeks. And the leaders of each fraternity and sorority will now be required to meet with university leaders to discuss the reported assaults, "the culture in their organizations" and how they will improve safety and accountability moving forward. (link)

Feb 02: Campus Threat: A former UCLA lecturer is in custody for allegedly making threats toward the university after emails with a link to an 800-page manifesto containing "very alarming" accounts of violence led investigators to Boulder, Colorado, according to authorities. UCLA moved classes on Tuesday as word of the threats emerged and will return to in-person classes Wednesday, according to a memo sent to students. (link)

Feb 02: Shooting Death: Two campus officers were shot and killed Tuesday during an active shooter situation at Bridgewater College in Virginia, according to college spokesperson Logan Bogert. "I can confirm that a campus police officer and a campus safety officer died from gunshot wounds today," Bogert told CNN's Josh Campbell. The incident began when campus police officers responded to a call of a suspicious man on the grounds near Memorial Hall at about 1:20 p.m., according to Geller. When Jefferson and Painter arrived, they had a brief interaction with the suspect, who then shot them both and ran away. (link)

Feb 01: Vandalism: Curry College officials held meetings with concerned students Tuesday as police investigated a rash of hate speech and antisemitic graffiti discovered on the Milton campus in recent days, the college said. Milton Police Deputy Chief James O'Neil confirmed that the department is probing five separate cases of vandalism on the campus, the latest example of hate speech against Jews found at local colleges across Massachusetts. (link)

Feb 01: Campus Threats: New bomb threats targeted multiple historically Black colleges and universities (HBCUs) on Tuesday, with Howard University, Edward Waters University and Morgan State University saying they received threats of violence. Bomb threats were made against at least six HBCUs on Monday, forcing officials to order lockdowns and cancel classes. By early afternoon, many of them issued all-clear notices. (link)

Feb 01: Unsafe Campus Buildings: As of Friday, Jan. 28, FSU has closed off both the Williams and Sandels buildings for "environmental review," following reports of black mold in both buildings and radon in Sandels. This decision comes after four professors in the College of Health and Human Sciences published a 129-page report regarding information they had gathered about the situation in the Sandels building, as first reported by Florida Politics. The report details years worth of complaints regarding poor air quality and a cluster of cancer cases in people who worked in the Sandels building. Reports of "black particles" coming from vents go as far back as 2001. (link)

If you have any suggestions, questions or feedback, please e-mail Kevin Robinson at robinmk@auburn.edu or Robert Gottesman at gotterw@auburn.edu. We hope you find this information useful and would appreciate hearing your thoughts. Feel free to forward this email to your direct reports, colleagues, employees or others who might find it of value. Back issues of this newsletter are available on our web site.

Back to top

---

© Redistribution of this newsletter, with or without modification, is permitted provided Auburn University Office of Audit, Compliance & Privacy is listed as the source.