Washington University School of Medicine in St. Louis notified patients on March 24 about a phishing incident that may have compromised patient names, birth dates, medical diagnoses and some Social Security numbers.
Here are five things to know.
1. On Dec. 2, 2016, some of the medical school's employees responded to a phishing email, which may have provided access to employee email accounts. The medical school launched an investigation upon learning about the incident on Jan. 24.
2. Although an unauthorized third party may have gained access to employees' email accounts, some of which contained patient information, the medical school stressed there is no indication information in the emails has been misused.
"The investigation has provided some evidence that the person was using the email accounts for spam email but, beyond that preliminary evidence, we do not have any indication as to what the person was doing," Washington University School of Medicine told Becker's Hospital Review via email. "We have no evidence that the person took any information contained in the email accounts. We have notified individuals out of an abundance of caution."
3. Since the investigation is ongoing, the medical school does not have a final count on the number of patients who were affected, Washington University School of Medicine told Becker's Hospital Review.
4. Washington University School of Medicine has since established a call center to answer patient questions and, for the subset of patients who had Social Security numbers compromised, the medical school has offered one year of free credit monitoring.
5. The medical school is reinforcing staff and faculty education about phishing emails. It is also working to strengthen its user login authentication process.