Washington University School of Medicine hit by phishing attack: 5 things to know

Washington University School of Medicine in St. Louis notified patients on March 24 about a phishing incident that may have compromised patient names, birth dates, medical diagnoses and some Social Security numbers.

Here are five things to know.

1. On Dec. 2, 2016, some of the medical school's employees responded to a phishing email, which may have provided access to employee email accounts. The medical school launched an investigation upon learning about the incident on Jan. 24.

2. Although an unauthorized third party may have gained access to employees' email accounts, some of which contained patient information, the medical school stressed there is no indication information in the emails has been misused.

"The investigation has provided some evidence that the person was using the email accounts for spam email but, beyond that preliminary evidence, we do not have any indication as to what the person was doing," Washington University School of Medicine told Becker's Hospital Review via email. "We have no evidence that the person took any information contained in the email accounts. We have notified individuals out of an abundance of caution."

3. Since the investigation is ongoing, the medical school does not have a final count on the number of patients who were affected, Washington University School of Medicine told Becker's Hospital Review.

4. Washington University School of Medicine has since established a call center to answer patient questions and, for the subset of patients who had Social Security numbers compromised, the medical school has offered one year of free credit monitoring.

5. The medical school is reinforcing staff and faculty education about phishing emails. It is also working to strengthen its user login authentication process.

More articles on health IT:
4 questions with Rush CIO Dr. Shafiq Rab
9 types of malware that should be on a hospital's radar
AMA-led letter asks Seema Verma to establish 'administrative burden' exemption for 2016 Meaningful Use

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months