Washington University School of Medicine
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Washington University School of Medicine Data Breach
Washington University School of Medicine (WUSM) in St. Louis has experienced multiple data breaches affecting patients and research participants. The breaches involved unauthorized access to employee email accounts and potentially exposed personal health information.
March 2022 Breach
In March 2022, WUSM identified suspicious activity within its computer network. An unauthorized person gained access to certain employee email accounts between March 4 and March 28, 2022. The investigation could not determine whether the unauthorized individual viewed any emails or attachments. However, the compromised accounts contained patient and research participant information, including names, dates of birth, addresses, medical records, patient account numbers, and clinical information. In some cases, health insurance information and Social Security numbers were also identified[1][22].
December 2023 Breach
On December 15, 2023, WUSM began sending notification letters to patients about a security incident involving some of their information. Unauthorized activity was identified within WUSM email accounts, and the accounts were secured immediately upon discovery. The investigation revealed that the impacted email accounts were accessed for less than a day between September 21 and October 25, 2023. A limited number of emails were viewed, containing patient names, contact information, medical record numbers, and information related to diagnosis and/or treatment[4][19].
Response and Recommendations
WUSM has taken steps to secure the affected accounts and engaged a computer forensic firm to assist with the investigations. The institution has begun mailing letters to individuals whose information was identified in the affected email accounts. For those whose Social Security numbers were included, WUSM is offering complimentary credit monitoring and identity protection services. The School of Medicine has also reinforced education with its staff on identifying and avoiding suspicious emails and made additional security enhancements to its email environment[1][4].
Affected individuals are advised to review statements from health insurers or healthcare providers and report any charges for services not received. WUSM has established dedicated call centers to answer questions about the incidents[1][4].
Preventive Measures
Organizations are encouraged to implement appropriate technical and organizational measures to prevent data breaches. This includes limiting access to data, using third-party services judiciously, having a breach response plan, and providing comprehensive cybersecurity training to all employees[20][21].
Impact of Data Breaches
Data breaches can have severe consequences, including financial losses, reputational damage, operational disruptions, and legal penalties. They can also lead to a loss of trust among customers and patients, potentially driving them to seek services elsewhere[17][18][21][23][24].
Citations:
- https://medicine.wustl.edu/news/washington-university-school-of-medicine-notifies-patients-participants-of-privacy-incident/
- https://www.ibm.com/topics/data-breach
- https://hbr.org/2023/05/the-devastating-business-impacts-of-a-cyber-breach
- https://medicine.wustl.edu/news/announcements/notice-of-data-security-incident/
- https://www.trendmicro.com/vinfo/us/security/definition/data-breach
- https://www.cloudmask.com/blog/data-breaches-threats-and-consequences
- https://medicine.wustl.edu/news/washington-university-school-of-medicine-notifies-patients-of-privacy-breach/
- https://usa.kaspersky.com/resource-center/definitions/data-breach
- https://www.nedigital.com/en/blog/data-breach-consequences
- https://medicine.wustl.edu/news/washington-university-school-of-medicine-notifies-patients-of-privacy-incident/
- https://www.fortinet.com/resources/cyberglossary/data-breach
- https://www.fisglobal.com/en/insights/merchant-solutions-worldpay/article/how-the-consequences-of-a-data-breach-threaten-small-businesses
- https://www.databreaches.net/mo-washington-university-school-of-medicine-notifying-patients-and-research-participants-of-data-security-incident/
- https://www.ftc.gov/business-guidance/resources/data-breach-response-guide-business
- https://www.theamegroup.com/security-breach/
- https://www.hipaajournal.com/email-incidents-reported-by-washington-university-school-of-medicine-oswego-county-opportunities/
- https://www.forbes.com/advisor/business/what-is-data-breach/
- https://bigid.com/blog/the-costly-impact-of-a-data-breach-on-individuals/
- https://seculore.com/state/missouri/12-15-2023-mo-washington-university-school-of-medicine/
- https://commission.europa.eu/law/law-topic/data-protection/reform/rules-business-and-organisations/obligations/what-data-breach-and-what-do-we-have-do-case-data-breach_en
- https://riskxchange.co/349/5-ways-data-breaches-affect-organisations/
- https://www.beckershospitalreview.com/cybersecurity/washington-university-school-of-medicine-notifies-patients-of-data-breach-2.html
- https://www.cloudflare.com/learning/security/what-is-a-data-breach/
- https://thrivedx.com/resources/article/4-damaging-data-breach-effects