Washington University School of Medicine in St. Louis has reported yet another data security incident — what appears to be the fourth one in five years.
Washington University School of Medicine is notifying an as-yet revealed number of patients and research participants whose personal and protected health information was in employee email accounts that were compromised.
The School of Medicine investigation determined that the breach began on March 4, 2022, and that the affected email accounts contained information such as
names, dates of birth, addresses, medical record or patient account number, and clinical information, such as diagnoses, provider names, and/or dates of service. In some instances, health insurance information and/or Social Security numbers have also been identified in the accounts.
Of note, the investigation was unable to determine whether the unauthorized individual had actually viewed any of the emails or attachments. Therefore, the School of Medicine is notifying everyone possibly affected.
You can read their press release at their website. This incident has not yet shown up on HHS’s public breach tool, but if more than 500 people are potentially affected, we should see it.
Past Incidents
Past incidents, some of which were previously reported on this site, include:
- an email hacking attack that potentially affected oncology patients — March 2020
- a breach involving the Department of Ophthalmology and Visual Sciences – November 2019
- a phishing attack — March 2017; and
- a stolen laptop — January, 2013
Note that as in the current incident, in the March 2020 email incident, the School of Medicine reported that their investigation was unable to determine whether the unauthorized person viewed any of the employee’s emails or attachments.