Notice of data security incident
December 15, 2023
Washington University School of Medicine (WUSM) takes the privacy and security of the information in our possession very seriously. On December 15, 2023, we began sending notification letters to patients notifying them of a security incident involving some of their information.
WUSM recently identified unauthorized activity within WUSM email accounts. We immediately secured the email accounts as soon as the unauthorized activity was identified, and conducted a thorough investigation with the assistance of a cybersecurity firm. The investigation determined that each of the impacted email accounts were subject to unauthorized access for less than a day, occurring between September 21 and October 25, 2023. During that time, the unauthorized person viewed a limited number of emails.
Between October 18 and November 2, 2023, we determined that the viewed emails contained patient information, including patient names and one or more of the following elements: patients’ contact information, medical record numbers, and information related to diagnosis and/or treatment.
This incident impacted very few WUSM patients.
We take this very seriously and regret any concern this incident may cause. As a precaution, it is always a good idea for patients to review statements they receive from their healthcare provider. If they identify charges for services they did not receive, they should contact their provider immediately.
To help prevent something like this from happening again, we have increased the complexity of our authentication process for our email environment. If patients have questions, they should call us at 1-866-944-5454 available Monday through Friday, 8 a.m. to 5 p.m. Central Time, excluding major U.S. holidays.