A notice to our patients
July 14, 2022
Washington University School of Medicine is committed to protecting the confidentiality and security of our patients’ information. Regrettably, we recently identified a security incident that may have involved some of that information.
Upon identifying suspicious activity within our computer network, we immediately initiated our incident response protocols, which included isolating potentially impacted devices and shutting off select systems. We also began an investigation with the assistance of a computer forensic firm. The investigation determined that an unauthorized person gained access to our network between April 27 and April 29, 2022 and, during that time, accessed some of the documents on our system. On May 23, 2022, we learned that some of those documents contained patient information. We initiated a review of the documents involved to determine what information may have been accessible to the unauthorized person. This review is currently ongoing. However, at this time, we’ve identified documents containing patient names, dates of birth, medical record or patient account numbers, and/or clinical information, such as dates of service, locations of service, provider names, or diagnoses. In some instances, health insurance information and/or Social Security numbers have also been identified in the documents.
This incident did not affect all School of Medicine patients, but only those whose information was included in the affected documents.
As a precaution, we are mailing notification letters to individuals whose information has been identified thus far. Once our review is complete, we will mail notification letters to additional individuals whose information is found in the documents and for whom we have sufficient contact information to mail a letter.
We have also established a dedicated, toll-free call center to answer questions that individuals may have about the incident. If you have questions, please call event is (855) 516-3862, available Monday through Friday, from 8:00 a.m. to 5:30 p.m. Central Time. For those whose Social Security numbers are included in the documents, we are offering complimentary credit monitoring and identity protection services. We recommend that affected individuals review statements they receive from their health insurers or healthcare providers. If they see charges for services they did not receive, they should contact the insurer or provider immediately.
We regret any concern or inconvenience this incident may cause. We remain committed to protecting the confidentiality and security of our patients’ information. To help prevent something like this from happening in the future, we have enhanced our existing network monitoring capabilities and will continue to regularly audit our systems for any unauthorized activity.